Debian Chromium vulnerabilities

CVE-2022-4917 [MEDIUM] CVE-2022-4917: chromium - Incorrect security UI in Notifications in Google Chrome on Android prior to 103.... Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 103.0.5060.53-1) bullseye: resolved (fixed in 103.0.5060.53-1~deb11u1) forky: resolved (fixed in 103.0.5060.53

CVE-2022-2622 [MEDIUM] CVE-2022-2622: chromium - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on ... Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. Scope: local bookworm: resolved (fixed in 104.0.5112.79-1) bullseye: resolved (fixed in 104.0.5112.79-1~deb11u1) forky: resolved (fixed in 104.0.5112.79-1) sid: resolved (fixed i

CVE-2022-1139 [MEDIUM] CVE-2022-1139: chromium - Inappropriate implementation in Background Fetch API in Google Chrome prior to 1... Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4896.60-1) sid: resolved (fixed in 100.0.4896.60-1)

CVE-2022-3444 [MEDIUM] CVE-2022-3444: chromium - Insufficient data validation in File System API in Google Chrome prior to 106.0.... Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 1

CVE-2022-0305 [MEDIUM] CVE-2022-0305: chromium - Inappropriate implementation in Service Worker API in Google Chrome prior to 97.... Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1) sid: re

CVE-2022-4913 [MEDIUM] CVE-2022-4913: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.... Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (

CVE-2022-0806 [MEDIUM] CVE-2022-0806: chromium - Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote atta... Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fi

CVE-2022-3312 [MEDIUM] CVE-2022-3312: chromium - Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS p... Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (

CVE-2022-3047 [MEDIUM] CVE-2022-3047: chromium - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.... Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 105.0.5195.52-1) bullseye: resolved (fixed in 105.0.5195.52-1~deb11u1) forky: resolved (fixed in 105.0.5195.5

CVE-2022-3660 [MEDIUM] CVE-2022-3660: chromium - Inappropriate implementation in Full screen mode in Google Chrome on Android pri... Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 107.0.5304.68-1) bullseye: resolved (fixed in 107.0.5304.68-1~deb11u1) forky: resolved (fix

CVE-2022-0309 [MEDIUM] CVE-2022-0309: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 ... Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.99-1) bullseye: resolved (fixed in 97.0.4692.99-1~deb11u2) forky: resolved (fixed in 97.0.4692.99-1) sid: resolved (fixed in 97.0.4692.99-1) trixie: r

CVE-2022-3201 [MEDIUM] CVE-2022-3201: chromium - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrom... Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 10

CVE-2022-1875 [MEDIUM] CVE-2022-1875: chromium - Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allo... Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1) sid: resolved (fixed in 102.0.5005.61-1) trixie: resolved

CVE-2022-0110 [MEDIUM] CVE-2022-0110: chromium - Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed... Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-

CVE-2022-3863 [MEDIUM] CVE-2022-3863: chromium - Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowe... Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) Scope: local bookworm: resolved (fixed in 100.0.4896.75-1) bullseye: resolved (fixed in 100.0.4896.75-1~deb11u1) forky: resolved (fixed in 100.0.4896.75-1) sid: resolved

CVE-2022-0462 [MEDIUM] CVE-2022-0462: chromium - Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 al... Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 98.0.4758.80-1) bullseye: resolved (fixed in 98.0.4758.80-1~deb11u1) forky: resolved (fixed in 98.0.4758.80-1) sid: resolved (fixed in 98.0.4758.80-1) trixie: resolved (f

CVE-2022-4189 [MEDIUM] CVE-2022-4189: chromium - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359... Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~de

CVE-2022-0112 [MEDIUM] CVE-2022-0112: chromium - Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allow... Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie

CVE-2022-1128 [MEDIUM] CVE-2022-1128: chromium - Inappropriate implementation in Web Share API in Google Chrome on Windows prior ... Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 100.0.4896.60-1) bullseye: resolved (fixed in 100.0.4896.60-1~deb11u1) forky: resolved (fixed in 100.0.4896.60-1) sid: resolved

CVE-2022-2856 [MEDIUM] CVE-2022-2856: chromium - Insufficient validation of untrusted input in Intents in Google Chrome on Androi... Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. Scope: local bookworm: resolved (fixed in 104.0.5112.101-1) bullseye: resolved (fixed in 104.0.5112.101-1~deb11u1) forky: resolved (fixed in 104.0.5112.101-1) sid: r