Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs
2,176
CISA KEV
65
actively exploited
Public exploits
14
Exploited in wild
56
Severity breakdown
CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 80 of 109
CVE-2021-30531MEDIUMCVSS 6.5fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30531 [MEDIUM] CVE-2021-30531: chromium - Insufficient policy enforcement in Content Security Policy in Google Chrome prio... Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-
debian
CVE-2021-30615MEDIUMCVSS 6.5fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30615 [MEDIUM] CVE-2021-30615: chromium - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation Chromium: CVE-2021-30615 Cross-origin data leak in Navigation Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)
debian
CVE-2021-21168MEDIUMCVSS 6.5fixed in chromium 89.0.4389.82-1 (bookworm)2021
CVE-2021-21168 [MEDIUM] CVE-2021-21168: chromium - Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.... Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed i
debian
CVE-2021-37996MEDIUMCVSS 5.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-37996 [MEDIUM] CVE-2021-37996: chromium - Insufficient validation of untrusted input Downloads in Google Chrome prior to 9... Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.469
debian
CVE-2021-30583MEDIUMCVSS 6.5fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30583 [MEDIUM] CVE-2021-30583: chromium - Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS... Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1)
debian
CVE-2021-37999MEDIUMCVSS 6.1fixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-37999 [MEDIUM] CVE-2021-37999: chromium - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638... Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved
debian
CVE-2021-21147MEDIUMCVSS 4.3fixed in chromium 88.0.4324.146-1 (bookworm)2021
CVE-2021-21147 [MEDIUM] CVE-2021-21147: chromium - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 all... Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.146-1) bullseye: resolved (fixed in 88.0.4324.146-1) forky: resolved (fixed in 88.0.4324.146-1) sid: resolved (fixed in 88.0.4324.146-1) tr
debian
CVE-2021-30540MEDIUMCVSS 6.5fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30540 [MEDIUM] CVE-2021-30540: chromium - Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472... Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (
debian
CVE-2021-30597MEDIUMCVSS 6.8fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30597 [MEDIUM] CVE-2021-30597: chromium - Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 a... Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) t
debian
CVE-2021-21182MEDIUMCVSS 6.5fixed in chromium 89.0.4389.82-1 (bookworm)2021
CVE-2021-21182 [MEDIUM] CVE-2021-21182: chromium - Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.43... Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: res
debian
CVE-2021-21178MEDIUMCVSS 6.5fixed in chromium 89.0.4389.82-1 (bookworm)2021
CVE-2021-21178 [MEDIUM] CVE-2021-21178: chromium - Inappropriate implementation in Compositing in Google Chrome on Linux and Window... Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fix
debian
CVE-2021-38021MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-38021 [MEDIUM] CVE-2021-38021: chromium - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 ... Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1)
debian
CVE-2021-21181MEDIUMCVSS 6.5fixed in chromium 89.0.4389.82-1 (bookworm)2021
CVE-2021-21181 [MEDIUM] CVE-2021-21181: chromium - Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389... Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed
debian
CVE-2021-4054MEDIUMCVSS 6.5fixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-4054 [MEDIUM] CVE-2021-4054: chromium - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed... Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie: resolve
debian
CVE-2021-37966MEDIUMCVSS 4.3fixed in chromium 97.0.4692.71-0.1 (bookworm)2021
CVE-2021-37966 [MEDIUM] CVE-2021-37966: chromium - Inappropriate implementation in Compositing in Google Chrome on Android prior to... Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved
debian
CVE-2021-30532MEDIUMCVSS 4.3fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30532 [MEDIUM] CVE-2021-30532: chromium - Insufficient policy enforcement in Content Security Policy in Google Chrome prio... Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-
debian
CVE-2021-30582MEDIUMCVSS 6.5fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30582 [MEDIUM] CVE-2021-30582: chromium - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.10... Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fix
debian
CVE-2021-21133MEDIUMCVSS 6.5fixed in chromium 88.0.4324.96-0.1 (bookworm)2021
CVE-2021-21133 [MEDIUM] CVE-2021-21133: chromium - Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324... Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolve
debian
CVE-2021-21131MEDIUMCVSS 6.5fixed in chromium 88.0.4324.96-0.1 (bookworm)2021
CVE-2021-21131 [MEDIUM] CVE-2021-21131: chromium - Insufficient policy enforcement in File System API in Google Chrome prior to 88.... Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.
debian
CVE-2021-30587MEDIUMCVSS 4.3fixed in chromium 93.0.4577.82-1 (bookworm)2021
CVE-2021-30587 [MEDIUM] CVE-2021-30587: chromium - Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.... Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93
debian
← Previous80 / 109Next →