Debian Chromium vulnerabilities

CVE-2021-4102 [HIGH] CVE-2021-4102: chromium - Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote at... Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: resolved

CVE-2021-30632 [HIGH] CVE-2021-30632: chromium - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remot... Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in

CVE-2021-30608 [HIGH] CVE-2021-30608: chromium - Chromium: CVE-2021-30608 Use after free in Web Share Chromium: CVE-2021-30608 Use after free in Web Share Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-30609 [HIGH] CVE-2021-30609: chromium - Chromium: CVE-2021-30609 Use after free in Sign-In Chromium: CVE-2021-30609 Use after free in Sign-In Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-30558 [HIGH] CVE-2021-30558: chromium - Insufficient policy enforcement in content security policy in Google Chrome prio... Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium) Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 93.0.4577.

CVE-2021-21214 [HIGH] CVE-2021-21214: chromium - Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a r... Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1) trixie: resolved

CVE-2021-30613 [HIGH] CVE-2021-30613: chromium - Chromium: CVE-2021-30613 Use after free in Base internals Chromium: CVE-2021-30613 Use after free in Base internals Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-21148 [HIGH] CVE-2021-21148: chromium - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a rem... Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.150-1) bullseye: resolved (fixed in 88.0.4324.150-1) forky: resolved (fixed in 88.0.4324.150-1) sid: resolved (fixed in 88.0.4324.150-1) trixie: resolved (fix

CVE-2021-30520 [HIGH] CVE-2021-30520: chromium - Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an a... Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.212-1) bullseye: resolved (fixed in 90.0.4430.212-1) forky: resolved (fixed in 90.0.4430.212-1) sid: resolved

CVE-2021-30567 [HIGH] CVE-2021-30567: chromium - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an at... Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.45

CVE-2021-30576 [HIGH] CVE-2021-30576: chromium - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an at... Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fi

CVE-2021-30521 [HIGH] CVE-2021-30521: chromium - Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.... Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: r

CVE-2021-30590 [HIGH] CVE-2021-30590: chromium - Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowe... Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (

CVE-2021-30588 [HIGH] CVE-2021-30588: chromium - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote at... Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0

CVE-2021-21172 [HIGH] CVE-2021-21172: chromium - Insufficient policy enforcement in File System API in Google Chrome on Windows p... Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82

CVE-2021-21179 [HIGH] CVE-2021-21179: chromium - Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389... Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie:

CVE-2021-38003 [HIGH] CVE-2021-38003: chromium - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowe... Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) tr

CVE-2021-30556 [HIGH] CVE-2021-30556: chromium - Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a rem... Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed i

CVE-2021-37956 [HIGH] CVE-2021-37956: chromium - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 ... Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.

CVE-2021-21233 [HIGH] CVE-2021-21233: chromium - Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 ... Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.93-1) bullseye: resolved (fixed in 90.0.4430.93-1) forky: resolved (fixed in 90.0.4430.93-1) sid: resolved (fixed in 90.0.4430.93-1) trixie: reso