Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 40 of 109

CVE-2023-1216HIGHCVSS 8.8fixed in chromium 111.0.5563.64-1 (bookworm)2023

CVE-2023-1216 [HIGH] CVE-2023-1216: chromium - Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a rem... Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) f

debian

CVE-2023-0933HIGHCVSS 8.8fixed in chromium 110.0.5481.177-1 (bookworm)2023

CVE-2023-0933 [HIGH] CVE-2023-0933: chromium - Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remot... Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 110.0.5481.177-1) bullseye: resolved (fixed in 110.0.5481.177-1~deb11u1) forky: resolved (fixed in 110.0.5481.177-1) sid: resolved (fixe

debian

CVE-2023-1534HIGHCVSS 8.8fixed in chromium 111.0.5563.110-1 (bookworm)2023

CVE-2023-1534 [HIGH] CVE-2023-1534: chromium - Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a r... Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.110-1) bullseye: resolved (fixed in 111.0.5563.110-1~deb11u1) forky: resolved (fi

debian

CVE-2023-3079HIGHCVSS 8.8KEVfixed in chromium 114.0.5735.106-1~deb12u1 (bookworm)2023

CVE-2023-3079 [HIGH] CVE-2023-3079: chromium - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote a... Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.106-1~deb12u1) bullseye: resolved (fixed in 114.0.5735.106-1~deb11u1) forky: resolved (fixed in 114.0.5735.106-1) sid: resolved (

debian

CVE-2023-0928HIGHCVSS 8.8fixed in chromium 110.0.5481.177-1 (bookworm)2023

CVE-2023-0928 [HIGH] CVE-2023-0928: chromium - Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a... Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 110.0.5481.177-1) bullseye: resolved (fixed in 110.0.5481.177-1~deb11u1) forky: resolved (fixed in 110.0.5481.177-1) sid: resolved

debian

CVE-2023-2460HIGHCVSS 7.1fixed in chromium 113.0.5672.63-1 (bookworm)2023

CVE-2023-2460 [HIGH] CVE-2023-2460: chromium - Insufficient validation of untrusted input in Extensions in Google Chrome prior ... Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.5672.63-1~deb

debian

CVE-2023-6508HIGHCVSS 8.8fixed in chromium 120.0.6099.71-1~deb12u1 (bookworm)2023

CVE-2023-6508 [HIGH] CVE-2023-6508: chromium - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a... Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.71-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.71-1~deb11u1) forky: resolved (fixed in 120.0.6099.71-1) sid: reso

debian

CVE-2023-2939HIGHCVSS 7.8fixed in chromium 114.0.5735.90-2~deb12u1 (bookworm)2023

CVE-2023-2939 [HIGH] CVE-2023-2939: chromium - Insufficient data validation in Installer in Google Chrome on Windows prior to 1... Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.0.5735.90-2~deb11u1) forky: resolved (fixed in 114.0.57

debian

CVE-2023-4356HIGHCVSS 8.8fixed in chromium 116.0.5845.96-1~deb12u1 (bookworm)2023

CVE-2023-4356 [HIGH] CVE-2023-4356: chromium - Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote... Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb1

debian

CVE-2023-2933HIGHCVSS 8.8fixed in chromium 114.0.5735.90-2~deb12u1 (bookworm)2023

CVE-2023-2933 [HIGH] CVE-2023-2933: chromium - Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote a... Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.0.5735.90-2~deb11u1) forky: resolved (fixed in 114.0.5735.90-1) sid: resolved (fixe

debian

CVE-2023-1811HIGHCVSS 8.8fixed in chromium 112.0.5615.49-1 (bookworm)2023

CVE-2023-1811 [HIGH] CVE-2023-1811: chromium - Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remot... Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: r

debian

CVE-2023-4363MEDIUMCVSS 4.3fixed in chromium 116.0.5845.96-1~deb12u1 (bookworm)2023

CVE-2023-4363 [MEDIUM] CVE-2023-4363: chromium - Inappropriate implementation in WebShare in Google Chrome on Android prior to 11... Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixed in 11

debian

CVE-2023-1813MEDIUMCVSS 6.5fixed in chromium 112.0.5615.49-1 (bookworm)2023

CVE-2023-1813 [MEDIUM] CVE-2023-1813: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.... Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2)

debian

CVE-2023-4902MEDIUMCVSS 4.3fixed in chromium 117.0.5938.62-1~deb12u1 (bookworm)2023

CVE-2023-4902 [MEDIUM] CVE-2023-4902: chromium - Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 al... Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.5938.62-1) sid: resolved (f

debian

CVE-2023-5487MEDIUMCVSS 6.5fixed in chromium 118.0.5993.70-1~deb12u1 (bookworm)2023

CVE-2023-5487 [MEDIUM] CVE-2023-5487: chromium - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.... Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.

debian

CVE-2023-5486MEDIUMCVSS 4.3fixed in chromium 118.0.5993.70-1~deb12u1 (bookworm)2023

CVE-2023-5486 [MEDIUM] CVE-2023-5486: chromium - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 al... Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (fixed in 118.0.5993.70-1) sid: resolved (fixe

debian

CVE-2023-1232MEDIUMCVSS 4.3fixed in chromium 111.0.5563.64-1 (bookworm)2023

CVE-2023-1232 [MEDIUM] CVE-2023-1232: chromium - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111... Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in

debian

CVE-2023-5851MEDIUMCVSS 4.3fixed in chromium 119.0.6045.105-1~deb12u1 (bookworm)2023

CVE-2023-5851 [MEDIUM] CVE-2023-5851: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.1... Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-1) sid:

debian

CVE-2023-1225MEDIUMCVSS 4.3fixed in chromium 111.0.5563.64-1 (bookworm)2023

CVE-2023-1225 [MEDIUM] CVE-2023-1225: chromium - Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 1... Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-1) s

debian

CVE-2023-5480MEDIUMCVSS 6.1fixed in chromium 119.0.6045.105-1~deb12u1 (bookworm)2023

CVE-2023-5480 [MEDIUM] CVE-2023-5480: chromium - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.10... Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-1) sid: reso

debian

← Previous40 / 109Next →