Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 79 of 109

CVE-2021-21170MEDIUMCVSS 6.5fixed in chromium 89.0.4389.82-1 (bookworm)2021

CVE-2021-21170 [MEDIUM] CVE-2021-21170: chromium - Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a... Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resol

debian

CVE-2021-30621MEDIUMCVSS 6.5fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30621 [MEDIUM] CVE-2021-30621: chromium - Chromium: CVE-2021-30621 UI Spoofing in Autofill Chromium: CVE-2021-30621 UI Spoofing in Autofill Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

debian

CVE-2021-4059MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-4059 [MEDIUM] CVE-2021-4059: chromium - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 al... Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: res

debian

CVE-2021-21171MEDIUMCVSS 6.5fixed in chromium 89.0.4389.82-1 (bookworm)2021

CVE-2021-21171 [MEDIUM] CVE-2021-21171: chromium - Incorrect security UI in TabStrip and Navigation in Google Chrome on Android pri... Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in

debian

CVE-2021-21126MEDIUMCVSS 6.5fixed in chromium 88.0.4324.96-0.1 (bookworm)2021

CVE-2021-21126 [MEDIUM] CVE-2021-21126: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.432... Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) trix

debian

CVE-2021-21183MEDIUMCVSS 4.3fixed in chromium 89.0.4389.82-1 (bookworm)2021

CVE-2021-21183 [MEDIUM] CVE-2021-21183: chromium - Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.... Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: resolve

debian

CVE-2021-21212MEDIUMCVSS 6.5fixed in chromium 90.0.4430.72-1 (bookworm)2021

CVE-2021-21212 [MEDIUM] CVE-2021-21212: chromium - Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to... Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0

debian

CVE-2021-37963MEDIUMCVSS 4.3fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-37963 [MEDIUM] CVE-2021-37963: chromium - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606... Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trix

debian

CVE-2021-4068MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-4068 [MEDIUM] CVE-2021-4068: chromium - Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664... Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixi

debian

CVE-2021-21228MEDIUMCVSS 4.3fixed in chromium 90.0.4430.93-1 (bookworm)2021

CVE-2021-21228 [MEDIUM] CVE-2021-21228: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.443... Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 90.0.4430.93-1) bullseye: resolved (fixed in 90.0.4430.93-1) forky: resolved (fixed in 90.0.4430.9

debian

CVE-2021-30580MEDIUMCVSS 6.5fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30580 [MEDIUM] CVE-2021-30580: chromium - Insufficient policy enforcement in Android intents in Google Chrome prior to 92.... Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in

debian

CVE-2021-37967MEDIUMCVSS 4.3fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-37967 [MEDIUM] CVE-2021-37967: chromium - Inappropriate implementation in Background Fetch API in Google Chrome prior to 9... Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0

debian

CVE-2021-21177MEDIUMCVSS 6.5fixed in chromium 89.0.4389.82-1 (bookworm)2021

CVE-2021-21177 [MEDIUM] CVE-2021-21177: chromium - Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.... Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed i

debian

CVE-2021-38009MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2021

CVE-2021-38009 [MEDIUM] CVE-2021-38009: chromium - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 all... Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: re

debian

CVE-2021-21187MEDIUMCVSS 4.3fixed in chromium 89.0.4389.82-1 (bookworm)2021

CVE-2021-21187 [MEDIUM] CVE-2021-21187: chromium - Insufficient data validation in URL formatting in Google Chrome prior to 89.0.43... Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.8

debian

CVE-2021-21222MEDIUMCVSS 6.5fixed in chromium 90.0.4430.85-1 (bookworm)2021

CVE-2021-21222 [MEDIUM] CVE-2021-21222: chromium - Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remo... Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.85-1) bullseye: resolved (fixed in 90.0.4430.85-1) forky: resolved (fixed in 90.0.4430.85-1) sid: resolved (fixed in 90.0.4430.85-

debian

CVE-2021-30596MEDIUMCVSS 4.3fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30596 [MEDIUM] CVE-2021-30596: chromium - Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.45... Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.8

debian

CVE-2021-21140MEDIUMCVSS 6.8fixed in chromium 88.0.4324.96-0.1 (bookworm)2021

CVE-2021-21140 [MEDIUM] CVE-2021-21140: chromium - Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local ... Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1) trixie: re

debian

CVE-2021-30584MEDIUMCVSS 6.5fixed in chromium 93.0.4577.82-1 (bookworm)2021

CVE-2021-30584 [MEDIUM] CVE-2021-30584: chromium - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.451... Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved

debian

CVE-2021-21215MEDIUMCVSS 6.5fixed in chromium 90.0.4430.72-1 (bookworm)2021

CVE-2021-21215 [MEDIUM] CVE-2021-21215: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 ... Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1) trixie: resolved (fixed in 9

debian

← Previous79 / 109Next →