Debian Chromium vulnerabilities

CVE-2020-16042 [MEDIUM] CVE-2020-16042: chromium - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote ... Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88

CVE-2020-6442 [MEDIUM] CVE-2020-6442: chromium - Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 all... Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: resolved (fixed in 81.0.4044.92-1) sid: resolved (fixed in 81.0.4044.92-1) trixie: resolved (fixed in 8

CVE-2020-6489 [MEDIUM] CVE-2020-6489: chromium - Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4... Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) fo

CVE-2020-6438 [MEDIUM] CVE-2020-6438: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.404... Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 81.0.4044.92-1) bullseye: resolved (fixed in 81.0.4044.92-1) forky: re

CVE-2020-16032 [MEDIUM] CVE-2020-16032: chromium - Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 a... Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-

CVE-2020-6561 [MEDIUM] CVE-2020-6561: chromium - Inappropriate implementation in Content Security Policy in Google Chrome prior t... Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 87.0.4280.88-0.1) bullseye: resolved (fixed in 87.0.4280.88-0.1) forky: resolved (fixed in 87.0.4280.88-0.1) sid: resolved (fixed in 87.0.4280.88-0.1) tr

CVE-2020-6473 [MEDIUM] CVE-2020-6473: chromium - Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 ... Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 83.0.4103.83-1) bullseye: resolved (fixed in 83.0.4103.83-1) forky: resolved (fixed in 83.0.4103.83-1) sid: resolved (fixed in 83.

CVE-2020-6400 [MEDIUM] CVE-2020-6400: chromium - Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allo... Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie: resolved (fixed i

CVE-2020-6393 [MEDIUM] CVE-2020-6393: chromium - Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 ... Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie: resolved (fix

CVE-2020-16011 [CRITICAL] CVE-2020-16011: chromium - Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 al... Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-15993 [CRITICAL] CVE-2020-15993: chromium - Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remo... Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-6417 [HIGH] CVE-2020-6417: chromium - Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87... Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-15998 [HIGH] CVE-2020-15998: chromium - Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote at... Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-15994 [HIGH] CVE-2020-15994: chromium - Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote att... Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-15997 [HIGH] CVE-2020-15997: chromium - Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote a... Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-6574 [HIGH] CVE-2020-6574: chromium - Insufficient policy enforcement in installer in Google Chrome on OS X prior to 8... Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-6477 [HIGH] CVE-2020-6477: chromium - Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0... Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-16045 [CRITICAL] CVE-2020-16045: chromium - Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 all... Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-16007 [HIGH] CVE-2020-16007: chromium - Insufficient data validation in installer in Google Chrome prior to 86.0.4240.18... Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-6546 [HIGH] CVE-2020-6546: chromium - Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.12... Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved