Debian Chromium vulnerabilities

CVE-2023-4909 [MEDIUM] CVE-2023-4909: chromium - Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.59... Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.5938.62-1) sid: re

CVE-2023-1226 [MEDIUM] CVE-2023-1226: chromium - Insufficient policy enforcement in Web Payments API in Google Chrome prior to 11... Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-

CVE-2023-2467 [MEDIUM] CVE-2023-2467: chromium - Inappropriate implementation in Prompts in Google Chrome on Android prior to 113... Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.5672.63-1~deb11u1) forky: resolved (fixed in 113.0.5672.63-1)

CVE-2023-5483 [MEDIUM] CVE-2023-5483: chromium - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 ... Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (fixed in 118.0.5993.70-1) s

CVE-2023-1822 [MEDIUM] CVE-2023-1822: chromium - Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allo... Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: resolved (fixed in 112.0.5615.49-1) sid: resolved (fixed in

CVE-2023-5479 [MEDIUM] CVE-2023-5479: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5... Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~d

CVE-2023-1814 [MEDIUM] CVE-2023-1814: chromium - Insufficient validation of untrusted input in Safe Browsing in Google Chrome pri... Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: resolved (fixed in 112.0.5615.4

CVE-2023-2463 [MEDIUM] CVE-2023-2463: chromium - Inappropriate implementation in Full Screen Mode in Google Chrome on Android pri... Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.5672.63-1~deb11u1) forky: resolved (fix

CVE-2023-2465 [MEDIUM] CVE-2023-2465: chromium - Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 all... Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 113.0.5672.63-1) bullseye: resolved (fixed in 113.0.5672.63-1~deb11u1) forky: resolved (fixed in 113.0.5672.63-1) sid: resolved (fixed

CVE-2023-0700 [MEDIUM] CVE-2023-0700: chromium - Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77... Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 110.0.5481.77-1) bullseye: resolved (fixed in 110.0.5481.77-1~deb11u1) forky: resolved (fixed in

CVE-2023-0704 [MEDIUM] CVE-2023-0704: chromium - Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481... Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 110.0.5481.77-1) bullseye: resolved (fixed in 110.0.5481.77-1~deb11u1) forky: resolved (fixed in 110.0.5481.

CVE-2023-3737 [MEDIUM] CVE-2023-3737: chromium - Inappropriate implementation in Notifications in Google Chrome prior to 115.0.57... Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: resolved (fixed in 1

CVE-2023-0697 [MEDIUM] CVE-2023-0697: chromium - Inappropriate implementation in Full screen mode in Google Chrome on Android pri... Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 110.0.5481.77-1) bullseye: resolved (fixed in 110.0.5481.77-1~deb11u1) forky: resolved (fixed in 1

CVE-2023-2940 [MEDIUM] CVE-2023-2940: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.9... Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.0.5735.90-2~de

CVE-2023-7281 [MEDIUM] CVE-2023-7281: chromium - Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045... Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-1) sid:

CVE-2023-3733 [MEDIUM] CVE-2023-3733: chromium - Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.... Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: reso

CVE-2023-1823 [MEDIUM] CVE-2023-1823: chromium - Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 al... Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: resolved (fixed in 112.0.5615.49-1) sid: resolved

CVE-2023-4906 [MEDIUM] CVE-2023-4906: chromium - Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938... Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.5938.62-1) si

CVE-2023-7013 [MEDIUM] CVE-2023-7013: chromium - Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045... Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.1

CVE-2023-1819 [MEDIUM] CVE-2023-1819: chromium - Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allo... Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: resolved (fixed in 112.0.5615.49-1) sid: re