Debian Chromium vulnerabilities

CVE-2021-30623 [HIGH] CVE-2021-30623: chromium - Chromium: CVE-2021-30623 Use after free in Bookmarks Chromium: CVE-2021-30623 Use after free in Bookmarks Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-30624 [HIGH] CVE-2021-30624: chromium - Chromium: CVE-2021-30624 Use after free in Autofill Chromium: CVE-2021-30624 Use after free in Autofill Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-37957 [HIGH] CVE-2021-37957: chromium - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote... Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: reso

CVE-2021-4319 [HIGH] CVE-2021-4319: chromium - Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote ... Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.

CVE-2021-30516 [HIGH] CVE-2021-30516: chromium - Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed ... Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.212-1) bullseye: resolved (fixed in 90.0.4430.212-1) forky: resolved (fixed in 90.0.4430.212-1) sid: resolved (f

CVE-2021-30527 [HIGH] CVE-2021-30527: chromium - Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attack... Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed

CVE-2021-30578 [HIGH] CVE-2021-30578: chromium - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a rem... Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed i

CVE-2021-21157 [HIGH] CVE-2021-21157: chromium - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 a... Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.182-1) bullseye: resolved (fixed in 88.0.4324.182-1) forky: resolved (fixed in 88.0.4324.182-1) sid: resolved (fixed in 88.0.4324.182-1) trixie: r

CVE-2021-30547 [HIGH] CVE-2021-30547: chromium - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a r... Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: res

CVE-2021-37979 [HIGH] CVE-2021-37979: chromium - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a ... heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71

CVE-2021-21225 [HIGH] CVE-2021-21225: chromium - Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed... Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.85-1) bullseye: resolved (fixed in 90.0.4430.85-1) forky: resolved (fixed in 90.0.4430.85-1) sid: resolved (fixed in 90.0.4430.85-1) trixie: resolved (f

CVE-2021-37970 [HIGH] CVE-2021-37970: chromium - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed... Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) tri

CVE-2021-30601 [HIGH] CVE-2021-30601: chromium - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed... Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolv

CVE-2021-30522 [HIGH] CVE-2021-30522: chromium - Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remo... Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in

CVE-2021-30518 [HIGH] CVE-2021-30518: chromium - Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allo... Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.212-1) bullseye: resolved (fixed in 90.0.4430.212-1) forky: resolved (fixed in 90.0.4430.212-1) sid: resolved (fixed in 90.0.4430.212-1) trixie: reso

CVE-2021-21144 [HIGH] CVE-2021-21144: chromium - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allow... Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 88.0.4324.146-1) bullseye: resolved (fixed in 88.0.4324.146-1) forky: resolved (fixed in 88.0.4324.146-1)

CVE-2021-4065 [HIGH] CVE-2021-4065: chromium - Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remo... Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: reso

CVE-2021-37988 [HIGH] CVE-2021-37988: chromium - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remo... Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1)

CVE-2021-30565 [HIGH] CVE-2021-30565: chromium - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior t... Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93

CVE-2021-21231 [HIGH] CVE-2021-21231: chromium - Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowe... Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.93-1) bullseye: resolved (fixed in 90.0.4430.93-1) forky: resolved (fixed in 90.0.4430.93-1) sid: resolved (fixed in 90.0.4430.93-1) trixie: resolved (