Debian Chromium vulnerabilities

CVE-2023-5850 [MEDIUM] CVE-2023-5850: chromium - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allo... Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-1) sid: re

CVE-2023-3739 [MEDIUM] CVE-2023-3739: chromium - Insufficient validation of untrusted input in Chromad in Google Chrome on Chrome... Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: resolved (fixed in

CVE-2023-2938 [MEDIUM] CVE-2023-2938: chromium - Inappropriate implementation in Picture In Picture in Google Chrome prior to 114... Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.

CVE-2023-0131 [MEDIUM] CVE-2023-0131: chromium - Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.... Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb11u1) forky: resolved (fixed in 109.0.5414.74

CVE-2023-5478 [MEDIUM] CVE-2023-5478: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70... Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (fixed in 118.0.5993.70-1) sid: resolv

CVE-2023-1217 [MEDIUM] CVE-2023-1217: chromium - Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 11... Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed

CVE-2023-4905 [MEDIUM] CVE-2023-4905: chromium - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 ... Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.5938.62-1) sid: resolved

CVE-2023-2311 [MEDIUM] CVE-2023-2311: chromium - Insufficient policy enforcement in File System API in Google Chrome prior to 112... Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: resolved (fixed in 112.0.5615.49-1

CVE-2023-1223 [MEDIUM] CVE-2023-1223: chromium - Insufficient policy enforcement in Autofill in Google Chrome on Android prior to... Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-1) si

CVE-2023-4764 [MEDIUM] CVE-2023-4764: chromium - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowe... Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.180-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.180-1~deb11u1) forky: resolved (fixed in 116.0.5845.

CVE-2023-4900 [MEDIUM] CVE-2023-4900: chromium - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to... Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.

CVE-2023-2468 [MEDIUM] CVE-2023-2468: chromium - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0... Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.5672.63-1~deb11u1) forky: res

CVE-2023-4904 [MEDIUM] CVE-2023-4904: chromium - Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.593... Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.5

CVE-2023-4360 [MEDIUM] CVE-2023-4360: chromium - Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 al... Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixed in 116.0.5845.96-1) sid: resolve

CVE-2023-5475 [MEDIUM] CVE-2023-5475: chromium - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70... Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.59

CVE-2023-5477 [MEDIUM] CVE-2023-5477: chromium - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.7... Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (fixed in 118.0.5993.70-1)

CVE-2023-1230 [MEDIUM] CVE-2023-1230: chromium - Inappropriate implementation in WebApp Installs in Google Chrome on Android prio... Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.

CVE-2023-3734 [MEDIUM] CVE-2023-3734: chromium - Inappropriate implementation in Picture In Picture in Google Chrome prior to 115... Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: r

CVE-2023-5858 [MEDIUM] CVE-2023-5858: chromium - Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.... Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-1) s

CVE-2023-4367 [MEDIUM] CVE-2023-4367: chromium - Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.... Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-