Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 64 of 109

CVE-2022-0803MEDIUMCVSS 6.5fixed in chromium 99.0.4844.51-1 (bookworm)2022

CVE-2022-0803 [MEDIUM] CVE-2022-0803: chromium - Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.... Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed in 99.0.4844.51-1) sid: resolved (fixed in 99.

debian

CVE-2022-1494MEDIUMCVSS 6.1fixed in chromium 101.0.4951.41-1 (bookworm)2022

CVE-2022-1494 [MEDIUM] CVE-2022-1494: chromium - Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.49... Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 101.0.4951.41-1) bullseye: resolved (fixed in 101.0.4951.41-1~deb11u1) forky: resolved (fixed in 101.0.4951.41-1) sid: resolved (fixed in 101.0.4951.41-1) tr

debian

CVE-2022-3317MEDIUMCVSS 4.3fixed in chromium 106.0.5249.61-1 (bookworm)2022

CVE-2022-3317 [MEDIUM] CVE-2022-3317: chromium - Insufficient validation of untrusted input in Intents in Google Chrome on Androi... Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 106.0.5249.61-1) bullseye: resolved (fixed in 106.0.5249.61-1~deb11u1) forky: resolved (fixed in 106.

debian

CVE-2022-1867MEDIUMCVSS 6.5fixed in chromium 102.0.5005.61-1 (bookworm)2022

CVE-2022-1867 [MEDIUM] CVE-2022-1867: chromium - Insufficient validation of untrusted input in Data Transfer in Google Chrome pri... Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1) sid: resolved (fixed in

debian

CVE-2022-1862MEDIUMCVSS 6.5fixed in chromium 102.0.5005.61-1 (bookworm)2022

CVE-2022-1862 [MEDIUM] CVE-2022-1862: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.... Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 102.0.5005.61-1) bullseye: resolved (fixed in 102.0.5005.61-1~deb11u1) forky: resolved (fixed in 102.0.5005.61-1

debian

CVE-2022-4926MEDIUMCVSS 6.5fixed in chromium 109.0.5414.119-1 (bookworm)2022

CVE-2022-4926 [MEDIUM] CVE-2022-4926: chromium - Insufficient policy enforcement in Intents in Google Chrome on Android prior to ... Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.119-1) bullseye: resolved (fixed in 109.0.5414.119-1~deb11u1) forky: resolved (fixed in 109.0.5414.119

debian

CVE-2022-2587LOWCVSS 9.82022

CVE-2022-2587 [CRITICAL] CVE-2022-2587: chromium - Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prio... Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2022-0337LOWCVSS 6.52022

CVE-2022-0337 [MEDIUM] CVE-2022-0337: chromium - Inappropriate implementation in File System API in Google Chrome on Windows prio... Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2022-4923LOWCVSS 3.1fixed in chromium 99.0.4844.51-1 (bookworm)2022

CVE-2022-4923 [LOW] CVE-2022-4923: chromium - Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 a... Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 99.0.4844.51-1) bullseye: resolved (fixed in 99.0.4844.51-1~deb11u1) forky: resolved (fixed i

debian

CVE-2021-37981CRITICALCVSS 9.6fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-37981 [CRITICAL] CVE-2021-37981: chromium - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a re... Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid:

debian

CVE-2021-21110CRITICALCVSS 9.6fixed in chromium 87.0.4280.141-0.1 (bookworm)2021

CVE-2021-21110 [CRITICAL] CVE-2021-21110: chromium - Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed ... Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 87.0.4280.141-0.1) sid: resolved (fixed in 87.0.4280.141-0.1) tri

debian

CVE-2021-21121CRITICALCVSS 9.6fixed in chromium 88.0.4324.96-0.1 (bookworm)2021

CVE-2021-21121 [CRITICAL] CVE-2021-21121: chromium - Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowe... Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) trixi

debian

CVE-2021-21146CRITICALCVSS 9.6fixed in chromium 88.0.4324.146-1 (bookworm)2021

CVE-2021-21146 [CRITICAL] CVE-2021-21146: chromium - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a r... Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.146-1) bullseye: resolved (fixed in 88.0.4324.146-1) forky: resolved (fixed in 88.0.4324.146-1) sid: resolved

debian

CVE-2021-38002CRITICALCVSS 9.6fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-38002 [CRITICAL] CVE-2021-38002: chromium - Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a... Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1)

debian

CVE-2021-21154CRITICALCVSS 9.6fixed in chromium 88.0.4324.182-1 (bookworm)2021

CVE-2021-21154 [CRITICAL] CVE-2021-21154: chromium - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowe... Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.182-1) bullseye: resolved (fixed in 88.0.4324.182-1) forky: resolved (fixed in 88.0.4324.182-1) sid: reso

debian

CVE-2021-21155CRITICALCVSS 9.6fixed in chromium 88.0.4324.182-1 (bookworm)2021

CVE-2021-21155 [CRITICAL] CVE-2021-21155: chromium - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324... Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.182-1) bullseye: resolved (fixed in 88.0.4324.182-1) forky: resolved (fixed in 88.0.4324.182-1

debian

CVE-2021-21108CRITICALCVSS 9.6fixed in chromium 87.0.4280.141-0.1 (bookworm)2021

CVE-2021-21108 [CRITICAL] CVE-2021-21108: chromium - Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote... Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 87.0.4280.141-0.1) sid: resolved

debian

CVE-2021-21150CRITICALCVSS 9.6fixed in chromium 88.0.4324.182-1 (bookworm)2021

CVE-2021-21150 [CRITICAL] CVE-2021-21150: chromium - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 a... Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.182-1) bullseye: resolved (fixed in 88.0.4324.182-1) forky: resolved (fixed in 88.0.4324.182-1) sid:

debian

CVE-2021-21107CRITICALCVSS 9.6fixed in chromium 87.0.4280.141-0.1 (bookworm)2021

CVE-2021-21107 [CRITICAL] CVE-2021-21107: chromium - Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141... Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 87.0.4280.141-0

debian

CVE-2021-21132CRITICALCVSS 9.6fixed in chromium 88.0.4324.96-0.1 (bookworm)2021

CVE-2021-21132 [CRITICAL] CVE-2021-21132: chromium - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 ... Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.

debian

← Previous64 / 109Next →