There was some discussion on the debian security mailing list and it suggests debian distributes chromium with known public exploits which are fixed upstream:
https://security-tracker.debian.org/tracker/source-package/chromium Does debian distributes chromium with unpatched known bugs?
