Debian Chromium vulnerabilities

CVE-2022-4025 [MEDIUM] CVE-2022-4025: chromium - Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 all... Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low) Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1) sid: resol

CVE-2022-4909 [MEDIUM] CVE-2022-4909: chromium - Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allo... Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 107.0.5304.68-1) bullseye: resolved (fixed in 107.0.5304.68-1~deb11u1) forky: resolved (fixed in 107.0.5304.68-1) sid: resolve

CVE-2022-1498 [MEDIUM] CVE-2022-1498: chromium - Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951... Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-1) trixie: r

CVE-2022-0116 [MEDIUM] CVE-2022-0116: chromium - Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.... Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.

CVE-2022-4187 [MEDIUM] CVE-2022-4187: chromium - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to... Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.5359.

CVE-2022-1497 [MEDIUM] CVE-2022-1497: chromium - Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 al... Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.

CVE-2022-3310 [MEDIUM] CVE-2022-3310: chromium - Insufficient policy enforcement in custom tabs in Google Chrome on Android prior... Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb

CVE-2022-2616 [MEDIUM] CVE-2022-2616: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5... Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolve

CVE-2022-2612 [MEDIUM] CVE-2022-2612: chromium - Side-channel information leakage in Keyboard input in Google Chrome prior to 104... Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky:

CVE-2022-2615 [MEDIUM] CVE-2022-2615: chromium - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.... Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.79-1) sid: resolved (fixed in 104.0.5112.79-1) trixie: re

CVE-2022-3053 [MEDIUM] CVE-2022-3053: chromium - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 10... Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: resolved (fixed in 105.0.5195.52-1)

CVE-2022-4188 [MEDIUM] CVE-2022-4188: chromium - Insufficient validation of untrusted input in CORS in Google Chrome on Android p... Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.535

CVE-2022-3316 [MEDIUM] CVE-2022-3316: chromium - Insufficient validation of untrusted input in Safe Browsing in Google Chrome pri... Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 106.0.5249.61-1)

CVE-2022-4182 [MEDIUM] CVE-2022-4182: chromium - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.53... Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.5359.71-1) s

CVE-2022-4910 [MEDIUM] CVE-2022-4910: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62... Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 107.0.5304.68-1) bullseye: resolved (fixed in 107.0.5304.68-1~deb11u1) forky: resolved (fixed in 107.0.5304.68-1) sid: res

CVE-2022-0118 [MEDIUM] CVE-2022-0118: chromium - Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 ... Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixe

CVE-2022-2164 [MEDIUM] CVE-2022-2164: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5... Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. Scope: local bookworm: resolved (fixed in 103.0.5060.53-1) bullseye: resolved (fixed in 103.0.5060.53-1~deb11u1) forky: resolved (fixed in 103

CVE-2022-3661 [MEDIUM] CVE-2022-3661: chromium - Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.... Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 107.0.5304.68-1) bullseye: resolved (fixed in 107.0.5304.68-1~deb11u1) forky: resol

CVE-2022-1871 [MEDIUM] CVE-2022-1871: chromium - Insufficient policy enforcement in File System API in Google Chrome prior to 102... Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.500

CVE-2022-4911 [MEDIUM] CVE-2022-4911: chromium - Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62... Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 106.0.5249.61-1) sid: resolv