Debian Chromium vulnerabilities

CVE-2022-0792 [MEDIUM] CVE-2022-0792: chromium - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a rem... Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fixed in 99.0.4844.51-1) trixie: resolved

CVE-2022-2618 [MEDIUM] CVE-2022-2618: chromium - Insufficient validation of untrusted input in Internals in Google Chrome prior t... Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.79-1) sid: resolved (fixed in 104.0.5112

CVE-2022-1500 [MEDIUM] CVE-2022-1500: chromium - Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.4... Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-1) tri

CVE-2022-0108 [MEDIUM] CVE-2022-0108: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.7... Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie:

CVE-2022-0113 [MEDIUM] CVE-2022-0113: chromium - Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 all... Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: reso

CVE-2022-0801 [MEDIUM] CVE-2022-0801: chromium - Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.... Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fixe

CVE-2022-1869 [MEDIUM] CVE-2022-1869: chromium - Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1) sid: resolved (fixed in 102.0.5005.61-1) trixie: resolved (f

CVE-2022-3054 [MEDIUM] CVE-2022-3054: chromium - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195... Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.52-1) sid: resolved (fixed in 105.0.5195.52

CVE-2022-2860 [MEDIUM] CVE-2022-2860: chromium - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.... Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.101-1) bullseye: resolved (fixed in 104.0.5112.101-1~deb11u1) forky: resolved (fixed in 104.0.5112.101-1) sid: resolved (fixed in 104.0.5112.1

CVE-2022-0117 [MEDIUM] CVE-2022-0117: chromium - Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote a... Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: resolved (fixed in

CVE-2022-2861 [MEDIUM] CVE-2022-2861: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5... Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.101-1) bullseye: resolved (fixed in 104.0.5112.101-1~deb11u1) forky: resolved (fixed in

CVE-2022-3447 [MEDIUM] CVE-2022-3447: chromium - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to... Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.119-1) bullseye: resolved (fixed in 106.0.5249.119-1~deb11u1) forky: resolved (fixed

CVE-2022-0291 [MEDIUM] CVE-2022-0291: chromium - Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 a... Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1) sid: resolved (fix

CVE-2022-2619 [MEDIUM] CVE-2022-2619: chromium - Insufficient validation of untrusted input in Settings in Google Chrome prior to... Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: reso

CVE-2022-0294 [MEDIUM] CVE-2022-0294: chromium - Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.46... Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1) sid: resolv

CVE-2022-2165 [MEDIUM] CVE-2022-2165: chromium - Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5... Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 103.0.5060.53-1) bullseye: resolved (fixed in 103.0.5060.53-1~deb11u1) forky: resolved (fixed in 103.0.5060.53-1) sid: resolved (fixed in 1

CVE-2022-4195 [MEDIUM] CVE-2022-4195: chromium - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0... Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.5359.71-1) sid:

CVE-2022-2605 [MEDIUM] CVE-2022-2605: chromium - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a rem... Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.79-1) sid: resolved (fixed in 104.0.5112.79-1) trixie: resol

CVE-2022-1137 [MEDIUM] CVE-2022-1137: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.... Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.

CVE-2022-0292 [MEDIUM] CVE-2022-0292: chromium - Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.469... Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1) sid