Debian Chromium vulnerabilities

CVE-2021-4052 [HIGH] CVE-2021-4052: chromium - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an att... Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1)

CVE-2021-4320 [HIGH] CVE-2021-4320: chromium - Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote... Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.

CVE-2021-38016 [HIGH] CVE-2021-38016: chromium - Insufficient policy enforcement in background fetch in Google Chrome prior to 96... Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-

CVE-2021-30507 [HIGH] CVE-2021-30507: chromium - Inappropriate implementation in Offline in Google Chrome on Android prior to 90.... Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.212-1) bullseye: resolved (fixed in 90.0.4430.212-1) forky: resolved (fixed in 90.0.4430.212-1) sid: resolv

CVE-2021-30546 [HIGH] CVE-2021-30546: chromium - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a rem... Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed i

CVE-2021-30575 [HIGH] CVE-2021-30575: chromium - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed ... Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixe

CVE-2021-30552 [HIGH] CVE-2021-30552: chromium - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an ... Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (

CVE-2021-37983 [HIGH] CVE-2021-37983: chromium - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a rem... Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: r

CVE-2021-30506 [HIGH] CVE-2021-30506: chromium - Incorrect security UI in Web App Installs in Google Chrome on Android prior to 9... Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.212-1) bullseye: resolved (fixed in 90.0.4430.212-1) forky: resolved (fixed in

CVE-2021-4055 [HIGH] CVE-2021-4055: chromium - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowe... Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692

CVE-2021-30616 [HIGH] CVE-2021-30616: chromium - Chromium: CVE-2021-30616 Use after free in Media Chromium: CVE-2021-30616 Use after free in Media Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-21118 [HIGH] CVE-2021-21118: chromium - Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowe... Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1

CVE-2021-37962 [HIGH] CVE-2021-37962: chromium - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 all... Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1)

CVE-2021-21192 [HIGH] CVE-2021-21192: chromium - Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowe... Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.90-1) bullseye: resolved (fixed in 89.0.4389.90-1) forky: resolved (fixed in 89.0.4389.90-1) sid: resolved (fixed in 89.0.4389.90-1) trixie: resolved (

CVE-2021-21116 [HIGH] CVE-2021-21116: chromium - Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a ... Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 87.0.4280.141-0.1) sid: resolved (fixed in 87.0.4280.141-0.1) trixie: re

CVE-2021-30618 [HIGH] CVE-2021-30618: chromium - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools Chromium: CVE-2021-30618 Inappropriate implementation in DevTools Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-38006 [HIGH] CVE-2021-38006: chromium - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allo... Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1)

CVE-2021-21197 [HIGH] CVE-2021-21197: chromium - Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed... Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.114-1) bullseye: resolved (fixed in 89.0.4389.114-1) forky: resolved (fixed in 89.0.4389.114-1) sid: resolved (fixed in 89.0.4389.114-1) trixie: resolve

CVE-2021-21117 [HIGH] CVE-2021-21117: chromium - Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.432... Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) tri

CVE-2021-30625 [HIGH] CVE-2021-30625: chromium - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a... Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: res