Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs
2,176
CISA KEV
65
actively exploited
Public exploits
14
Exploited in wild
56
Severity breakdown
CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 65 of 109
CVE-2021-21115CRITICALCVSS 9.6fixed in chromium 87.0.4280.141-0.1 (bookworm)2021
CVE-2021-21115 [CRITICAL] CVE-2021-21115: chromium - User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed... User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 87.0.4280.141-0.1) sid:
debian
CVE-2021-21151CRITICALCVSS 9.6fixed in chromium 88.0.4324.182-1 (bookworm)2021
CVE-2021-21151 [CRITICAL] CVE-2021-21151: chromium - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a rem... Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.182-1) bullseye: resolved (fixed in 88.0.4324.182-1) forky: resolved (fixed in 88.0.4324.182-1) sid: resolved (fixed in 88.0.4324.182-1) trixie: resolved
debian
CVE-2021-21226CRITICALCVSS 9.6fixed in chromium 90.0.4430.85-1 (bookworm)2021
CVE-2021-21226 [CRITICAL] CVE-2021-21226: chromium - Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a re... Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.85-1) bullseye: resolved (fixed in 90.0.4430.85-1) forky: resolved (fixed in 90.0.4430.85-1) sid: resolved (fix
debian
CVE-2021-21201CRITICALCVSS 9.6fixed in chromium 90.0.4430.72-1 (bookworm)2021
CVE-2021-21201 [CRITICAL] CVE-2021-21201: chromium - Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a r... Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fi
debian
CVE-2021-30571CRITICALCVSS 9.6fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30571 [CRITICAL] CVE-2021-30571: chromium - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.... Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.8
debian
CVE-2021-21111CRITICALCVSS 9.6fixed in chromium 87.0.4280.141-0.1 (bookworm)2021
CVE-2021-21111 [CRITICAL] CVE-2021-21111: chromium - Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141... Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 8
debian
CVE-2021-21223CRITICALCVSS 9.6fixed in chromium 90.0.4430.85-1 (bookworm)2021
CVE-2021-21223 [CRITICAL] CVE-2021-21223: chromium - Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote... Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.85-1) bullseye: resolved (fixed in 90.0.4430.85-1) forky: resolved (fixed in 90.0.4430.85-1) sid: resolved (fixed i
debian
CVE-2021-37973CRITICALCVSS 9.6KEVfixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-37973 [CRITICAL] CVE-2021-37973: chromium - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remot... Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: re
debian
CVE-2021-21124CRITICALCVSS 9.6fixed in chromium 88.0.4324.96-0.1 (bookworm)2021
CVE-2021-21124 [CRITICAL] CVE-2021-21124: chromium - Potential user after free in Speech Recognizer in Google Chrome on Android prior... Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in
debian
CVE-2021-21109CRITICALCVSS 9.6fixed in chromium 87.0.4280.141-0.1 (bookworm)2021
CVE-2021-21109 [CRITICAL] CVE-2021-21109: chromium - Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a rem... Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 87.0.4280.141-0.1) sid: resol
debian
CVE-2021-21106CRITICALCVSS 9.6fixed in chromium 87.0.4280.141-0.1 (bookworm)2021
CVE-2021-21106 [CRITICAL] CVE-2021-21106: chromium - Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a rem... Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 87.0.4280.141-0.1) sid: resol
debian
CVE-2021-30633CRITICALCVSS 9.6KEVfixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30633 [CRITICAL] CVE-2021-30633: chromium - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed ... Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved
debian
CVE-2021-38013CRITICALCVSS 9.6fixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-38013 [CRITICAL] CVE-2021-38013: chromium - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS pri... Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolv
debian
CVE-2021-21142CRITICALCVSS 9.6fixed in chromium 88.0.4324.146-1 (bookworm)2021
CVE-2021-21142 [CRITICAL] CVE-2021-21142: chromium - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowe... Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.146-1) bullseye: resolved (fixed in 88.0.4324.146-1) forky: resolved (fixed in 88.0.4324.146-1) sid: resolved (fixed in 88.0.4324.146-1) trixie: r
debian
CVE-2021-21207HIGHCVSS 8.6fixed in chromium 90.0.4430.72-1 (bookworm)2021
CVE-2021-21207 [HIGH] CVE-2021-21207: chromium - Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an at... Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: reso
debian
CVE-2021-30629HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30629 [HIGH] CVE-2021-30629: chromium - Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a r... Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed i
debian
CVE-2021-30553HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30553 [HIGH] CVE-2021-30553: chromium - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowe... Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (
debian
CVE-2021-21128HIGHCVSS 8.8fixed in chromium 88.0.4324.96-0.1 (bookworm)2021
CVE-2021-21128 [HIGH] CVE-2021-21128: chromium - Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a r... Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) trixie: resolve
debian
CVE-2021-21114HIGHCVSS 8.8fixed in chromium 87.0.4280.141-0.1 (bookworm)2021
CVE-2021-21114 [HIGH] CVE-2021-21114: chromium - Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote... Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 87.0.4280.141-0.1) sid: resolved (fixed in 87.0.4280.141-0.1) trixie: resolved
debian
CVE-2021-21161HIGHCVSS 8.8fixed in chromium 89.0.4389.82-1 (bookworm)2021
CVE-2021-21161 [HIGH] CVE-2021-21161: chromium - Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed ... Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: resolved (fi
debian
← Previous65 / 109Next →