Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 45 of 109

CVE-2023-0133MEDIUMCVSS 6.5fixed in chromium 109.0.5414.74-1 (bookworm)2023

CVE-2023-0133 [MEDIUM] CVE-2023-0133: chromium - Inappropriate implementation in in Permission prompts in Google Chrome on Androi... Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb11u1) forky: resolved (

debian

CVE-2023-4364MEDIUMCVSS 4.3fixed in chromium 116.0.5845.96-1~deb12u1 (bookworm)2023

CVE-2023-4364 [MEDIUM] CVE-2023-4364: chromium - Inappropriate implementation in Permission Prompts in Google Chrome prior to 116... Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixed in 116.0.5845.96-1)

debian

CVE-2023-0132MEDIUMCVSS 6.5fixed in chromium 109.0.5414.74-1 (bookworm)2023

CVE-2023-0132 [MEDIUM] CVE-2023-0132: chromium - Inappropriate implementation in in Permission prompts in Google Chrome on Window... Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb11u1) forky: resolved (f

debian

CVE-2023-1224MEDIUMCVSS 4.3fixed in chromium 111.0.5563.64-1 (bookworm)2023

CVE-2023-1224 [MEDIUM] CVE-2023-1224: chromium - Insufficient policy enforcement in Web Payments API in Google Chrome prior to 11... Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-

debian

CVE-2023-1229MEDIUMCVSS 4.3fixed in chromium 111.0.5563.64-1 (bookworm)2023

CVE-2023-1229 [MEDIUM] CVE-2023-1229: chromium - Inappropriate implementation in Permission prompts in Google Chrome prior to 111... Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-1

debian

CVE-2023-5859MEDIUMCVSS 4.3fixed in chromium 119.0.6045.105-1~deb12u1 (bookworm)2023

CVE-2023-5859 [MEDIUM] CVE-2023-5859: chromium - Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045... Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-

debian

CVE-2023-3736MEDIUMCVSS 4.3fixed in chromium 115.0.5790.98-1~deb12u1 (bookworm)2023

CVE-2023-3736 [MEDIUM] CVE-2023-3736: chromium - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to... Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: resolved (fixed in 115.0.5790.

debian

CVE-2023-2314MEDIUMCVSS 6.5fixed in chromium 111.0.5563.64-1 (bookworm)2023

CVE-2023-2314 [MEDIUM] CVE-2023-2314: chromium - Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64... Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-1) sid: resolv

debian

CVE-2023-4863LOWCVSS 8.8KEVfixed in chromium 117.0.5938.62-1 (bookworm)2023

CVE-2023-4863 [HIGH] CVE-2023-4863: chromium - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and lib... Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1) bullseye: resolved (fixed in 117.0.5938.62-1) forky: resolved (fixed in 117.0.5938.62-1)

debian

CVE-2023-7261LOWCVSS 7.82023

CVE-2023-7261 [HIGH] CVE-2023-7261: chromium - Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chr... Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2022-0097CRITICALCVSS 9.6fixed in chromium 97.0.4692.71-0.1 (bookworm)2022

CVE-2022-0097 [CRITICAL] CVE-2022-0097: chromium - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 ... Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved

debian

CVE-2022-0452CRITICALCVSS 9.6fixed in chromium 98.0.4758.80-1 (bookworm)2022

CVE-2022-0452 [CRITICAL] CVE-2022-0452: chromium - Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a... Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1) sid: resolved (fixed in 98.0.4758.80-1) trixie: re

debian

CVE-2022-0790CRITICALCVSS 9.6fixed in chromium 99.0.4844.51-1 (bookworm)2022

CVE-2022-0790 [CRITICAL] CVE-2022-0790: chromium - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remot... Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51

debian

CVE-2022-0290CRITICALCVSS 9.6fixed in chromium 97.0.4692.99-1 (bookworm)2022

CVE-2022-0290 [CRITICAL] CVE-2022-0290: chromium - Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed ... Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1) sid: resolved (fixed in 97.0.4692.99-1) trixie: r

debian

CVE-2022-0977CRITICALCVSS 9.6fixed in chromium 99.0.4844.74-1 (bookworm)2022

CVE-2022-0977 [CRITICAL] CVE-2022-0977: chromium - Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74... Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.74-1) bullseye: resolved (fixed in 99.0.4844.74-1~deb11u1) forky: resolved (fixed

debian

CVE-2022-3075CRITICALCVSS 9.6KEVfixed in chromium 105.0.5195.102-1 (bookworm)2022

CVE-2022-3075 [CRITICAL] CVE-2022-3075: chromium - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 al... Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.102-1) bullseye: resolved (fixed in 105.0.5195.102-1~deb11u1) forky: resolved (fixed in 105.0.5195.102

debian

CVE-2022-4924CRITICALCVSS 9.6fixed in chromium 97.0.4692.71-0.1 (bookworm)2022

CVE-2022-4924 [CRITICAL] CVE-2022-4924: chromium - Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote... Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fi

debian

CVE-2022-4920CRITICALCVSS 9.6fixed in chromium 101.0.4951.41-1 (bookworm)2022

CVE-2022-4920 [CRITICAL] CVE-2022-4920: chromium - Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a ... Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) f

debian

CVE-2022-1309CRITICALCVSS 9.6fixed in chromium 100.0.4896.88-1 (bookworm)2022

CVE-2022-1309 [CRITICAL] CVE-2022-1309: chromium - Insufficient policy enforcement in developer tools in Google Chrome prior to 100... Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.88-1) bullseye: resolved (fixed in 100.0.4896.88-1~deb11u1) forky: resolved (fixed in 100.0.4896.88-1) sid: resolved (fixed in 100

debian

CVE-2022-0973CRITICALCVSS 9.6fixed in chromium 99.0.4844.74-1 (bookworm)2022

CVE-2022-0973 [CRITICAL] CVE-2022-0973: chromium - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a... Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.74-1) bullseye: resolved (fixed in 99.0.4844.74-1~deb11u1) forky: resolved (fixed in 99.0.4844.74-1) sid: resolved (fixed in 99.0.4844.74-1) trixie: res

debian

← Previous45 / 109Next →