Debian Chromium vulnerabilities

CVE-2022-0795 [HIGH] CVE-2022-0795: chromium - Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a ... Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fixed in 99.0.4844.51-1) trixie: resolved

CVE-2022-1127 [HIGH] CVE-2022-1127: chromium - Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allo... Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4

CVE-2022-1232 [HIGH] CVE-2022-1232: chromium - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote at... Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.75-1) bullseye: resolved (fixed in 100.0.4896.75-1~deb11u1) forky: resolved (fixed in 100.0.4896.75-1) sid: resolved (fixed in 100.0.4896.75-1) trixie: resolved (fix

CVE-2022-0470 [HIGH] CVE-2022-0470: chromium - Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed... Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1) sid: resolved (fixed in 98.0.4758.80-1) trixie: resol

CVE-2022-1491 [HIGH] CVE-2022-1491: chromium - Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a re... Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-

CVE-2022-1144 [HIGH] CVE-2022-1144: chromium - Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote... Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4

CVE-2022-0107 [HIGH] CVE-2022-0107: chromium - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4... Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.

CVE-2022-1487 [HIGH] CVE-2022-1487: chromium - Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote... Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-1) trixie: resolve

CVE-2022-0298 [HIGH] CVE-2022-0298: chromium - Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a re... Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1) sid: resolved (fixed in 97.0.4692.99-1) trixie: resolved (

CVE-2022-2604 [HIGH] CVE-2022-2604: chromium - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed ... Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.79-1) sid: resolved (fixed in 104.0.5112.79-1) trixie: re

CVE-2022-2606 [HIGH] CVE-2022-2606: chromium - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 al... Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 10

CVE-2022-3308 [HIGH] CVE-2022-3308: chromium - Insufficient policy enforcement in developer tools in Google Chrome prior to 106... Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 106.0.5249.

CVE-2022-3653 [HIGH] CVE-2022-3653: chromium - Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a... Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 107.0.5304.68-1) bullseye: resolved (fixed in 107.0.5304.68-1~deb11u1) forky: resolved (fixed in 107.0.5304.68-1) sid: resolved (fi

CVE-2022-4177 [HIGH] CVE-2022-4177: chromium - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an ... Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u

CVE-2022-0465 [HIGH] CVE-2022-0465: chromium - Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a re... Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1) sid: resolved (fixed in 98.0.4758.80-1) trixie: resolved (fix

CVE-2022-4194 [HIGH] CVE-2022-4194: chromium - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed ... Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.5359.71-1) sid: resolved

CVE-2022-3196 [HIGH] CVE-2022-3196: chromium - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote ... Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 105.0.5195.125-1) bullseye: resolved (fixed in 105.0.5195.125-1~deb11u1) forky: resolved (fixed in 105.0.5195.125-1) sid: resolved (fixed in

CVE-2022-3198 [HIGH] CVE-2022-3198: chromium - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote ... Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 105.0.5195.125-1) bullseye: resolved (fixed in 105.0.5195.125-1~deb11u1) forky: resolved (fixed in 105.0.5195.125-1) sid: resolved (fixed in

CVE-2022-0609 [HIGH] CVE-2022-0609: chromium - Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a re... Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.102-1) bullseye: resolved (fixed in 98.0.4758.102-1~deb11u1) forky: resolved (fixed in 98.0.4758.102-1) sid: resolved (fixed in 98.0.4758.102-1) trixie: resolv

CVE-2022-0310 [HIGH] CVE-2022-0310: chromium - Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allo... Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1) sid: resolved (fixed in 97.0.4692.99-1) tri