Debian Chromium vulnerabilities

CVE-2019-5769 [HIGH] CVE-2019-5769: chromium - Incorrect handling of invalid end character position when front rendering in Bli... Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolve

CVE-2019-5856 [HIGH] CVE-2019-5856: chromium - Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.8... Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 7

CVE-2019-5854 [HIGH] CVE-2019-5854: chromium - Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remo... Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) trixie: resolved (fixed in 76

CVE-2019-5789 [HIGH] CVE-2019-5789: chromium - An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome o... An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.

CVE-2019-13723 [HIGH] CVE-2019-13723: chromium - Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a... Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.108-1) bullseye: resolved (fixed in 78.0.3904.108-1) forky: resolved (fixed in 78.0.3904.108-1) sid: resolved (fi

CVE-2019-5782 [HIGH] CVE-2019-5782: chromium - Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 ... Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-1) trixie: re

CVE-2019-5851 [HIGH] CVE-2019-5851: chromium - Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remo... Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) trixie: resolved (fixed in 7

CVE-2019-13730 [HIGH] CVE-2019-13730: chromium - Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a re... Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fixed

CVE-2019-13694 [HIGH] CVE-2019-13694: chromium - Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remot... Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in

CVE-2019-19880 [HIGH] CVE-2019-19880: chromium - exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an i... exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed i

CVE-2019-5853 [HIGH] CVE-2019-5853: chromium - Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.8... Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) trixie: reso

CVE-2019-13668 [HIGH] CVE-2019-13668: chromium - Insufficient policy enforcement in developer tools in Google Chrome prior to 77.... Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolve

CVE-2019-13767 [HIGH] CVE-2019-13767: chromium - Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a ... Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.130-1) bullseye: resolved (fixed in 79.0.3945.130-1) forky: resolved (fixed in 79.0.3945.130-1) sid: resolved (fix

CVE-2019-5843 [HIGH] CVE-2019-5843: chromium - Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.10... Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.108-1) trixie:

CVE-2019-5806 [HIGH] CVE-2019-5806: chromium - Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 all... Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.108-1) trixie: resol

CVE-2019-13741 [HIGH] CVE-2019-13741: chromium - Insufficient validation of untrusted input in Blink in Google Chrome prior to 79... Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie

CVE-2019-13747 [HIGH] CVE-2019-13747: chromium - Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.7... Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: re

CVE-2019-5878 [HIGH] CVE-2019-5878: chromium - Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote att... Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 78.0.39

CVE-2019-13687 [HIGH] CVE-2019-13687: chromium - Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote ... Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 78

CVE-2019-5762 [HIGH] CVE-2019-5762: chromium - Inappropriate memory management when caching in PDFium in Google Chrome prior to... Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-