Debian Chromium vulnerabilities

CVE-2020-16010 [CRITICAL] CVE-2020-16010: chromium - Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 al... Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-6558 [MEDIUM] CVE-2020-6558: chromium - Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.... Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-15996 [HIGH] CVE-2020-15996: chromium - Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a rem... Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-16046 [MEDIUM] CVE-2020-16046: chromium - Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowe... Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-25154 [CRITICAL] CVE-2019-25154: chromium - Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 al... Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolve

CVE-2019-5850 [CRITICAL] CVE-2019-5850: chromium - Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a ... Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fix

CVE-2019-5866 [CRITICAL] CVE-2019-5866: chromium - Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.14... Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.71-1) bullseye: resolved (fixed in 76.0.3809.71-1) forky: resolved (fixed in 76.0.3809.71-1) sid: resolved (fixed in 76.0.3809.71-1) trixie:

CVE-2019-5870 [CRITICAL] CVE-2019-5870: chromium - Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote ... Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in

CVE-2019-5759 [CRITICAL] CVE-2019-5759: chromium - Incorrect lifetime handling in HTML select elements in Google Chrome on Android ... Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixe

CVE-2019-5763 [HIGH] CVE-2019-5763: chromium - Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 a... Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-1) trixie: resolve

CVE-2019-19923 [HIGH] CVE-2019-19923: chromium - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT D... flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid

CVE-2019-5836 [HIGH] CVE-2019-5836: chromium - Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a r... Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie: resolved (fixed i

CVE-2019-5821 [HIGH] CVE-2019-5821: chromium - Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a rem... Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.108-1) trixie: resolved (fixed

CVE-2019-13724 [HIGH] CVE-2019-13724: chromium - Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.... Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.108-1) bullseye: resolved (fixed in 78.0.3904.108-1) forky: resolved (fixed in 78.0.3904.108-1) sid:

CVE-2019-13725 [HIGH] CVE-2019-13725: chromium - Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a rem... Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fixed in 79.0.3945.7

CVE-2019-5827 [HIGH] CVE-2019-5827: chromium - Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 al... Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie: resolved

CVE-2019-5797 [HIGH] CVE-2019-5797: chromium - Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remot... Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: resolved (fixed in 73

CVE-2019-13720 [HIGH] CVE-2019-13720: chromium - Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remo... Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in

CVE-2019-5876 [HIGH] CVE-2019-5876: chromium - Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowe... Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fi

CVE-2019-13729 [HIGH] CVE-2019-13729: chromium - Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a re... Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fixed