Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 6 of 109

CVE-2026-4454HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4454 [HIGH] CVE-2026-4454: chromium - Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a rem... Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) trixie:

debian

CVE-2026-3931HIGHCVSS 8.8fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3931 [HIGH] CVE-2026-3931: chromium - Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a r... Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trixie:

debian

CVE-2026-4456HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4456 [HIGH] CVE-2026-4456: chromium - Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.1... Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680

debian

CVE-2026-3913HIGHCVSS 8.8fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3913 [HIGH] CVE-2026-3913: chromium - Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a ... Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trix

debian

CVE-2026-2441HIGHCVSS 8.8KEVfixed in chromium 145.0.7632.75-1~deb12u1 (bookworm)2026

CVE-2026-2441 [HIGH] CVE-2026-2441: chromium - Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote a... Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.75-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.75-1) sid: resolved (fixed in 145.0.7632.75-1) trixie: reso

debian

CVE-2026-3542HIGHCVSS 8.8fixed in chromium 145.0.7632.159-1~deb12u1 (bookworm)2026

CVE-2026-3542 [HIGH] CVE-2026-3542: chromium - Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632... Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.159-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.159-1) sid: resolved (fixed in 145.0.76

debian

CVE-2026-3540HIGHCVSS 8.8fixed in chromium 145.0.7632.159-1~deb12u1 (bookworm)2026

CVE-2026-3540 [HIGH] CVE-2026-3540: chromium - Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.15... Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.159-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.159-1) sid: resolved (fixed in 145.0.7632.

debian

CVE-2026-4457HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4457 [HIGH] CVE-2026-4457: chromium - Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) trixie: resol

debian

CVE-2026-0900HIGHCVSS 8.8fixed in chromium 144.0.7559.59-1~deb12u1 (bookworm)2026

CVE-2026-0900 [HIGH] CVE-2026-0900: chromium - Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allow... Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 144.0.7559.59-1~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7559.59-1) sid: resolved (fixed in 144.0.7559.59-1) t

debian

CVE-2026-3537HIGHCVSS 8.8fixed in chromium 145.0.7632.159-1~deb12u1 (bookworm)2026

CVE-2026-3537 [HIGH] CVE-2026-3537: chromium - Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.763... Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 145.0.7632.159-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.159-1) sid: resolved (fixed in 145

debian

CVE-2026-5282HIGHCVSS 8.1fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5282 [HIGH] CVE-2026-5282: chromium - Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed... Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) t

debian

CVE-2026-3544HIGHCVSS 8.8fixed in chromium 145.0.7632.159-1~deb12u1 (bookworm)2026

CVE-2026-3544 [HIGH] CVE-2026-3544: chromium - Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allow... Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.159-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.159-1) sid: resolved (fixed in 145.0.7632.159-1

debian

CVE-2026-4440HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4440 [HIGH] CVE-2026-4440: chromium - Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 a... Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1)

debian

CVE-2026-1861HIGHCVSS 8.8fixed in chromium 144.0.7559.109-2~deb12u1 (bookworm)2026

CVE-2026-1861 [HIGH] CVE-2026-1861: chromium - Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed ... Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 144.0.7559.109-2~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7559.109-2) sid: resolved (fixed in 144.0.7559.109-2) tri

debian

CVE-2026-2319HIGHCVSS 7.5fixed in chromium 145.0.7632.75-1~deb12u1 (bookworm)2026

CVE-2026-2319 [HIGH] CVE-2026-2319: chromium - Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attack... Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 145.0.7632.75-1~deb12u1) bullseye: open forky: resolved

debian

CVE-2026-5865HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5865 [HIGH] CVE-2026-5865: chromium - Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-4444HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4444 [HIGH] CVE-2026-4444: chromium - Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed... Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) t

debian

CVE-2026-4460HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4460 [HIGH] CVE-2026-4460: chromium - Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a re... Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) trixie

debian

CVE-2026-4455HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4455 [HIGH] CVE-2026-4455: chromium - Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed ... Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) trix

debian

CVE-2026-5912HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5912 [HIGH] CVE-2026-5912: chromium - Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a rem... Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

← Previous6 / 109Next →