Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 84 of 109

CVE-2020-6572HIGHCVSS 8.8KEVfixed in chromium 81.0.4044.92-1 (bookworm)2020

CVE-2020-6572 [HIGH] CVE-2020-6572: chromium - Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote ... Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: resolved (fixed in 81.0.4044.92-1) sid: resolved (fixed in 81.0.4044.92-1) trixie: resolved (fixed in 81.0.4044.92-1)

debian

CVE-2020-6468HIGHCVSS 8.8fixed in chromium 83.0.4103.83-1 (bookworm)2020

CVE-2020-6468 [HIGH] CVE-2020-6468: chromium - Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote att... Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resolved (fixed in 83.0.41

debian

CVE-2020-6543HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6543 [HIGH] CVE-2020-6543: chromium - Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowe... Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: reso

debian

CVE-2020-15987HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-15987 [HIGH] CVE-2020-15987: chromium - Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote... Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved

debian

CVE-2020-6413HIGHCVSS 8.8fixed in chromium 80.0.3987.106-1 (bookworm)2020

CVE-2020-6413 [HIGH] CVE-2020-6413: chromium - Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 all... Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie: resolved (fixed in

debian

CVE-2020-16001HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-16001 [HIGH] CVE-2020-16001: chromium - Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote... Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fi

debian

CVE-2020-6467HIGHCVSS 8.8fixed in chromium 83.0.4103.83-1 (bookworm)2020

CVE-2020-6467 [HIGH] CVE-2020-6467: chromium - Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote... Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resolved (fixed in 83.

debian

CVE-2020-6553HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6553 [HIGH] CVE-2020-6553: chromium - Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 al... Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie:

debian

CVE-2020-6458HIGHCVSS 8.8fixed in chromium 83.0.4103.83-1 (bookworm)2020

CVE-2020-6458 [HIGH] CVE-2020-6458: chromium - Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 a... Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resolved

debian

CVE-2020-6496HIGHCVSS 8.8fixed in chromium 83.0.4103.106-1 (bookworm)2020

CVE-2020-6496 [HIGH] CVE-2020-6496: chromium - Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allow... Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.106-1) bullseye: resolved (fixed in 83.0.4103.106-1) forky: resolved (fixed in 83.0.4103.106-1) sid: resolved (fixed in 83.0.4103.106-1) trixie: resolv

debian

CVE-2020-6537HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6537 [HIGH] CVE-2020-6537: chromium - Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote at... Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fix

debian

CVE-2020-16000HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-16000 [HIGH] CVE-2020-16000: chromium - Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 al... Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie

debian

CVE-2020-6544HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6544 [HIGH] CVE-2020-6544: chromium - Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote... Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fixe

debian

CVE-2020-6428HIGHCVSS 8.8fixed in chromium 80.0.3987.149-1 (bookworm)2020

CVE-2020-6428 [HIGH] CVE-2020-6428: chromium - Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote... Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.149-1) bullseye: resolved (fixed in 80.0.3987.149-1) forky: resolved (fixed in 80.0.3987.149-1) sid: resolved (fixed in 80.0.3987.149-1) trixie: resolved (fixed in

debian

CVE-2020-15979HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-15979 [HIGH] CVE-2020-15979: chromium - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowe... Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: re

debian

CVE-2020-6463HIGHCVSS 8.8fixed in chromium 83.0.4103.83-1 (bookworm)2020

CVE-2020-6463 [HIGH] CVE-2020-6463: chromium - Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote... Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resolved (fixed in 83.

debian

CVE-2020-6549HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6549 [HIGH] CVE-2020-6549: chromium - Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote... Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fixe

debian

CVE-2020-15992HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-15992 [HIGH] CVE-2020-15992: chromium - Insufficient policy enforcement in networking in Google Chrome prior to 86.0.424... Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resol

debian

CVE-2020-6430HIGHCVSS 8.8fixed in chromium 81.0.4044.92-1 (bookworm)2020

CVE-2020-6430 [HIGH] CVE-2020-6430: chromium - Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote att... Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: resolved (fixed in 81.0.4044.92-1) sid: resolved (fixed in 81.0.4044.92-1) trixie: resolved (fixed in 81.0.40

debian

CVE-2020-6424HIGHCVSS 8.8fixed in chromium 80.0.3987.149-1 (bookworm)2020

CVE-2020-6424 [HIGH] CVE-2020-6424: chromium - Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote... Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.149-1) bullseye: resolved (fixed in 80.0.3987.149-1) forky: resolved (fixed in 80.0.3987.149-1) sid: resolved (fixed in 80.0.3987.149-1) trixie: resolved (fixed in

debian

← Previous84 / 109Next →