Debian Chromium vulnerabilities

CVE-2022-3058 [HIGH] CVE-2022-3058: chromium - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a... Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5

CVE-2022-0800 [HIGH] CVE-2022-0800: chromium - Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a... Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.5

CVE-2022-0789 [HIGH] CVE-2022-0789: chromium - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a r... Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fixed in 99.0.4844.51-1) trixie: resolved

CVE-2022-0793 [HIGH] CVE-2022-0793: chromium - Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacke... Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: reso

CVE-2022-3315 [HIGH] CVE-2022-3315: chromium - Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote... Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 106.0.5249.61-1) sid: resolved (fixed in 1

CVE-2022-4906 [HIGH] CVE-2022-4906: chromium - Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 al... Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.5359.71-1) sid: resolved (fi

CVE-2022-3045 [HIGH] CVE-2022-3045: chromium - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0... Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: resolved (fixed in 105.0.5195

CVE-2022-0610 [HIGH] CVE-2022-0610: chromium - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.... Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.102-1) bullseye: resolved (fixed in 98.0.4758.102-1~deb11u1) forky: resolved (fixed in 98.0.4758.102-1) sid: resolved (fixed in 98.0.4758.102-1

CVE-2022-4181 [HIGH] CVE-2022-4181: chromium - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote... Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.5359.71-1) sid: resolved (fixed in

CVE-2022-1857 [HIGH] CVE-2022-1857: chromium - Insufficient policy enforcement in File System API in Google Chrome prior to 102... Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1) sid: resolved (fixed in 102.0.5005.6

CVE-2022-3042 [HIGH] CVE-2022-3042: chromium - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 ... Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: resolved (fixed in 105.0.5195.52-1) tr

CVE-2022-3446 [HIGH] CVE-2022-3446: chromium - Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed ... Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.119-1) bullseye: resolved (fixed in 106.0.5249.119-1~deb11u1) forky: resolved (fixed in 106.0.5249.119-1) sid: resolved

CVE-2022-3657 [HIGH] CVE-2022-3657: chromium - Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an ... Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 107.0.5304.68-1) bullseye: resolved (fixed in 107.0.5304.68-1~deb11u1) forky

CVE-2022-4918 [HIGH] CVE-2022-4918: chromium - Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote at... Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1) sid: resolved (fixed in 102.0.50

CVE-2022-0794 [HIGH] CVE-2022-0794: chromium - Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remo... Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1)

CVE-2022-3195 [HIGH] CVE-2022-3195: chromium - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed ... Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 105.0.5195.125-1) bullseye: resolved (fixed in 105.0.5195.125-1~deb11u1) forky: resolved (fixed in 105.0.5195.125-1) sid: resolv

CVE-2022-2858 [HIGH] CVE-2022-2858: chromium - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed ... Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. Scope: local bookworm: resolved (fixed in 104.0.5112.101-1) bullseye: resolved (fixed in 104.0.5112.101-1~deb11u1) forky: resolved (fixed in 104.0.5112.101-1) sid: resolved (fixed in 104.0.5112.101-1) tr

CVE-2022-2613 [HIGH] CVE-2022-2613: chromium - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 all... Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed i

CVE-2022-0791 [HIGH] CVE-2022-0791: chromium - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remot... Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) si

CVE-2022-1635 [HIGH] CVE-2022-1635: chromium - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 all... Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. Scope: local bookworm: resolved (fixed in 101.0.4951.64-1) bullseye: resolved (fixed in 101.0.4951.64-1~deb11u1) forky: resolved (fixed