Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 60 of 109

CVE-2022-2160MEDIUMCVSS 6.5fixed in chromium 103.0.5060.53-1 (bookworm)2022

CVE-2022-2160 [MEDIUM] CVE-2022-2160: chromium - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to... Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. Scope: local bookworm: resolved (fixed in 103.0.5060.53-1) bullseye: resolved (fixed in 103.0.5060.53-1

debian

CVE-2022-1501MEDIUMCVSS 6.5fixed in chromium 101.0.4951.41-1 (bookworm)2022

CVE-2022-1501 [MEDIUM] CVE-2022-1501: chromium - Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 a... Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-1) trixie: resolv

debian

CVE-2022-4922MEDIUMCVSS 6.5fixed in chromium 99.0.4844.51-1 (bookworm)2022

CVE-2022-4922 [MEDIUM] CVE-2022-4922: chromium - Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 all... Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fixed in 99

debian

CVE-2022-2610MEDIUMCVSS 6.5fixed in chromium 104.0.5112.79-1 (bookworm)2022

CVE-2022-2610 [MEDIUM] CVE-2022-2610: chromium - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 10... Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.79-1) sid: resolved (fixed in 104.0.5112.79-1) t

debian

CVE-2022-0111MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2022

CVE-2022-0111 [MEDIUM] CVE-2022-0111: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.7... Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie:

debian

CVE-2022-2479MEDIUMCVSS 4.3fixed in chromium 103.0.5060.134-1 (bookworm)2022

CVE-2022-2479 [MEDIUM] CVE-2022-2479: chromium - Insufficient validation of untrusted input in File in Google Chrome on Android p... Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. Scope: local bookworm: resolved (fixed in 103.0.5060.134-1) bullseye: resolved (fixed in 103.0.5

debian

CVE-2022-2611MEDIUMCVSS 4.3fixed in chromium 104.0.5112.79-1 (bookworm)2022

CVE-2022-2611 [MEDIUM] CVE-2022-2611: chromium - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior... Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.79-1) sid: resolved (

debian

CVE-2022-4183MEDIUMCVSS 4.3fixed in chromium 108.0.5359.71-1 (bookworm)2022

CVE-2022-4183 [MEDIUM] CVE-2022-4183: chromium - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0... Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.5359.71-1)

debian

CVE-2022-1129MEDIUMCVSS 6.5fixed in chromium 100.0.4896.60-1 (bookworm)2022

CVE-2022-1129 [MEDIUM] CVE-2022-1129: chromium - Inappropriate implementation in Full Screen Mode in Google Chrome on Android pri... Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4896.60-1) sid: resolved

debian

CVE-2022-3318MEDIUMCVSS 4.3fixed in chromium 106.0.5249.61-1 (bookworm)2022

CVE-2022-3318 [MEDIUM] CVE-2022-3318: chromium - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 1... Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) f

debian

CVE-2022-1492MEDIUMCVSS 6.1fixed in chromium 101.0.4951.41-1 (bookworm)2022

CVE-2022-1492 [MEDIUM] CVE-2022-1492: chromium - Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.49... Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-

debian

CVE-2022-1146MEDIUMCVSS 6.5fixed in chromium 100.0.4896.60-1 (bookworm)2022

CVE-2022-1146 [MEDIUM] CVE-2022-1146: chromium - Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.... Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4896.60-1) sid: resolved (fixed in 100.0.4896.60-1) trixi

debian

CVE-2022-0802MEDIUMCVSS 6.5fixed in chromium 99.0.4844.51-1 (bookworm)2022

CVE-2022-0802 [MEDIUM] CVE-2022-0802: chromium - Inappropriate implementation in Full screen mode in Google Chrome on Android pri... Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fix

debian

CVE-2022-4925MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2022

CVE-2022-4925 [MEDIUM] CVE-2022-4925: chromium - Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.... Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1)

debian

CVE-2022-0455MEDIUMCVSS 6.5fixed in chromium 98.0.4758.80-1 (bookworm)2022

CVE-2022-0455 [MEDIUM] CVE-2022-0455: chromium - Inappropriate implementation in Full Screen Mode in Google Chrome on Android pri... Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1) sid: resolved (fi

debian

CVE-2022-1306MEDIUMCVSS 4.3fixed in chromium 100.0.4896.88-1 (bookworm)2022

CVE-2022-1306 [MEDIUM] CVE-2022-1306: chromium - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896... Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.88-1) bullseye: resolved (fixed in 100.0.4896.88-1~deb11u1) forky: resolved (fixed in 100.0.4896.88-1) sid: resolved (fixed in 100.0

debian

CVE-2022-1482MEDIUMCVSS 6.5fixed in chromium 101.0.4951.41-1 (bookworm)2022

CVE-2022-1482 [MEDIUM] CVE-2022-1482: chromium - Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 al... Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-1) tr

debian

CVE-2022-0120MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2022

CVE-2022-0120 [MEDIUM] CVE-2022-0120: chromium - Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71... Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0

debian

CVE-2022-0804MEDIUMCVSS 6.5fixed in chromium 99.0.4844.51-1 (bookworm)2022

CVE-2022-0804 [MEDIUM] CVE-2022-0804: chromium - Inappropriate implementation in Full screen mode in Google Chrome on Android pri... Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fix

debian

CVE-2022-3056MEDIUMCVSS 6.5fixed in chromium 105.0.5195.52-1 (bookworm)2022

CVE-2022-3056 [MEDIUM] CVE-2022-3056: chromium - Insufficient policy enforcement in Content Security Policy in Google Chrome prio... Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: resolved (fixed in 105

debian

← Previous60 / 109Next →