Debian Chromium vulnerabilities

CVE-2020-6568 [MEDIUM] CVE-2020-6568: chromium - Insufficient policy enforcement in intent handling in Google Chrome on Android p... Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4

CVE-2020-6547 [MEDIUM] CVE-2020-6547: chromium - Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a... Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie:

CVE-2020-6569 [MEDIUM] CVE-2020-6569: chromium - Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remo... Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixe

CVE-2020-15959 [MEDIUM] CVE-2020-15959: chromium - Insufficient policy enforcement in networking in Google Chrome prior to 85.0.418... Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed

CVE-2020-6565 [MEDIUM] CVE-2020-6565: chromium - Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.41... Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.428

CVE-2020-15981 [MEDIUM] CVE-2020-15981: chromium - Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a rem... Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.428

CVE-2020-6425 [MEDIUM] CVE-2020-6425: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.398... Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 80.0.3987.149-1) bullseye: resolved (fixed in 80.0.3987.149-1) forky: resolved (fixed in 80.0.3987.149-1) si

CVE-2020-16040 [MEDIUM] CVE-2020-16040: chromium - Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowe... Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie:

CVE-2020-6440 [MEDIUM] CVE-2020-6440: chromium - Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.9... Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: resolved (fixed in 81.0.4

CVE-2020-6412 [MEDIUM] CVE-2020-6412: chromium - Insufficient validation of untrusted input in Omnibox in Google Chrome prior to ... Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.

CVE-2020-6516 [MEDIUM] CVE-2020-6516: chromium - Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote at... Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie: resolved (fixed in 87.0.4280

CVE-2020-6433 [MEDIUM] CVE-2020-6433: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.404... Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: resolved (fixed in 81.0.4044.92-1) sid: resolved (fixed in 81.0.4044.92-1) trixie: reso

CVE-2020-6445 [MEDIUM] CVE-2020-6445: chromium - Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.... Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: resolved (fixed in 81.0.4044.92-1) sid: resolved (fixed in 81.0.4044.92-1) trixie: r

CVE-2020-6391 [MEDIUM] CVE-2020-6391: chromium - Insufficient validation of untrusted input in Blink in Google Chrome prior to 80... Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) tri

CVE-2020-6441 [MEDIUM] CVE-2020-6441: chromium - Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.9... Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: resolved (fixed in 81.0.4044.92-1) sid: resolved (fixed in 81.0.4044.92-1) trixie: resolved (fixed in

CVE-2020-6531 [MEDIUM] CVE-2020-6531: chromium - Side-channel information leakage in scroll to text in Google Chrome prior to 84.... Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) trixie:

CVE-2020-6506 [MEDIUM] CVE-2020-6506: chromium - Insufficient policy enforcement in WebView in Google Chrome on Android prior to ... Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.106-1) bullseye: resolved (fixed in 83.0.4103.106-1) forky: resolved (fixed in 83.0.4103.106-1) sid: resolved (fixed in 83.0.4103.106-1) trixie:

CVE-2020-6499 [MEDIUM] CVE-2020-6499: chromium - Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 ... Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie

CVE-2020-15982 [MEDIUM] CVE-2020-15982: chromium - Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 all... Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed i

CVE-2020-6563 [MEDIUM] CVE-2020-6563: chromium - Insufficient policy enforcement in intent handling in Google Chrome on Android p... Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resol