Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 73 of 109

CVE-2021-30514HIGHCVSS 8.8fixed in chromium 90.0.4430.212-1 (bookworm)2021

CVE-2021-30514 [HIGH] CVE-2021-30514: chromium - Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a rem... Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.212-1) bullseye: resolved (fixed in 90.0.4430.212-1) forky: resolved (fixed in 90.0.4430.212-1) sid: resolved (fixed

debian

CVE-2021-37997HIGHCVSS 8.8fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-37997 [HIGH] CVE-2021-37997: chromium - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remot... Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolve

debian

CVE-2021-30523HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30523 [HIGH] CVE-2021-30523: chromium - Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote... Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in

debian

CVE-2021-21119HIGHCVSS 8.8fixed in chromium 88.0.4324.96-0.1 (bookworm)2021

CVE-2021-21119 [HIGH] CVE-2021-21119: chromium - Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote ... Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed i

debian

CVE-2021-21205HIGHCVSS 8.1fixed in chromium 90.0.4430.72-1 (bookworm)2021

CVE-2021-21205 [HIGH] CVE-2021-21205: chromium - Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 9... Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1) trixi

debian

CVE-2021-30606HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30606 [HIGH] CVE-2021-30606: chromium - Chromium: CVE-2021-30606 Use after free in Blink Chromium: CVE-2021-30606 Use after free in Blink Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

debian

CVE-2021-38015HIGHCVSS 8.8fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-38015 [HIGH] CVE-2021-38015: chromium - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 all... Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692

debian

CVE-2021-4066HIGHCVSS 8.8fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-4066 [HIGH] CVE-2021-4066: chromium - Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remo... Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: reso

debian

CVE-2021-21180HIGHCVSS 8.8fixed in chromium 89.0.4389.82-1 (bookworm)2021

CVE-2021-21180 [HIGH] CVE-2021-21180: chromium - Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a re... Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: resolved (fixed

debian

CVE-2021-30585HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30585 [HIGH] CVE-2021-30585: chromium - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515... Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie:

debian

CVE-2021-37984HIGHCVSS 8.8fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-37984 [HIGH] CVE-2021-37984: chromium - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a ... Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie

debian

CVE-2021-30550HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30550 [HIGH] CVE-2021-30550: chromium - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed ... Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolve

debian

CVE-2021-38007HIGHCVSS 8.8fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-38007 [HIGH] CVE-2021-38007: chromium - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote att... Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: resolved

debian

CVE-2021-30563HIGHCVSS 8.8KEVfixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30563 [HIGH] CVE-2021-30563: chromium - Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0

debian

CVE-2021-30591HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30591 [HIGH] CVE-2021-30591: chromium - Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowe... Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (

debian

CVE-2021-30574HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30574 [HIGH] CVE-2021-30574: chromium - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allo... Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved

debian

CVE-2021-30569HIGHCVSS 8.8fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30569 [HIGH] CVE-2021-30569: chromium - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remot... Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in

debian

CVE-2021-4322HIGHCVSS 8.8fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-4322 [HIGH] CVE-2021-4322: chromium - Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an att... Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fi

debian

CVE-2021-21202HIGHCVSS 8.6fixed in chromium 90.0.4430.72-1 (bookworm)2021

CVE-2021-21202 [HIGH] CVE-2021-21202: chromium - Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an a... Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: res

debian

CVE-2021-21160HIGHCVSS 8.8fixed in chromium 89.0.4389.82-1 (bookworm)2021

CVE-2021-21160 [HIGH] CVE-2021-21160: chromium - Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed ... Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: resolved (fi

debian

← Previous73 / 109Next →