openSUSE-SU-2021:0629-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0629-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0629-1
Related
Published
2021-04-30T19:22:32Z
Modified
2021-04-30T19:22:32Z
Summary
Security update for Chromium
Details

This update for chromium fixes the following issues:

  • Chromium was updated to 90.0.4430.93 (boo#1184764,boo#1185047,boo#1185398)
    • CVE-2021-21227: Insufficient data validation in V8.
    • CVE-2021-21232: Use after free in Dev Tools.
    • CVE-2021-21233: Heap buffer overflow in ANGLE.
    • CVE-2021-21228: Insufficient policy enforcement in extensions.
    • CVE-2021-21229: Incorrect security UI in downloads.
    • CVE-2021-21230: Type Confusion in V8.
    • CVE-2021-21231: Insufficient data validation in V8.
    • CVE-2021-21222: Heap buffer overflow in V8
    • CVE-2021-21223: Integer overflow in Mojo
    • CVE-2021-21224: Type Confusion in V8
    • CVE-2021-21225: Out of bounds memory access in V8
    • CVE-2021-21226: Use after free in navigation
    • CVE-2021-21201: Use after free in permissions
    • CVE-2021-21202: Use after free in extensions
    • CVE-2021-21203: Use after free in Blink
    • CVE-2021-21204: Use after free in Blink
    • CVE-2021-21205: Insufficient policy enforcement in navigation
    • CVE-2021-21221: Insufficient validation of untrusted input in Mojo
    • CVE-2021-21207: Use after free in IndexedDB
    • CVE-2021-21208: Insufficient data validation in QR scanner
    • CVE-2021-21209: Inappropriate implementation in storage
    • CVE-2021-21210: Inappropriate implementation in Network
    • CVE-2021-21211: Inappropriate implementation in Navigatio
    • CVE-2021-21212: Incorrect security UI in Network Config UI
    • CVE-2021-21213: Use after free in WebMIDI
References

Affected packages

openSUSE:Leap 15.2 / chromium

Package

Name
chromium
Purl
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
90.0.4430.93-lp152.2.89.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "90.0.4430.93-lp152.2.89.1",
            "chromium": "90.0.4430.93-lp152.2.89.1"
        }
    ]
}