Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 7 of 109

CVE-2026-5287HIGHCVSS 8.8fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5287 [HIGH] CVE-2026-5287: chromium - Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote ... Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) trixie: r

debian

CVE-2026-4674HIGHCVSS 8.8fixed in chromium 146.0.7680.164-1~deb12u1 (bookworm)2026

CVE-2026-4674 [HIGH] CVE-2026-4674: chromium - Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a rem... Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.164-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.164-1) sid: resolved (fixed in 146.0.7680.164-1) trixie:

debian

CVE-2026-2649HIGHCVSS 8.8fixed in chromium 145.0.7632.109-1~deb12u3 (bookworm)2026

CVE-2026-2649 [HIGH] CVE-2026-2649: chromium - Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote... Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.109-1~deb12u3) bullseye: open forky: resolved (fixed in 145.0.7632.109-1) sid: resolved (fixed in 145.0.7632.109-1) trixie: res

debian

CVE-2026-3924HIGHCVSS 7.5fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3924 [HIGH] CVE-2026-3924: chromium - use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a... use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: r

debian

CVE-2026-4442HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4442 [HIGH] CVE-2026-4442: chromium - Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a r... Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) trixie

debian

CVE-2026-2648HIGHCVSS 8.8fixed in chromium 145.0.7632.109-1~deb12u3 (bookworm)2026

CVE-2026-2648 [HIGH] CVE-2026-2648: chromium - Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed ... Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.109-1~deb12u3) bullseye: open forky: resolved (fixed in 145.0.7632.109-1) sid: resolved (fixed in 145.0.7632.109-1) tr

debian

CVE-2026-0904MEDIUMCVSS 5.4fixed in chromium 144.0.7559.59-1~deb12u1 (bookworm)2026

CVE-2026-0904 [MEDIUM] CVE-2026-0904: chromium - Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.755... Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 144.0.7559.59-1~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7559.59-1) sid: resolved (fixed in 144.0.7559.59-1) t

debian

CVE-2026-5898MEDIUMCVSS 4.3fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5898 [MEDIUM] CVE-2026-5898: chromium - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 ... Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-4453MEDIUMCVSS 4.3fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4453 [MEDIUM] CVE-2026-4453: chromium - Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed... Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) trixie: resol

debian

CVE-2026-5885MEDIUMCVSS 6.5fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5885 [MEDIUM] CVE-2026-5885: chromium - Insufficient validation of untrusted input in WebML in Google Chrome on Windows ... Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-3942MEDIUMCVSS 4.3fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3942 [MEDIUM] CVE-2026-3942: chromium - Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.7... Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trixie: res

debian

CVE-2026-0901MEDIUMCVSS 5.4fixed in chromium 144.0.7559.59-1~deb12u1 (bookworm)2026

CVE-2026-0901 [MEDIUM] CVE-2026-0901: chromium - Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0... Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 144.0.7559.59-1~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7559.59-1) sid: resolved (fixed in 144.0.7559.59-1) tri

debian

CVE-2026-2317MEDIUMCVSS 6.5fixed in chromium 145.0.7632.75-1~deb12u1 (bookworm)2026

CVE-2026-2317 [MEDIUM] CVE-2026-2317: chromium - Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.4... Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 145.0.7632.75-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.45-1) sid: resolved (fixed in 145.0.7632.45-1) trixi

debian

CVE-2026-5878MEDIUMCVSS 4.3fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5878 [MEDIUM] CVE-2026-5878: chromium - Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a... Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-5875MEDIUMCVSS 4.3fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5875 [MEDIUM] CVE-2026-5875: chromium - Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote ... Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-2323MEDIUMCVSS 4.3fixed in chromium 145.0.7632.75-1~deb12u1 (bookworm)2026

CVE-2026-2323 [MEDIUM] CVE-2026-2323: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.4... Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 145.0.7632.75-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.45-1) sid: resolved (fixed in 145.0.7632.45-1) trixie: res

debian

CVE-2026-3927MEDIUMCVSS 4.3fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3927 [MEDIUM] CVE-2026-3927: chromium - Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.7... Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trixie:

debian

CVE-2026-5881MEDIUMCVSS 6.5fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5881 [MEDIUM] CVE-2026-5881: chromium - Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allo... Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-5291MEDIUMCVSS 6.5fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5291 [MEDIUM] CVE-2026-5291: chromium - Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 a... Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: reso

debian

CVE-2026-2320MEDIUMCVSS 6.5fixed in chromium 145.0.7632.75-1~deb12u1 (bookworm)2026

CVE-2026-2320 [MEDIUM] CVE-2026-2320: chromium - Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.... Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 145.0.7632.75-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632

debian

← Previous7 / 109Next →