Debian Chromium vulnerabilities

CVE-2023-0141 [MEDIUM] CVE-2023-0141: chromium - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 ... Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb11u1) forky: resolved (fixed in 109.0.5414.74-1) sid: resolved (fixed

CVE-2023-4350 [MEDIUM] CVE-2023-4350: chromium - Inappropriate implementation in Fullscreen in Google Chrome on Android prior to ... Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky:

CVE-2023-4908 [MEDIUM] CVE-2023-4908: chromium - Inappropriate implementation in Picture in Picture in Google Chrome prior to 117... Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.5938.62-1) sid: r

CVE-2023-2462 [MEDIUM] CVE-2023-2462: chromium - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 ... Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.5672.63-1~deb11u1) forky: resolved (fixed in 113.0.5672.63-1) sid: resolved

CVE-2023-1234 [MEDIUM] CVE-2023-1234: chromium - Inappropriate implementation in Intents in Google Chrome on Android prior to 111... Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-1) sid: res

CVE-2023-4359 [MEDIUM] CVE-2023-4359: chromium - Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 11... Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (

CVE-2023-5485 [MEDIUM] CVE-2023-5485: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70... Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (fixed in 118.0.5993.70-1) sid:

CVE-2023-0130 [MEDIUM] CVE-2023-0130: chromium - Inappropriate implementation in in Fullscreen API in Google Chrome on Android pr... Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb11u1) forky: resolved (f

CVE-2023-3735 [MEDIUM] CVE-2023-3735: chromium - Inappropriate implementation in Web API Permission Prompts in Google Chrome prio... Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: resolved (fixed in 115.0.57

CVE-2023-0140 [MEDIUM] CVE-2023-0140: chromium - Inappropriate implementation in in File System API in Google Chrome on Windows p... Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb11u1) forky: resolved (fixed in 109.0.

CVE-2023-1231 [MEDIUM] CVE-2023-1231: chromium - Inappropriate implementation in Autofill in Google Chrome on Android prior to 11... Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in

CVE-2023-2937 [MEDIUM] CVE-2023-2937: chromium - Inappropriate implementation in Picture In Picture in Google Chrome prior to 114... Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.

CVE-2023-3738 [MEDIUM] CVE-2023-3738: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98... Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: resolved (fixed in 115.0.5790.98-1) sid: reso

CVE-2023-3740 [MEDIUM] CVE-2023-3740: chromium - Insufficient validation of untrusted input in Themes in Google Chrome prior to 1... Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: resolve

CVE-2023-4361 [MEDIUM] CVE-2023-4361: chromium - Inappropriate implementation in Autofill in Google Chrome on Android prior to 11... Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixed in 116.0.58

CVE-2023-2464 [MEDIUM] CVE-2023-2464: chromium - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0... Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.56

CVE-2023-2459 [MEDIUM] CVE-2023-2459: chromium - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 ... Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.5672.63-1~deb11u1) forky: resolved (fixed in 113.0.5672.63-1) sid: reso

CVE-2023-6512 [MEDIUM] CVE-2023-6512: chromium - Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6... Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 120.0.6099.71-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.71-1~deb11u1) forky:

CVE-2023-5853 [MEDIUM] CVE-2023-5853: chromium - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allo... Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-1) sid: resolv

CVE-2023-4365 [MEDIUM] CVE-2023-4365: chromium - Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.... Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixed in 116.0.5845.96-1) sid: re