Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 88 of 109

CVE-2020-6510HIGHCVSS 7.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6510 [HIGH] CVE-2020-6510: chromium - Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 ... Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie

debian

CVE-2020-15968HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-15968 [HIGH] CVE-2020-15968: chromium - Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote ... Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fix

debian

CVE-2020-6512HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6512 [HIGH] CVE-2020-6512: chromium - Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote att... Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fixed in

debian

CVE-2020-6443HIGHCVSS 8.8fixed in chromium 81.0.4044.92-1 (bookworm)2020

CVE-2020-6443 [HIGH] CVE-2020-6443: chromium - Insufficient data validation in developer tools in Google Chrome prior to 81.0.4... Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: resolved (fixed in 81.0.4044.92-1) sid: resolved (fi

debian

CVE-2020-6523HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6523 [HIGH] CVE-2020-6523: chromium - Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a rem... Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (f

debian

CVE-2020-6380HIGHCVSS 8.8fixed in chromium 79.0.3945.130-1 (bookworm)2020

CVE-2020-6380 [HIGH] CVE-2020-6380: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.394... Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 79.0.3945.130-1) bullseye: resolved (fixed in 79.0.3945.130-1) forky: resolved (fixed in 79.0.3945.130-1) sid: resolv

debian

CVE-2020-15983HIGHCVSS 7.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-15983 [HIGH] CVE-2020-15983: chromium - Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0... Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) t

debian

CVE-2020-6515HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6515 [HIGH] CVE-2020-6515: chromium - Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a rem... Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (f

debian

CVE-2020-6452HIGHCVSS 8.8fixed in chromium 80.0.3987.162-1 (bookworm)2020

CVE-2020-6452 [HIGH] CVE-2020-6452: chromium - Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a ... Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.162-1) bullseye: resolved (fixed in 80.0.3987.162-1) forky: resolved (fixed in 80.0.3987.162-1) sid: resolved (fixed in 80.0.3987.162-1) trixie: resolved (fi

debian

CVE-2020-6459HIGHCVSS 8.8fixed in chromium 83.0.4103.83-1 (bookworm)2020

CVE-2020-6459 [HIGH] CVE-2020-6459: chromium - Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a rem... Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.0.4103.83-1) trixie: resolved (fixed in

debian

CVE-2020-6382HIGHCVSS 8.8fixed in chromium 80.0.3987.106-1 (bookworm)2020

CVE-2020-6382 [HIGH] CVE-2020-6382: chromium - Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a re... Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie: resolved (fixe

debian

CVE-2020-15976HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-15976 [HIGH] CVE-2020-15976: chromium - Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowe... Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: re

debian

CVE-2020-6415HIGHCVSS 8.8fixed in chromium 80.0.3987.106-1 (bookworm)2020

CVE-2020-6415 [HIGH] CVE-2020-6415: chromium - Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.8... Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie:

debian

CVE-2020-6449HIGHCVSS 8.8fixed in chromium 80.0.3987.149-1 (bookworm)2020

CVE-2020-6449 [HIGH] CVE-2020-6449: chromium - Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote... Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.149-1) bullseye: resolved (fixed in 80.0.3987.149-1) forky: resolved (fixed in 80.0.3987.149-1) sid: resolved (fixed in 80.0.3987.149-1) trixie: resolved (fixed in

debian

CVE-2020-6402HIGHCVSS 8.8fixed in chromium 80.0.3987.106-1 (bookworm)2020

CVE-2020-6402 [HIGH] CVE-2020-6402: chromium - Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 8... Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-

debian

CVE-2020-16002HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-16002 [HIGH] CVE-2020-16002: chromium - Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remot... Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fi

debian

CVE-2020-6388HIGHCVSS 8.8fixed in chromium 80.0.3987.106-1 (bookworm)2020

CVE-2020-6388 [HIGH] CVE-2020-6388: chromium - Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed ... Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie: resolved (

debian

CVE-2020-6556HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6556 [HIGH] CVE-2020-6556: chromium - Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allo... Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: re

debian

CVE-2020-6576HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6576 [HIGH] CVE-2020-6576: chromium - Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allow... Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: res

debian

CVE-2020-6513HIGHCVSS 8.8fixed in chromium 87.0.4280.88-0.1 (bookworm)2020

CVE-2020-6513 [HIGH] CVE-2020-6513: chromium - Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a ... Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved

debian

← Previous88 / 109Next →