Debian Chromium vulnerabilities

CVE-2021-38004 [MEDIUM] CVE-2021-38004: chromium - Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.... Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trix

CVE-2021-30617 [MEDIUM] CVE-2021-30617: chromium - Chromium: CVE-2021-30617 Policy bypass in Blink Chromium: CVE-2021-30617 Policy bypass in Blink Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-30533 [MEDIUM] CVE-2021-30533: chromium - Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4... Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: res

CVE-2021-4323 [MEDIUM] CVE-2021-4323: chromium - Insufficient validation of untrusted input in Extensions in Google Chrome prior ... Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) for

CVE-2021-38018 [MEDIUM] CVE-2021-38018: chromium - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.4... Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trix

CVE-2021-30619 [MEDIUM] CVE-2021-30619: chromium - Chromium: CVE-2021-30619 UI Spoofing in Autofill Chromium: CVE-2021-30619 UI Spoofing in Autofill Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed in 93.0.4577.82-1)

CVE-2021-37965 [MEDIUM] CVE-2021-37965: chromium - Inappropriate implementation in Background Fetch API in Google Chrome prior to 9... Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-

CVE-2021-38019 [MEDIUM] CVE-2021-38019: chromium - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 a... Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.4692.71-0.1) trixie:

CVE-2021-21186 [MEDIUM] CVE-2021-21186: chromium - Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to ... Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: reso

CVE-2021-37995 [MEDIUM] CVE-2021-37995: chromium - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.... Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0

CVE-2021-21184 [MEDIUM] CVE-2021-21184: chromium - Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.... Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 89.0.4389.82-1) bullseye: resolved (fixed in 89.0.4389.82-1) forky: resolved (fixed in 89.0.4389.82-1) sid: resolved (fixed in 89.0.4389.82-1) trixie: resolve

CVE-2021-21218 [MEDIUM] CVE-2021-21218: chromium - Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a re... Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1

CVE-2021-4316 [MEDIUM] CVE-2021-4316: chromium - Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 a... Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in

CVE-2021-21219 [MEDIUM] CVE-2021-21219: chromium - Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a re... Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. Scope: local bookworm: resolved (fixed in 90.0.4430.72-1) bullseye: resolved (fixed in 90.0.4430.72-1) forky: resolved (fixed in 90.0.4430.72-1) sid: resolved (fixed in 90.0.4430.72-1

CVE-2021-21141 [MEDIUM] CVE-2021-21141: chromium - Insufficient policy enforcement in File System API in Google Chrome prior to 88.... Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 88.0.4324.96-0.1) bullseye: resolved (fixed in 88.0.4324.96-0.1) forky: resolved (fixed in 88.0.4324.96-0.1) sid: resolved (fixed in 88.0.4324.96-0.1)

CVE-2021-37971 [MEDIUM] CVE-2021-37971: chromium - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 a... Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved (fixed in 97.0.4692.71-0.1) sid: resolved (fixed in 97.0.

CVE-2021-37964 [LOW] CVE-2021-37964: chromium - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS... Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. Scope: local bookworm: resolved (fixed in 97.0.4692.71-0.1) bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1) forky: resolved

CVE-2021-4324 [MEDIUM] CVE-2021-4324: chromium - Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.... Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-21164 [MEDIUM] CVE-2021-21164: chromium - Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 8... Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-6469 [CRITICAL] CVE-2020-6469: chromium - Insufficient policy enforcement in developer tools in Google Chrome prior to 83.... Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in