Debian Chromium vulnerabilities

CVE-2022-2608 [HIGH] CVE-2022-2608: chromium - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.511... Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved

CVE-2022-0607 [HIGH] CVE-2022-0607: chromium - Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote a... Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.102-1) bullseye: resolved (fixed in 98.0.4758.102-1~deb11u1) forky: resolved (fixed in 98.0.4758.102-1) sid: resolved (fixed in 98.0.4758.102-1) trixie: resolved (fi

CVE-2022-0304 [HIGH] CVE-2022-0304: chromium - Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a rem... Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1

CVE-2022-2158 [HIGH] CVE-2022-2158: chromium - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote at... Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 103.0.5060.53-1) bullseye: resolved (fixed in 103.0.5060.53-1~deb11u1) forky: resolved (fixed in 103.0.5060.53-1) sid: resolved (fixed in 103.0.5060.53-1) trixie: resolved (fix

CVE-2022-1874 [HIGH] CVE-2022-1874: chromium - Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior t... Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1) sid: resolved (fixed in 102.

CVE-2022-1854 [HIGH] CVE-2022-1854: chromium - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote... Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1) sid: resolved (fixed in 102.0.5005.61-1) trixie: resolved (

CVE-2022-0295 [HIGH] CVE-2022-0295: chromium - Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remot... Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1

CVE-2022-1135 [HIGH] CVE-2022-1135: chromium - Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed ... Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4896.60-1) sid: resolved (fixed in 100.0.4896.60

CVE-2022-0300 [HIGH] CVE-2022-0300: chromium - Use after free in Text Input Method Editor in Google Chrome on Android prior to ... Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolve

CVE-2022-4178 [HIGH] CVE-2022-4178: chromium - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote ... Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 1

CVE-2022-1096 [HIGH] CVE-2022-1096: chromium - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote att... Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.84-1) bullseye: resolved (fixed in 99.0.4844.84-1~deb11u1) forky: resolved (fixed in 99.0.4844.84-1) sid: resolved (fixed in 99.0.4844.84-1) trixie: resolved (fixed in

CVE-2022-1876 [HIGH] CVE-2022-1876: chromium - Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed... Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1) si

CVE-2022-3445 [HIGH] CVE-2022-3445: chromium - Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote... Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.119-1) bullseye: resolved (fixed in 106.0.5249.119-1~deb11u1) forky: resolved (fixed in 106.0.5249.119-1) sid: resolved (fixed

CVE-2022-1484 [HIGH] CVE-2022-1484: chromium - Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 ... Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-1) tr

CVE-2022-2480 [HIGH] CVE-2022-2480: chromium - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 al... Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 103.0.5060.134-1) bullseye: resolved (fixed in 103.0.5060.134-1~deb11u1) forky: resolved (fixed in 103.0.5060.134-1) sid: resolved (fixed in 103.0.5060.134-1)

CVE-2022-1133 [HIGH] CVE-2022-1133: chromium - Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a ... Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4896.60-1) sid: resolved (fixed in 100.0.4896.60-1) trixie: reso

CVE-2022-1130 [HIGH] CVE-2022-1130: chromium - Insufficient validation of trust input in WebOTP in Google Chrome on Android pri... Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4896.60-1) sid: resolved (fixed in 100

CVE-2022-1634 [HIGH] CVE-2022-1634: chromium - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a r... Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. Scope: local bookworm: resolved (fixed in 101.0.4951.64-1) bullseye: resolved (fixed in 101.0.4951.64-1~deb11u1) forky: resolved (fixed in 10

CVE-2022-3306 [HIGH] CVE-2022-3306: chromium - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 all... Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 106.0.5249.61-1) sid: resolv

CVE-2022-2859 [HIGH] CVE-2022-2859: chromium - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allow... Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. Scope: local bookworm: resolved (fixed in 104.0.5112.101-1) bullseye: resolved (fixed in 104.0.5112.101-1~deb11u1) forky: resolved (fixed in