Debian Chromium vulnerabilities

CVE-2022-1489 [HIGH] CVE-2022-1489: chromium - Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros pr... Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (

CVE-2022-0972 [HIGH] CVE-2022-0972: chromium - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an a... Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.74-1) bullseye: resolved (fixed in 99.0.4844.74-1~deb11u1) forky: resolved (fixed in 99.0.4844.74-1) sid: resol

CVE-2022-3659 [HIGH] CVE-2022-3659: chromium - Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.530... Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 107.0.5304.68-1) bullseye: resolved (fixed in 107.0

CVE-2022-1636 [HIGH] CVE-2022-1636: chromium - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allow... Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.64-1) bullseye: resolved (fixed in 101.0.4951.64-1~deb11u1) forky: resolved (fixed in 101.0.4951.64-1) sid: resolved (fixed in 101.0.4951.64-1) trixie:

CVE-2022-1639 [HIGH] CVE-2022-1639: chromium - Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote... Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.64-1) bullseye: resolved (fixed in 101.0.4951.64-1~deb11u1) forky: resolved (fixed in 101.0.4951.64-1) sid: resolved (fixed in 101.0.4951.64-1) trixie: resolved (

CVE-2022-1311 [HIGH] CVE-2022-1311: chromium - Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allo... Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.88-1) bullseye: resolved (fixed in 100.0.4896.88-1~deb11u1) forky: resolved (fixed in 100.0.4896.88-1) sid: resolved (fixed in 100.0.4896.88-1) trixie

CVE-2022-1305 [HIGH] CVE-2022-1305: chromium - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remo... Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.88-1) bullseye: resolved (fixed in 100.0.4896.88-1~deb11u1) forky: resolved (fixed in 100.0.4896.88-1) sid: resolved (fixed in 100.0.4896.88-1) trixie: resolved

CVE-2022-3305 [HIGH] CVE-2022-3305: chromium - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 all... Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 106.0.5249.61-1) sid: resolv

CVE-2022-0464 [HIGH] CVE-2022-0464: chromium - Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a... Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1

CVE-2022-0096 [HIGH] CVE-2022-0096: chromium - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remot... Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: resol

CVE-2022-2603 [HIGH] CVE-2022-2603: chromium - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remo... Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.79-1) sid: resolved (fixed in 104.0.5112.79-1) trixie: resolved

CVE-2022-3039 [HIGH] CVE-2022-3039: chromium - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remot... Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: resolved (fixed in 105.0.5195.52-1) trixie: resolved

CVE-2022-3370 [HIGH] CVE-2022-3370: chromium - Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowe... Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.91-1) bullseye: resolved (fixed in 106.0.5249.91-1~deb11u1) forky: resolved (fixed in 106.0.5249.91-1) sid: resolved

CVE-2022-2853 [HIGH] CVE-2022-2853: chromium - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.511... Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.101-1) bullseye: resolved (fixed in 104.0.5112.101-1~deb11u1) forky: resolved (fixed in 104.0.5112.

CVE-2022-0102 [HIGH] CVE-2022-0102: chromium - Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote att... Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: resolved (

CVE-2022-3885 [HIGH] CVE-2022-3885: chromium - Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote a... Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 107.0.5304.110-1) bullseye: resolved (fixed in 107.0.5304.110-1~deb11u1) forky: resolved (fixed in 107.0.5304.110-1) sid: resolved (fixed in

CVE-2022-0104 [HIGH] CVE-2022-0104: chromium - Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a r... Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: r

CVE-2022-1477 [HIGH] CVE-2022-1477: chromium - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remot... Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-1) trixie: resolved

CVE-2022-3304 [HIGH] CVE-2022-3304: chromium - Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote a... Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 106.0.5249.61-1) sid: resolved (fixed in 10

CVE-2022-3450 [HIGH] CVE-2022-3450: chromium - Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allow... Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.119-1) bullseye: resolved (fixed in 106.0.5249.119-1~deb11u1) forky: resolved (fixed in 106.0.5249.119-1) sid: resol