Debian Chromium vulnerabilities

CVE-2022-3044 [MEDIUM] CVE-2022-3044: chromium - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5... Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: re

CVE-2022-1307 [MEDIUM] CVE-2022-1307: chromium - Inappropriate implementation in full screen in Google Chrome on Android prior to... Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.88-1) bullseye: resolved (fixed in 100.0.4896.88-1~deb11u1) forky: resolved (fixed in 100.0.4896.88-1) sid: resolved (fix

CVE-2022-1132 [MEDIUM] CVE-2022-1132: chromium - Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS p... Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4896.60-1) sid: resolved (

CVE-2022-4184 [MEDIUM] CVE-2022-4184: chromium - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359... Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.5359.71-1) sid: re

CVE-2022-3057 [MEDIUM] CVE-2022-3057: chromium - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5... Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: resolved (fixed in 105.0.5195.52-1) trixie

CVE-2022-4908 [MEDIUM] CVE-2022-4908: chromium - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5... Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 107.0.5304.68-1) bullseye: resolved (fixed in 107.0.5304.68-1~deb11u1) forky: resolved (fixed in 107.0.5304.68-1) sid: resol

CVE-2022-1488 [MEDIUM] CVE-2022-1488: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4... Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.495

CVE-2022-4186 [MEDIUM] CVE-2022-4186: chromium - Insufficient validation of untrusted input in Downloads in Google Chrome prior t... Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-

CVE-2022-3311 [MEDIUM] CVE-2022-3311: chromium - Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remot... Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in

CVE-2022-1868 [MEDIUM] CVE-2022-1868: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5... Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.50

CVE-2022-3048 [MEDIUM] CVE-2022-3048: chromium - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome ... Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1)

CVE-2022-4915 [MEDIUM] CVE-2022-4915: chromium - Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5... Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 103.0.5060.134-1) bullseye: resolved (fixed in 103.0.5060.134-1~deb11u1) forky: resolved (fixed in 103.0.5060.134-1) sid:

CVE-2022-0807 [MEDIUM] CVE-2022-0807: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 ... Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fixed in 99.0.4844.51-1) trixie: r

CVE-2022-3309 [MEDIUM] CVE-2022-3309: chromium - Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 ... Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1

CVE-2022-0461 [MEDIUM] CVE-2022-0461: chromium - Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote at... Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1) sid: resolved (fixed in 98.0.4758.80-1) trixie: resolved (fixed in 98.0.4758.

CVE-2022-1495 [MEDIUM] CVE-2022-1495: chromium - Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.49... Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-1)

CVE-2022-1872 [MEDIUM] CVE-2022-1872: chromium - Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.... Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.6

CVE-2022-4185 [MEDIUM] CVE-2022-4185: chromium - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.... Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.

CVE-2022-1637 [MEDIUM] CVE-2022-1637: chromium - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.495... Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.64-1) bullseye: resolved (fixed in 101.0.4951.64-1~deb11u1) forky: resolved (fixed in 101.0.4951.64-1) sid: resolved (fixed in 101.0.4951.64-1) trixie:

CVE-2022-3314 [MEDIUM] CVE-2022-3314: chromium - Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remo... Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed i