openSUSE-SU-2021:0401-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0401-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0401-1
- Related
- Published
- 2021-03-09T19:05:08Z
- Modified
- 2021-03-09T19:05:08Z
- Summary
- Security update for chromium
- Details
-
This update for chromium fixes the following issues:
Update to 89.0.4389.72 (boo#1182358, boo#1182960):
- CVE-2021-21159: Heap buffer overflow in TabStrip.
- CVE-2021-21160: Heap buffer overflow in WebAudio.
- CVE-2021-21161: Heap buffer overflow in TabStrip.
- CVE-2021-21162: Use after free in WebRTC.
- CVE-2021-21163: Insufficient data validation in Reader Mode.
- CVE-2021-21164: Insufficient data validation in Chrome for iOS.
- CVE-2021-21165: Object lifecycle issue in audio.
- CVE-2021-21166: Object lifecycle issue in audio.
- CVE-2021-21167: Use after free in bookmarks.
- CVE-2021-21168: Insufficient policy enforcement in appcache.
- CVE-2021-21169: Out of bounds memory access in V8.
- CVE-2021-21170: Incorrect security UI in Loader.
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
- CVE-2021-21172: Insufficient policy enforcement in File System API.
- CVE-2021-21173: Side-channel information leakage in Network Internals.
- CVE-2021-21174: Inappropriate implementation in Referrer.
- CVE-2021-21175: Inappropriate implementation in Site isolation.
- CVE-2021-21176: Inappropriate implementation in full screen mode.
- CVE-2021-21177: Insufficient policy enforcement in Autofill.
- CVE-2021-21178: Inappropriate implementation in Compositing.
- CVE-2021-21179: Use after free in Network Internals.
- CVE-2021-21180: Use after free in tab search.
- CVE-2020-27844: Heap buffer overflow in OpenJPEG.
- CVE-2021-21181: Side-channel information leakage in autofill.
- CVE-2021-21182: Insufficient policy enforcement in navigations.
- CVE-2021-21183: Inappropriate implementation in performance APIs.
- CVE-2021-21184: Inappropriate implementation in performance APIs.
- CVE-2021-21185: Insufficient policy enforcement in extensions.
- CVE-2021-21186: Insufficient policy enforcement in QR scanning.
- CVE-2021-21187: Insufficient data validation in URL formatting.
- CVE-2021-21188: Use after free in Blink.
- CVE-2021-21189: Insufficient policy enforcement in payments.
- CVE-2021-21190: Uninitialized Use in PDFium.
- CVE-2021-21149: Stack overflow in Data Transfer.
- CVE-2021-21150: Use after free in Downloads.
- CVE-2021-21151: Use after free in Payments.
- CVE-2021-21152: Heap buffer overflow in Media.
- CVE-2021-21153: Stack overflow in GPU Process.
- CVE-2021-21154: Heap buffer overflow in Tab Strip.
- CVE-2021-21155: Heap buffer overflow in Tab Strip.
- CVE-2021-21156: Heap buffer overflow in V8.
- CVE-2021-21157: Use after free in Web Sockets.
- Fixed Sandbox with glibc 2.33 (boo#1182233)
- Fixed an issue where chromium hangs on opening (boo#1182775).
This update was imported from the openSUSE:Leap:15.2:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/
- https://bugzilla.suse.com/1182233
- https://bugzilla.suse.com/1182358
- https://bugzilla.suse.com/1182775
- https://www.suse.com/security/cve/CVE-2020-27844
- https://www.suse.com/security/cve/CVE-2021-21149
- https://www.suse.com/security/cve/CVE-2021-21150
- https://www.suse.com/security/cve/CVE-2021-21151
- https://www.suse.com/security/cve/CVE-2021-21152
- https://www.suse.com/security/cve/CVE-2021-21153
- https://www.suse.com/security/cve/CVE-2021-21154
- https://www.suse.com/security/cve/CVE-2021-21155
- https://www.suse.com/security/cve/CVE-2021-21156
- https://www.suse.com/security/cve/CVE-2021-21157
- https://www.suse.com/security/cve/CVE-2021-21159
- https://www.suse.com/security/cve/CVE-2021-21160
- https://www.suse.com/security/cve/CVE-2021-21161
- https://www.suse.com/security/cve/CVE-2021-21162
- https://www.suse.com/security/cve/CVE-2021-21163
- https://www.suse.com/security/cve/CVE-2021-21164
- https://www.suse.com/security/cve/CVE-2021-21165
- https://www.suse.com/security/cve/CVE-2021-21166
- https://www.suse.com/security/cve/CVE-2021-21167
- https://www.suse.com/security/cve/CVE-2021-21168
- https://www.suse.com/security/cve/CVE-2021-21169
- https://www.suse.com/security/cve/CVE-2021-21170
- https://www.suse.com/security/cve/CVE-2021-21171
- https://www.suse.com/security/cve/CVE-2021-21172
- https://www.suse.com/security/cve/CVE-2021-21173
- https://www.suse.com/security/cve/CVE-2021-21174
- https://www.suse.com/security/cve/CVE-2021-21175
- https://www.suse.com/security/cve/CVE-2021-21176
- https://www.suse.com/security/cve/CVE-2021-21177
- https://www.suse.com/security/cve/CVE-2021-21178
- https://www.suse.com/security/cve/CVE-2021-21179
- https://www.suse.com/security/cve/CVE-2021-21180
- https://www.suse.com/security/cve/CVE-2021-21181
- https://www.suse.com/security/cve/CVE-2021-21182
- https://www.suse.com/security/cve/CVE-2021-21183
- https://www.suse.com/security/cve/CVE-2021-21184
- https://www.suse.com/security/cve/CVE-2021-21185
- https://www.suse.com/security/cve/CVE-2021-21186
- https://www.suse.com/security/cve/CVE-2021-21187
- https://www.suse.com/security/cve/CVE-2021-21188
- https://www.suse.com/security/cve/CVE-2021-21189
- https://www.suse.com/security/cve/CVE-2021-21190