Debian Chromium vulnerabilities

CVE-2019-5880 [HIGH] CVE-2019-5880: chromium - Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 ... Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in

CVE-2019-5849 [HIGH] CVE-2019-5849: chromium - Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remo... Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) tri

CVE-2019-5822 [HIGH] CVE-2019-5822: chromium - Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 al... Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.108-1) trixie: resolved (fixe

CVE-2019-13768 [HIGH] CVE-2019-13768: chromium - Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remot... Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626

CVE-2019-13695 [HIGH] CVE-2019-13695: chromium - Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allow... Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved

CVE-2019-5788 [HIGH] CVE-2019-5788: chromium - An integer overflow that leads to a use-after-free in Blink Storage in Google Ch... An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3

CVE-2019-13673 [HIGH] CVE-2019-13673: chromium - Insufficient data validation in developer tools in Google Chrome prior to 77.0.3... Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (

CVE-2019-5796 [HIGH] CVE-2019-5796: chromium - Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowe... Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: resolved (fi

CVE-2019-5756 [HIGH] CVE-2019-5756: chromium - Inappropriate memory management when caching in PDFium in Google Chrome prior to... Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-

CVE-2019-5874 [HIGH] CVE-2019-5874: chromium - Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.... Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: res

CVE-2019-5795 [HIGH] CVE-2019-5795: chromium - Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remo... Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: resolved

CVE-2019-5820 [HIGH] CVE-2019-5820: chromium - Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a rem... Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.108-1) trixie: resolved (fixed

CVE-2019-13682 [HIGH] CVE-2019-13682: chromium - Insufficient policy enforcement in external protocol handling in Google Chrome p... Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) t

CVE-2019-5760 [HIGH] CVE-2019-5760: chromium - Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0... Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-1) trixi

CVE-2019-5758 [HIGH] CVE-2019-5758: chromium - Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.36... Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-1) trixie:

CVE-2019-5790 [HIGH] CVE-2019-5790: chromium - An integer overflow leading to an incorrect capacity of a buffer in JavaScript i... An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolve

CVE-2019-13693 [HIGH] CVE-2019-13693: chromium - Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a re... Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87

CVE-2019-5871 [HIGH] CVE-2019-5871: chromium - Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a re... Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in

CVE-2019-5831 [HIGH] CVE-2019-5831: chromium - Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a re... Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie: resolved (fixed in

CVE-2019-5859 [HIGH] CVE-2019-5859: chromium - Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.... Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) trixie: res