Debian Chromium vulnerabilities

CVE-2026-5283 [MEDIUM] CVE-2026-5283: chromium - Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 a... Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) trixie:

CVE-2026-5919 [MEDIUM] CVE-2026-5919: chromium - Insufficient validation of untrusted input in WebSockets in Google Chrome prior ... Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5897 [MEDIUM] CVE-2026-5897: chromium - Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allow... Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-3934 [MEDIUM] CVE-2026-3934: chromium - Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.... Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71

CVE-2026-3940 [MEDIUM] CVE-2026-3940: chromium - Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680... Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1

CVE-2026-5886 [MEDIUM] CVE-2026-5886: chromium - Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 al... Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5900 [MEDIUM] CVE-2026-5900: chromium - Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a rem... Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5903 [MEDIUM] CVE-2026-5903: chromium - Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a... Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5876 [MEDIUM] CVE-2026-5876: chromium - Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7... Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-2318 [MEDIUM] CVE-2026-2318: chromium - Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0... Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 145.0.7632.75-1~deb12u1) bullseye: open forky: resolved (fixed in 145.

CVE-2026-5887 [MEDIUM] CVE-2026-5887: chromium - Insufficient validation of untrusted input in Downloads in Google Chrome on Wind... Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5880 [MEDIUM] CVE-2026-5880: chromium - Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.77... Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: o

CVE-2026-1504 [MEDIUM] CVE-2026-1504: chromium - Inappropriate implementation in Background Fetch API in Google Chrome prior to 1... Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 144.0.7559.109-1~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7559.109-1) sid: resolved (fixed in 144.0.7559

CVE-2026-5889 [MEDIUM] CVE-2026-5889: chromium - Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an ... Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5895 [MEDIUM] CVE-2026-5895: chromium - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 ... Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-3925 [MEDIUM] CVE-2026-3925: chromium - Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 14... Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1

CVE-2026-3939 [MEDIUM] CVE-2026-3939: chromium - Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 a... Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trix

CVE-2026-3937 [MEDIUM] CVE-2026-3937: chromium - Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.76... Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trixie:

CVE-2026-5918 [MEDIUM] CVE-2026-5918: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.... Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5901 [MEDIUM] CVE-2026-5901: chromium - Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727... Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 1