Debian Chromium vulnerabilities

CVE-2022-0115 [HIGH] CVE-2022-0115: chromium - Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a r... Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.

CVE-2022-2011 [HIGH] CVE-2022-2011: chromium - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remot... Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.115-1) bullseye: resolved (fixed in 102.0.5005.115-1~deb11u1) forky: resolved (fixed in 102.0.5005.115-1) sid: resolved (fixed in 102.0.5005.115-1) trixie: resol

CVE-2022-1310 [HIGH] CVE-2022-1310: chromium - Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 al... Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.88-1) bullseye: resolved (fixed in 100.0.4896.88-1~deb11u1) forky: resolved (fixed in 100.0.4896.88-1) sid: resolved (fixed in 100.0.4896.88-1) trix

CVE-2022-1865 [HIGH] CVE-2022-1865: chromium - Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an a... Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolv

CVE-2022-2481 [HIGH] CVE-2022-2481: chromium - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remot... Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. Scope: local bookworm: resolved (fixed in 103.0.5060.134-1) bullseye: resolved (fixed in 103.0.5060.134-1~deb11u1) forky: resolved (fixed in 103.0.5060.134-1)

CVE-2022-0799 [HIGH] CVE-2022-0799: chromium - Insufficient policy enforcement in Installer in Google Chrome on Windows prior t... Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fixe

CVE-2022-4437 [HIGH] CVE-2022-4437: chromium - Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a re... Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 108.0.5359.124-1) bullseye: resolved (fixed in 108.0.5359.124-1~deb11u1) forky: resolved (fixed in 108.0.5359.124-1) sid: resolved (fi

CVE-2022-2855 [HIGH] CVE-2022-2855: chromium - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remot... Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.101-1) bullseye: resolved (fixed in 104.0.5112.101-1~deb11u1) forky: resolved (fixed in 104.0.5112.101-1) sid: resolved (fixed in 104.0.5112.101-1) trixie: resol

CVE-2022-3887 [HIGH] CVE-2022-3887: chromium - Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a... Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 107.0.5304.110-1) bullseye: resolved (fixed in 107.0.5304.110-1~deb11u1) forky: resolved (fixed in 107.0.5304.110-1) sid: resolved

CVE-2022-4912 [HIGH] CVE-2022-4912: chromium - Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remot... Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: resolved (fixed in

CVE-2022-0976 [HIGH] CVE-2022-0976: chromium - Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a rem... Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.74-1) bullseye: resolved (fixed in 99.0.4844.74-1~deb11u1) forky: resolved (fixed in 99.0.4844.74-1) sid: resolved (fixed in 99.0.4844.74-1) trixie: resolved (f

CVE-2022-3307 [HIGH] CVE-2022-3307: chromium - Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote... Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 106.0.5249.61-1) sid: resolved (fixed in

CVE-2022-4914 [HIGH] CVE-2022-4914: chromium - Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 all... Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) fork

CVE-2022-2295 [HIGH] CVE-2022-2295: chromium - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote a... Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 103.0.5060.114-1) bullseye: resolved (fixed in 103.0.5060.114-1~deb11u1) forky: resolved (fixed in 103.0.5060.114-1) sid: resolved (fixed in 103.0.5060.114-1) trixie: resolved

CVE-2022-0457 [HIGH] CVE-2022-0457: chromium - Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote att... Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1) sid: resolved (fixed in 98.0.4758.80-1) trixie: resolved (fixed in

CVE-2022-0606 [HIGH] CVE-2022-0606: chromium - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote... Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.102-1) bullseye: resolved (fixed in 98.0.4758.102-1~deb11u1) forky: resolved (fixed in 98.0.4758.102-1) sid: resolved (fixed in 98.0.4758.102-1) trixie: resolved (

CVE-2022-4916 [HIGH] CVE-2022-4916: chromium - Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote... Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 103.0.5060.53-1) bullseye: resolved (fixed in 103.0.5060.53-1~deb11u1) forky: resolved (fixed in 103.0.5060.53-1) sid: resolved (fixed in 103.0.5

CVE-2022-0114 [HIGH] CVE-2022-0114: chromium - Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4... Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) s

CVE-2022-3449 [HIGH] CVE-2022-3449: chromium - Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed... Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.119-1) bullseye: resolved (fixed in 106.0.5249.119-1~deb11u1) f

CVE-2022-3655 [HIGH] CVE-2022-3655: chromium - Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 ... Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 107.0.5304.68-1) bullseye: resolved (fixed in 107.0.5304.68-1~deb11u1) f