Debian Chromium vulnerabilities

CVE-2021-37998 [HIGH] CVE-2021-37998: chromium - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allo... Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1)

CVE-2021-30530 [HIGH] CVE-2021-30530: chromium - Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 a... Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resol

CVE-2021-21120 [HIGH] CVE-2021-21120: chromium - Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote... Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) trixie: resolved (fi

CVE-2021-21162 [HIGH] CVE-2021-21162: chromium - Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote... Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: resolved (fixed in 8

CVE-2021-21166 [HIGH] CVE-2021-21166: chromium - Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attac... Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: resolved (fixed in 89.0.43

CVE-2021-4062 [HIGH] CVE-2021-4062: chromium - Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a... Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: res

CVE-2021-30626 [HIGH] CVE-2021-30626: chromium - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allo... Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved

CVE-2021-38014 [HIGH] CVE-2021-38014: chromium - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowe... Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) tr

CVE-2021-30559 [HIGH] CVE-2021-30559: chromium - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a r... Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed

CVE-2021-30554 [HIGH] CVE-2021-30554: chromium - Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote... Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 9

CVE-2021-30548 [HIGH] CVE-2021-30548: chromium - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remot... Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in

CVE-2021-21206 [HIGH] CVE-2021-21206: chromium - Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote... Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1) trixie: resolved (fixed in 9

CVE-2021-30599 [HIGH] CVE-2021-30599: chromium - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote at... Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in

CVE-2021-37991 [HIGH] CVE-2021-37991: chromium - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to p... Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: resolved (fixed in

CVE-2021-21149 [HIGH] CVE-2021-21149: chromium - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4... Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.182-1) bullseye: resolved (fixed in 88.0.4324.182-1) forky: resolved (fixed in 88.0.4324.182-1) sid: resolved (fixed in 88.0.4324.182-1)

CVE-2021-30607 [HIGH] CVE-2021-30607: chromium - Chromium: CVE-2021-30607 Use after free in Permissions Chromium: CVE-2021-30607 Use after free in Permissions Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-4056 [HIGH] CVE-2021-4056: chromium - Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote... Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: resolv

CVE-2021-21113 [HIGH] CVE-2021-21113: chromium - Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a r... Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.141-0.1) bullseye: resolved (fixed in 87.0.4280.141-0.1) forky: resolved (fixed in 87.0.4280.141-0.1) sid: resolved (fixed in 87.0.4280.141-0.1) trixie: res

CVE-2021-37961 [HIGH] CVE-2021-37961: chromium - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a rem... Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: r

CVE-2021-21125 [HIGH] CVE-2021-21125: chromium - Insufficient policy enforcement in File System API in Google Chrome on Windows p... Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4