Debian Chromium vulnerabilities

CVE-2021-30534 [MEDIUM] CVE-2021-30534: chromium - Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.... Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie:

CVE-2021-30539 [MEDIUM] CVE-2021-30539: chromium - Insufficient policy enforcement in content security policy in Google Chrome prio... Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-

CVE-2021-21175 [MEDIUM] CVE-2021-21175: chromium - Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.43... Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: resolved

CVE-2021-38020 [MEDIUM] CVE-2021-38020: chromium - Insufficient policy enforcement in contacts picker in Google Chrome on Android p... Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: re

CVE-2021-21173 [MEDIUM] CVE-2021-21173: chromium - Side-channel information leakage in Network Internals in Google Chrome prior to ... Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: re

CVE-2021-4321 [MEDIUM] CVE-2021-4321: chromium - Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote a... Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.

CVE-2021-21137 [MEDIUM] CVE-2021-21137: chromium - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 ... Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.

CVE-2021-21189 [MEDIUM] CVE-2021-21189: chromium - Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.... Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: reso

CVE-2021-21139 [MEDIUM] CVE-2021-21139: chromium - Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.43... Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) t

CVE-2021-37994 [MEDIUM] CVE-2021-37994: chromium - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.46... Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.7

CVE-2021-21200 [MEDIUM] CVE-2021-21200: chromium - Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allo... Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low) Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed

CVE-2021-21129 [MEDIUM] CVE-2021-21129: chromium - Insufficient policy enforcement in File System API in Google Chrome prior to 88.... Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.

CVE-2021-38010 [MEDIUM] CVE-2021-38010: chromium - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4... Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) si

CVE-2021-21123 [MEDIUM] CVE-2021-21123: chromium - Insufficient data validation in File System API in Google Chrome prior to 88.0.4... Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1)

CVE-2021-21136 [MEDIUM] CVE-2021-21136: chromium - Insufficient policy enforcement in WebView in Google Chrome on Android prior to ... Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) tr

CVE-2021-38000 [MEDIUM] CVE-2021-38000: chromium - Insufficient validation of untrusted input in Intents in Google Chrome on Androi... Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: reso

CVE-2021-21229 [MEDIUM] CVE-2021-21229: chromium - Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.443... Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.93-1) bullseye: resolved (fixed in 90.0.4430.93-1) forky: resolved (fixed in 90.0.4430.93-1) sid: resolved (fixed in 90.0.4430.93-1) trixie: resolved

CVE-2021-38022 [MEDIUM] CVE-2021-38022: chromium - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0... Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1

CVE-2021-21163 [MEDIUM] CVE-2021-21163: chromium - Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.... Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4

CVE-2021-37958 [MEDIUM] CVE-2021-37958: chromium - Inappropriate implementation in Navigation in Google Chrome on Windows prior to ... Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved