Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/chromium@147.0.7727.116-1
purl pkg:deb/debian/chromium@147.0.7727.116-1
Next non-vulnerable version 147.0.7727.137-1~deb12u1
Latest non-vulnerable version 147.0.7727.137-1
Risk
Vulnerabilities affecting this package (30)
Vulnerability Summary Fixed by
VCID-1akm-53z4-1kcj
Aliases:
CVE-2026-7342
Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-1edp-6b95-33gs
Aliases:
CVE-2026-7360
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-5tju-zrp4-skcw
Aliases:
CVE-2026-7348
Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-6zj9-s3kb-hbd3
Aliases:
CVE-2026-7353
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-7ets-yshj-8yb6
Aliases:
CVE-2026-7363
Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-7m13-57sd-hkf8
Aliases:
CVE-2026-7344
Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-7mgc-2v4y-9bce
Aliases:
CVE-2026-7338
Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-87rv-6178-xbfh
Aliases:
CVE-2026-7351
Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-99cb-gnxm-cydf
Aliases:
CVE-2026-7347
Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-9ks6-gu3v-6uek
Aliases:
CVE-2026-7335
Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-d7mn-ye1b-yka6
Aliases:
CVE-2026-7357
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-ekhm-krnb-3ubw
Aliases:
CVE-2026-7343
Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-f8er-aq9n-tkha
Aliases:
CVE-2026-7333
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-fstf-mw9a-vka1
Aliases:
CVE-2026-7358
Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-gm6j-srkc-myfy
Aliases:
CVE-2026-7337
Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-h4h5-z5qc-tyey
Aliases:
CVE-2026-7341
Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-hhuh-793p-f3es
Aliases:
CVE-2026-7339
Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-hmtg-qfkv-17f9
Aliases:
CVE-2026-7361
Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-k61t-1spg-7yhr
Aliases:
CVE-2026-7356
Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-kfur-7mz2-mqac
Aliases:
CVE-2026-7340
Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-nuns-evb8-dfgq
Aliases:
CVE-2026-7345
Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-rz42-rwdt-v7e6
Aliases:
CVE-2026-7352
Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-s2d5-rvq5-hfg8
Aliases:
CVE-2026-7354
Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-sda2-duv5-p3bu
Aliases:
CVE-2026-7350
Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-tuwd-46v2-4beb
Aliases:
CVE-2026-7349
Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-ws7v-jj57-ayf2
Aliases:
CVE-2026-7355
Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-wzds-4kp8-9qa8
Aliases:
CVE-2026-7336
Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-xpqh-8akb-uqg6
Aliases:
CVE-2026-7334
Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-xr2g-731g-3kfr
Aliases:
CVE-2026-7359
Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
VCID-z9gx-673v-1qfh
Aliases:
CVE-2026-7346
Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
147.0.7727.137-1~deb12u1
Affected by 0 other vulnerabilities.
147.0.7727.137-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-6n8y-7be9-9qbw CVE-2026-6920
VCID-yr2x-8rch-hfge CVE-2026-6919

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-02T08:45:24.797119+00:00 Debian Importer Affected by VCID-xpqh-8akb-uqg6 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T08:35:31.379307+00:00 Debian Importer Affected by VCID-9ks6-gu3v-6uek https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T08:15:25.116499+00:00 Debian Importer Affected by VCID-5tju-zrp4-skcw https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T07:26:06.862786+00:00 Debian Importer Affected by VCID-nuns-evb8-dfgq https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T07:25:49.044844+00:00 Debian Importer Affected by VCID-xr2g-731g-3kfr https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T07:16:37.308032+00:00 Debian Importer Affected by VCID-kfur-7mz2-mqac https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T07:14:28.630720+00:00 Debian Importer Affected by VCID-fstf-mw9a-vka1 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T06:59:57.588074+00:00 Debian Importer Affected by VCID-1akm-53z4-1kcj https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T06:50:12.238574+00:00 Debian Importer Affected by VCID-rz42-rwdt-v7e6 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T05:28:27.882181+00:00 Debian Importer Affected by VCID-7mgc-2v4y-9bce https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T05:25:54.551460+00:00 Debian Importer Affected by VCID-87rv-6178-xbfh https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T05:09:33.471767+00:00 Debian Importer Affected by VCID-z9gx-673v-1qfh https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T05:02:36.970236+00:00 Debian Importer Affected by VCID-6zj9-s3kb-hbd3 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T04:51:57.662372+00:00 Debian Importer Affected by VCID-7ets-yshj-8yb6 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T04:44:42.717418+00:00 Debian Importer Affected by VCID-k61t-1spg-7yhr https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T03:44:34.002774+00:00 Debian Importer Affected by VCID-tuwd-46v2-4beb https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T03:01:48.029564+00:00 Debian Importer Affected by VCID-sda2-duv5-p3bu https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T02:53:57.258292+00:00 Debian Importer Affected by VCID-7m13-57sd-hkf8 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T02:45:40.801802+00:00 Debian Importer Affected by VCID-1edp-6b95-33gs https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T01:41:18.043645+00:00 Debian Importer Affected by VCID-hhuh-793p-f3es https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T01:26:14.761540+00:00 Debian Importer Affected by VCID-ekhm-krnb-3ubw https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T01:09:47.800215+00:00 Debian Importer Affected by VCID-f8er-aq9n-tkha https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T00:21:11.904148+00:00 Debian Importer Affected by VCID-s2d5-rvq5-hfg8 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T00:02:05.395361+00:00 Debian Importer Affected by VCID-ws7v-jj57-ayf2 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T23:59:36.089734+00:00 Debian Importer Affected by VCID-d7mn-ye1b-yka6 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T23:52:42.263212+00:00 Debian Importer Affected by VCID-hmtg-qfkv-17f9 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:04:54.536679+00:00 Debian Importer Affected by VCID-h4h5-z5qc-tyey https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:04:48.972596+00:00 Debian Importer Affected by VCID-wzds-4kp8-9qa8 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:03:30.445597+00:00 Debian Importer Affected by VCID-gm6j-srkc-myfy https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:03:03.552071+00:00 Debian Importer Affected by VCID-99cb-gnxm-cydf https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-04-27T04:54:14.955313+00:00 Debian Importer Fixing VCID-6n8y-7be9-9qbw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-27T02:05:14.281609+00:00 Debian Importer Fixing VCID-yr2x-8rch-hfge https://security-tracker.debian.org/tracker/data/json 38.4.0