Описание
Security update for chromium
This update for chromium fixes the following issues:
-
Update to 87.0.4280.141 (boo#1180645)
- CVE-2021-21106: Use after free in autofill
- CVE-2021-21107: Use after free in drag and drop
- CVE-2021-21108: Use after free in media
- CVE-2021-21109: Use after free in payments
- CVE-2021-21110: Use after free in safe browsing
- CVE-2021-21111: Insufficient policy enforcement in WebUI
- CVE-2021-21112: Use after free in Blink
- CVE-2021-21113: Heap buffer overflow in Skia
- CVE-2020-16043: Insufficient data validation in networking
- CVE-2021-21114: Use after free in audio
- CVE-2020-15995: Out of bounds write in V8
- CVE-2021-21115: Use after free in safe browsing
- CVE-2021-21116: Heap buffer overflow in audio
-
Use main URLs instead of redirects in master preferences
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:0040-1
- SUSE Security Ratings
- SUSE Bug 1180645
- SUSE CVE CVE-2020-15995 page
- SUSE CVE CVE-2020-16043 page
- SUSE CVE CVE-2021-21106 page
- SUSE CVE CVE-2021-21107 page
- SUSE CVE CVE-2021-21108 page
- SUSE CVE CVE-2021-21109 page
- SUSE CVE CVE-2021-21110 page
- SUSE CVE CVE-2021-21111 page
- SUSE CVE CVE-2021-21112 page
- SUSE CVE CVE-2021-21113 page
- SUSE CVE CVE-2021-21114 page
- SUSE CVE CVE-2021-21115 page
- SUSE CVE CVE-2021-21116 page
Описание
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-15995
- SUSE Bug 1180645
Описание
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.
Затронутые продукты
Ссылки
- CVE-2020-16043
- SUSE Bug 1180645
Описание
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21106
- SUSE Bug 1180645
Описание
Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21107
- SUSE Bug 1180645
Описание
Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21108
- SUSE Bug 1180645
Описание
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21109
- SUSE Bug 1180645
Описание
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21110
- SUSE Bug 1180645
Описание
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2021-21111
- SUSE Bug 1180645
Описание
Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21112
- SUSE Bug 1180645
Описание
Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21113
- SUSE Bug 1180645
Описание
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21114
- SUSE Bug 1180645
Описание
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21115
- SUSE Bug 1180645
Описание
Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-21116
- SUSE Bug 1180645