Debian Chromium vulnerabilities

CVE-2022-2624 [HIGH] CVE-2022-2624: chromium - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a re... Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.7

CVE-2022-4439 [HIGH] CVE-2022-4439: chromium - Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allow... Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 108.0.5359.124-1) bullseye: resolved (fixed in 108.0.5359.124

CVE-2022-0468 [HIGH] CVE-2022-0468: chromium - Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remo... Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1) sid: resolved (fixed in 98.0.4758.80-1) trixie: resolved (fi

CVE-2022-2742 [HIGH] CVE-2022-2742: chromium - Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 10... Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High) Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104

CVE-2022-2998 [HIGH] CVE-2022-2998: chromium - Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allo... Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.101-1) bullseye: resolved (fixed in 104.0.5112.101-1~deb11u1) forky: resolved (fixed i

CVE-2022-2156 [HIGH] CVE-2022-2156: chromium - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote ... Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 103.0.5060.53-1) bullseye: resolved (fixed in 103.0.5060.53-1~deb11u1) forky: resolved (fixed in 103.0.5060.53-1) sid: resolved (fixed in 103.0.5060.53-1) trixie: resolved (f

CVE-2022-1860 [HIGH] CVE-2022-1860: chromium - Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.50... Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolv

CVE-2022-0798 [HIGH] CVE-2022-0798: chromium - Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an ... Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) si

CVE-2022-1313 [HIGH] CVE-2022-1313: chromium - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a r... Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.88-1) bullseye: resolved (fixed in 100.0.4896.88-1~deb11u1) forky: resolved (fixed in 100.0.4896.88-1) sid: resolved (fixed in 100.0.4896.88-1) trixie: resol

CVE-2022-1870 [HIGH] CVE-2022-1870: chromium - Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an... Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1

CVE-2022-2620 [HIGH] CVE-2022-2620: chromium - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 all... Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed

CVE-2022-2621 [HIGH] CVE-2022-2621: chromium - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an ... Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.79-1) s

CVE-2022-0296 [HIGH] CVE-2022-0296: chromium - Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remo... Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-

CVE-2022-3038 [HIGH] CVE-2022-3038: chromium - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowe... Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: resolved (fixed in 105.0.5195.52-1) trixie:

CVE-2022-3888 [HIGH] CVE-2022-3888: chromium - Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a r... Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 107.0.5304.110-1) bullseye: resolved (fixed in 107.0.5304.110-1~deb11u1) forky: resolved (fixed in 107.0.5304.110-1) sid: resolved (f

CVE-2022-1314 [HIGH] CVE-2022-1314: chromium - Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote at... Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.88-1) bullseye: resolved (fixed in 100.0.4896.88-1~deb11u1) forky: resolved (fixed in 100.0.4896.88-1) sid: resolved (fixed in 100.0.4896.88-1) trixie: resolved (fix

CVE-2022-4176 [HIGH] CVE-2022-4176: chromium - Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros ... Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed i

CVE-2022-2477 [HIGH] CVE-2022-2477: chromium - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an... Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 103.0.5060.134-1) bullseye: resolved (fixed in 103.0.5060.134-1~deb11u1) forky: resolved (fixed in 103.0.5060.134-1) si

CVE-2022-0459 [HIGH] CVE-2022-0459: chromium - Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed ... Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb1

CVE-2022-1308 [HIGH] CVE-2022-1308: chromium - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remo... Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.88-1) bullseye: resolved (fixed in 100.0.4896.88-1~deb11u1) forky: resolved (fixed in 100.0.4896.88-1) sid: resolved (fixed in 100.0.4896.88-1) trixie: resolved