openSUSE-SU-2021:0401-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0401-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0401-1
Related
Published
2021-03-09T19:05:08Z
Modified
2021-03-09T19:05:08Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

Update to 89.0.4389.72 (boo#1182358, boo#1182960):

  • CVE-2021-21159: Heap buffer overflow in TabStrip.
  • CVE-2021-21160: Heap buffer overflow in WebAudio.
  • CVE-2021-21161: Heap buffer overflow in TabStrip.
  • CVE-2021-21162: Use after free in WebRTC.
  • CVE-2021-21163: Insufficient data validation in Reader Mode.
  • CVE-2021-21164: Insufficient data validation in Chrome for iOS.
  • CVE-2021-21165: Object lifecycle issue in audio.
  • CVE-2021-21166: Object lifecycle issue in audio.
  • CVE-2021-21167: Use after free in bookmarks.
  • CVE-2021-21168: Insufficient policy enforcement in appcache.
  • CVE-2021-21169: Out of bounds memory access in V8.
  • CVE-2021-21170: Incorrect security UI in Loader.
  • CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
  • CVE-2021-21172: Insufficient policy enforcement in File System API.
  • CVE-2021-21173: Side-channel information leakage in Network Internals.
  • CVE-2021-21174: Inappropriate implementation in Referrer.
  • CVE-2021-21175: Inappropriate implementation in Site isolation.
  • CVE-2021-21176: Inappropriate implementation in full screen mode.
  • CVE-2021-21177: Insufficient policy enforcement in Autofill.
  • CVE-2021-21178: Inappropriate implementation in Compositing.
  • CVE-2021-21179: Use after free in Network Internals.
  • CVE-2021-21180: Use after free in tab search.
  • CVE-2020-27844: Heap buffer overflow in OpenJPEG.
  • CVE-2021-21181: Side-channel information leakage in autofill.
  • CVE-2021-21182: Insufficient policy enforcement in navigations.
  • CVE-2021-21183: Inappropriate implementation in performance APIs.
  • CVE-2021-21184: Inappropriate implementation in performance APIs.
  • CVE-2021-21185: Insufficient policy enforcement in extensions.
  • CVE-2021-21186: Insufficient policy enforcement in QR scanning.
  • CVE-2021-21187: Insufficient data validation in URL formatting.
  • CVE-2021-21188: Use after free in Blink.
  • CVE-2021-21189: Insufficient policy enforcement in payments.
  • CVE-2021-21190: Uninitialized Use in PDFium.
  • CVE-2021-21149: Stack overflow in Data Transfer.
  • CVE-2021-21150: Use after free in Downloads.
  • CVE-2021-21151: Use after free in Payments.
  • CVE-2021-21152: Heap buffer overflow in Media.
  • CVE-2021-21153: Stack overflow in GPU Process.
  • CVE-2021-21154: Heap buffer overflow in Tab Strip.
  • CVE-2021-21155: Heap buffer overflow in Tab Strip.
  • CVE-2021-21156: Heap buffer overflow in V8.
  • CVE-2021-21157: Use after free in Web Sockets.
  • Fixed Sandbox with glibc 2.33 (boo#1182233)
  • Fixed an issue where chromium hangs on opening (boo#1182775).

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP2 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
89.0.4389.72-bp152.2.62.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "89.0.4389.72-bp152.2.62.1",
            "chromium": "89.0.4389.72-bp152.2.62.1"
        }
    ]
}