Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs
2,176
CISA KEV
65
actively exploited
Public exploits
14
Exploited in wild
56
Severity breakdown
CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 77 of 109
CVE-2021-30589MEDIUMCVSS 4.3fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30589 [MEDIUM] CVE-2021-30589: chromium - Insufficient validation of untrusted input in Sharing in Google Chrome prior to ... Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.457
debian
CVE-2021-37990MEDIUMCVSS 5.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-37990 [MEDIUM] CVE-2021-37990: chromium - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.... Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) tri
debian
CVE-2021-21221MEDIUMCVSS 6.5fixed in chromium 90.0.4430.72-1 (bookworm)2021
CVE-2021-21221 [MEDIUM] CVE-2021-21221: chromium - Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.... Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolve
debian
CVE-2021-21210MEDIUMCVSS 6.5fixed in chromium 90.0.4430.72-1 (bookworm)2021
CVE-2021-21210 [MEDIUM] CVE-2021-21210: chromium - Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 a... Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1) trixie: reso
debian
CVE-2021-30537MEDIUMCVSS 4.3fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30537 [MEDIUM] CVE-2021-30537: chromium - Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.7... Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed
debian
CVE-2021-21211MEDIUMCVSS 6.5fixed in chromium 90.0.4430.72-1 (bookworm)2021
CVE-2021-21211 [MEDIUM] CVE-2021-21211: chromium - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0... Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1) trixie: resolv
debian
CVE-2021-21217MEDIUMCVSS 5.5fixed in chromium 90.0.4430.72-1 (bookworm)2021
CVE-2021-21217 [MEDIUM] CVE-2021-21217: chromium - Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a re... Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1
debian
CVE-2021-37968MEDIUMCVSS 4.3fixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-37968 [MEDIUM] CVE-2021-37968: chromium - Inappropriate implementation in Background Fetch API in Google Chrome prior to 9... Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-
debian
CVE-2021-30594MEDIUMCVSS 6.8fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30594 [MEDIUM] CVE-2021-30594: chromium - Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a... Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: r
debian
CVE-2021-30538MEDIUMCVSS 4.3fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30538 [MEDIUM] CVE-2021-30538: chromium - Insufficient policy enforcement in content security policy in Google Chrome prio... Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-
debian
CVE-2021-21209MEDIUMCVSS 6.5fixed in chromium 90.0.4430.72-1 (bookworm)2021
CVE-2021-21209 [MEDIUM] CVE-2021-21209: chromium - Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 a... Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1) trixie: resolved (fixed
debian
CVE-2021-21134MEDIUMCVSS 6.5fixed in chromium 88.0.4324.96-0.1 (bookworm)2021
CVE-2021-21134 [MEDIUM] CVE-2021-21134: chromium - Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96... Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) trixie: resolved (f
debian
CVE-2021-37976MEDIUMCVSS 6.5KEVfixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-37976 [MEDIUM] CVE-2021-37976: chromium - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 al... Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved
debian
CVE-2021-21208MEDIUMCVSS 6.5fixed in chromium 90.0.4430.72-1 (bookworm)2021
CVE-2021-21208 [MEDIUM] CVE-2021-21208: chromium - Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0... Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1)
debian
CVE-2021-21130MEDIUMCVSS 6.5fixed in chromium 88.0.4324.96-0.1 (bookworm)2021
CVE-2021-21130 [MEDIUM] CVE-2021-21130: chromium - Insufficient policy enforcement in File System API in Google Chrome prior to 88.... Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.
debian
CVE-2021-37989MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-37989 [MEDIUM] CVE-2021-37989: chromium - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 all... Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) tri
debian
CVE-2021-21185MEDIUMCVSS 4.3fixed in chromium 89.0.4389.82-1 (bookworm)2021
CVE-2021-21185 [MEDIUM] CVE-2021-21185: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.438... Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-
debian
CVE-2021-21176MEDIUMCVSS 6.5fixed in chromium 89.0.4389.82-1 (bookworm)2021
CVE-2021-21176 [MEDIUM] CVE-2021-21176: chromium - Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.... Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.
debian
CVE-2021-21216MEDIUMCVSS 6.5fixed in chromium 90.0.4430.72-1 (bookworm)2021
CVE-2021-21216 [MEDIUM] CVE-2021-21216: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 ... Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1) trixie: resolved (fixed in 9
debian
CVE-2021-30630MEDIUMCVSS 4.3fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30630 [MEDIUM] CVE-2021-30630: chromium - Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 all... Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 9
debian
← Previous77 / 109Next →
Debian Chromium vulnerabilities | cvebase