1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4886-1] chromium security update

    From Michael Gilbert@21:1/5 to All on Tue Apr 6 15:40:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4886-1 security@debian.org https://www.debian.org/security/ Michael Gilbert
    April 06, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium
    CVE ID : CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162
    CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167
    CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171
    CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175
    CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179
    CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183
    CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187
    CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191
    CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195
    CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199

    Several vulnerabilites have been discovered in the chromium web browser.

    CVE-2021-21159

    Khalil Zhani disocvered a buffer overflow issue in the tab implementation.

    CVE-2021-21160

    Marcin Noga discovered a buffer overflow issue in WebAudio.

    CVE-2021-21161

    Khalil Zhani disocvered a buffer overflow issue in the tab implementation.

    CVE-2021-21162

    A use-after-free issue was discovered in the WebRTC implementation.

    CVE-2021-21163

    Alison Huffman discovered a data validation issue.

    CVE-2021-21165

    Alison Huffman discovered an error in the audio implementation.

    CVE-2021-21166

    Alison Huffman discovered an error in the audio implementation.

    CVE-2021-21167

    Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks
    implementation.

    CVE-2021-21168

    Luan Herrera discovered a policy enforcement error in the appcache.

    CVE-2021-21169

    Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the
    v8 javascript library.

    CVE-2021-21170

    David Erceg discovered a user interface error.

    CVE-2021-21171

    Irvan Kurniawan discovered a user interface error.

    CVE-2021-21172

    Maciej Pulikowski discovered a policy enforcement error in the File
    System API.

    CVE-2021-21173

    Tom Van Goethem discovered a network based information leak.

    CVE-2021-21174

    Ashish Guatam Kambled discovered an implementation error in the Referrer
    policy.

    CVE-2021-21175

    Jun Kokatsu discovered an implementation error in the Site Isolation
    feature.

    CVE-2021-21176

    Luan Herrera discovered an implementation error in the full screen mode.

    CVE-2021-21177

    Abdulrahman Alqabandi discovered a policy enforcement error in the
    Autofill feature.

    CVE-2021-21178

    Japong discovered an error in the Compositor implementation.

    CVE-2021-21179

    A use-after-free issue was discovered in the networking implementation.

    CVE-2021-21180

    Abdulrahman Alqabandi discovered a use-after-free issue in the tab search
    feature.

    CVE-2021-21181

    Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel
    information leak in the Autofill feature.

    CVE-2021-21182

    Luan Herrera discovered a policy enforcement error in the site navigation
    implementation.

    CVE-2021-21183

    Takashi Yoneuchi discovered an implementation error in the Performance API.

    CVE-2021-21184

    James Hartig discovered an implementation error in the Performance API.

    CVE-2021-21185

    David Erceg discovered a policy enforcement error in Extensions.

    CVE-2021-21186

    dhirajkumarnifty discovered a policy enforcement error in the QR scan
    implementation.

    CVE-2021-21187

    Kirtikumar Anandrao Ramchandani discovered a data validation error in
    URL formatting.

    CVE-2021-21188

    Woojin Oh discovered a use-after-free issue in Blink/Webkit.

    CVE-2021-21189

    Khalil Zhani discovered a policy enforcement error in the Payments
    implementation.

    CVE-2021-21190

    Zhou Aiting discovered use of uninitialized memory in the pdfium library.

    CVE-2021-21191

    raven discovered a use-after-free issue in the WebRTC implementation.

    CVE-2021-21192

    Abdulrahman Alqabandi discovered a buffer overflow issue in the tab
    implementation.

    CVE-2021-21193

    A use-after-free issue was discovered in Blink/Webkit.

    CVE-2021-21194

    Leecraso and Guang Gong discovered a use-after-free issue in the screen
    capture feature.

    CVE-2021-21195

    Liu and Liang discovered a use-after-free issue in the v8 javascript
    library.

    CVE-2021-21196

    Khalil Zhani discovered a buffer overflow issue in the tab implementation.

    CVE-2021-21197

    Abdulrahman Alqabandi discovered a buffer overflow issue in the tab
    implementation.

    CVE-2021-21198

    Mark Brand discovered an out-of-bounds read issue in the Inter-Process
    Communication implementation.

    CVE-2021-21199

    Weipeng Jiang discovered a use-after-free issue in the Aura window and
    event manager.

    For the stable distribution (buster), these problems have been fixed in
    version 89.0.4389.114-1~deb10u1.

    We recommend that you upgrade your chromium packages.

    For the detailed security status of chromium please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/chromium

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmBsY1oACgkQmD40ZYkU ayiUXSAAgfMNsCeTke9JJBtyvUU4EzWt6op+dq3g4pN11Clqo5Y2vgHTPjiPjoYK z5qy9V9FNUrnKyVmLjspdsNgSHaGUjxhFgiTUql59kSPOuOLCMrByP1aYZ7W6xGJ Fw5Um5m2V/sPsDFFakTbU3YMLqOV/UnoWxb0E/1WR1ucXRU5DBviAJhl47yaCLwH pP+FLQVgRbhgnwwtEmuq/VulA5UYy3GXU6kyE0NsXU4pvyzHuxJEutvLsQHQ9Lqs Jf6PbN1oWLAESbVL2sPVNrkSwlfRDM6du+km4KZdaURTBaLN1d8P8nnvBlvVGiAy ZgKM3d56PsMBqVvU+2mlg8JsGKqw1pi4yMXSOT13DkzpgfCBJNin9XuzzyzWbdPV gjM+VzpoyD1HSFg23g5ly3VcQcZR62C+JwT35xve52Jed6RWMYK/HmYBMhcE8Yu/ 7gQiUvg9CnEkvrLpbfy9LvrKNzLmo5KMsvjSFme+nlcrWL9Fp3j89R7uJp/GA4vw nrF16QKz/sI8ylHXuJjnWVzc1LfbyIBWjyBr/YAm6RI8mRAhKIS31qT7Xqp2MXDf HyvioFheWUykKMeX57rlv/U3t8e1iq2tvkMcD1vARTA1LHwHcCYhxHaHo/cZSMgL 7qriuNuv4b8PXDJxSsm096sMeeNdoRKUX3lZnaDa3Kbg1Rz78faY3/x2egkSS5eY vzzYLKF2/oK8pXnZeT4woVlp4/bhxVW8YtScDOuGQwwNIVfYmV+AdFI+RJP0Fvlk HC2rZ2Rc94zD5kN5ig8XYxFisr7iv7m3Ip1xwCxM0/NYeyv8VV2HX8YIclp4XHZ6 sWX9wNQWv9NKDwE/0mdQmqKwhGgfBgUD49HnJv8N9oLwpw0sp8qXupZfFxGHZnsT L9xyHCmFxtQ13JrI2XLYSiDgJOCQjSOBQoE8kcQVe53V44djqKE1z5lsAL5MXGua cK8HOuRQqMeUofBWoN/sIF9unUGqxO6tkqQiQw7PsIfOeTMofMYDDRI1ImyDuBCy G/i6pwHMgjiAkIgxUm2q5JC6U+glOw7Hftxos3S9spUPbJHWxSpUKrlu+w+CNhDo mX1E/mJvssTpOD3G0/M50bKgIsxWRnBgF+nzPaKfxmmVJ9V3mMZ7mnE8A+ByZmBG pqyTN57rwJjty8IA14Ti6Cv1WhQ/QRNPNZi6WLj9pkLf0kL5jvJ9ukc44hTq3PLZ gUvphhmU0BG9Yt+8JQZ5JqsoP7/Sj+tXlLwWH7lqkbr/mwLzbnTRlEULFTnKvs5W 7YJUxE9l9VsrDztOKw3iqTKbAUVozFvN/b/JEb0sQYV9RDSyqW0iiUEG6cVkSyih wOPXdS43UhewHMEVGLe4sJxbMVKhJw==
    =Acyh
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)