Debian Chromium vulnerabilities

CVE-2023-1235 [MEDIUM] CVE-2023-1235: chromium - Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a rem... Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (

CVE-2023-1817 [MEDIUM] CVE-2023-1817: chromium - Insufficient policy enforcement in Intents in Google Chrome on Android prior to ... Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: resolved (fixed in 112.0.5615.4

CVE-2023-1228 [MEDIUM] CVE-2023-1228: chromium - Insufficient policy enforcement in Intents in Google Chrome on Android prior to ... Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.6

CVE-2023-1821 [MEDIUM] CVE-2023-1821: chromium - Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49... Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: resolved (fixed in 112.

CVE-2023-6511 [MEDIUM] CVE-2023-6511: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62... Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 120.0.6099.71-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.71-1~deb11u1) forky: resolved (fixed in 120.0.6099.71-1) sid:

CVE-2023-7282 [MEDIUM] CVE-2023-7282: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.... Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.5672.63-1~deb11u1) fork

CVE-2023-4903 [MEDIUM] CVE-2023-4903: chromium - Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android p... Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.593

CVE-2023-2941 [MEDIUM] CVE-2023-2941: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5... Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.0.5735.9

CVE-2023-0139 [MEDIUM] CVE-2023-0139: chromium - Insufficient validation of untrusted input in Downloads in Google Chrome on Wind... Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb11u1) forky: resolved (fixed in 109.

CVE-2023-1233 [MEDIUM] CVE-2023-1233: chromium - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111... Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixe

CVE-2023-1221 [MEDIUM] CVE-2023-1221: chromium - Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.... Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.6

CVE-2023-1236 [MEDIUM] CVE-2023-1236: chromium - Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.6... Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-1) sid: resolv

CVE-2023-4901 [MEDIUM] CVE-2023-4901: chromium - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 ... Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.5938.62-1) si

CVE-2023-5473 [MEDIUM] CVE-2023-5473: chromium - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote ... Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (f

CVE-2023-7011 [MEDIUM] CVE-2023-7011: chromium - Inappropriate implementation in Picture in Picture in Google Chrome prior to 119... Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (

CVE-2023-1816 [MEDIUM] CVE-2023-1816: chromium - Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615... Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: resolved (fixed in 112.0.5615.49

CVE-2023-4907 [MEDIUM] CVE-2023-4907: chromium - Inappropriate implementation in Intents in Google Chrome on Android prior to 117... Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.5938.62-1) si

CVE-2023-5481 [MEDIUM] CVE-2023-5481: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.7... Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (fixed in 118.0.5993.70-1) sid: resolve

CVE-2023-2466 [MEDIUM] CVE-2023-2466: chromium - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 ... Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.5672.63-1~deb11u1) forky: resolved (fixed in 113.0.5672.63-1) sid:

CVE-2023-5484 [MEDIUM] CVE-2023-5484: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.... Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (fixed in 118.0.5993.70-1) sid: resolv