Debian Chromium vulnerabilities

CVE-2021-21195 [HIGH] CVE-2021-21195: chromium - Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote at... Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.114-1) bullseye: resolved (fixed in 89.0.4389.114-1) forky: resolved (fixed in 89.0.4389.114-1) sid: resolved (fixed in 89.0.4389.114-1) trixie: resolved (fixed in

CVE-2021-37987 [HIGH] CVE-2021-37987: chromium - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a ... Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie

CVE-2021-4053 [HIGH] CVE-2021-4053: chromium - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a r... Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: r

CVE-2021-30515 [HIGH] CVE-2021-30515: chromium - Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a rem... Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.212-1) bullseye: resolved (fixed in 90.0.4430.212-1) forky: resolved (fixed in 90.0.4430.212-1) sid: resolved (fixed in 90.0.4430.212-1) trixie: resolved (fix

CVE-2021-37993 [HIGH] CVE-2021-37993: chromium - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allow... Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) t

CVE-2021-30614 [HIGH] CVE-2021-30614: chromium - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-21122 [HIGH] CVE-2021-21122: chromium - Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote ... Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) trixie: resolved (fix

CVE-2021-37980 [HIGH] CVE-2021-37980: chromium - Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 a... Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: res

CVE-2021-21188 [HIGH] CVE-2021-21188: chromium - Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote ... Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: resolved (fixed in 89

CVE-2021-30610 [HIGH] CVE-2021-30610: chromium - Chromium: CVE-2021-30610 Use after free in Extensions API Chromium: CVE-2021-30610 Use after free in Extensions API Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-30581 [HIGH] CVE-2021-30581: chromium - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an at... Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fi

CVE-2021-4061 [HIGH] CVE-2021-4061: chromium - Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote att... Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: resolved (

CVE-2021-30568 [HIGH] CVE-2021-30568: chromium - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a ... Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixe

CVE-2021-4079 [HIGH] CVE-2021-4079: chromium - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a r... Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie

CVE-2021-21127 [HIGH] CVE-2021-21127: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.432... Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.

CVE-2021-30604 [HIGH] CVE-2021-30604: chromium - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote... Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 9

CVE-2021-4064 [HIGH] CVE-2021-4064: chromium - Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664... Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71

CVE-2021-30536 [HIGH] CVE-2021-30536: chromium - Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote... Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in

CVE-2021-30545 [HIGH] CVE-2021-30545: chromium - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a r... Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed i

CVE-2021-21135 [MEDIUM] CVE-2021-21135: chromium - Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4... Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) trixie: