Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 90.0.4430.212 (boo#1185908)
- CVE-2021-30506: Incorrect security UI in Web App Installs
- CVE-2021-30507: Inappropriate implementation in Offline
- CVE-2021-30508: Heap buffer overflow in Media Feeds
- CVE-2021-30509: Out of bounds write in Tab Strip
- CVE-2021-30510: Race in Aura
- CVE-2021-30511: Out of bounds read in Tab Group
- CVE-2021-30512: Use after free in Notifications
- CVE-2021-30513: Type Confusion in V8
- CVE-2021-30514: Use after free in Autofill
- CVE-2021-30515: Use after free in File API
- CVE-2021-30516: Heap buffer overflow in History
- CVE-2021-30517: Type Confusion in V8
- CVE-2021-30518: Heap buffer overflow in Reader Mode
- CVE-2021-30519: Use after free in Payments
- CVE-2021-30520: Use after free in Tab Strip
- FTP support disabled at runtime by default since release 88. Chromium 91 will remove support for ftp altogether (boo#1185496)
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:0742-1
- SUSE Security Ratings
- SUSE Bug 1185496
- SUSE Bug 1185716
- SUSE Bug 1185908
- SUSE CVE CVE-2021-30506 page
- SUSE CVE CVE-2021-30507 page
- SUSE CVE CVE-2021-30508 page
- SUSE CVE CVE-2021-30509 page
- SUSE CVE CVE-2021-30510 page
- SUSE CVE CVE-2021-30511 page
- SUSE CVE CVE-2021-30512 page
- SUSE CVE CVE-2021-30513 page
- SUSE CVE CVE-2021-30514 page
- SUSE CVE CVE-2021-30515 page
- SUSE CVE CVE-2021-30516 page
- SUSE CVE CVE-2021-30517 page
- SUSE CVE CVE-2021-30518 page
- SUSE CVE CVE-2021-30519 page
- SUSE CVE CVE-2021-30520 page
Описание
Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30506
- SUSE Bug 1185908
Описание
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30507
- SUSE Bug 1185908
Описание
Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30508
- SUSE Bug 1185908
Описание
Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension.
Затронутые продукты
Ссылки
- CVE-2021-30509
- SUSE Bug 1185908
Описание
Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30510
- SUSE Bug 1185908
Описание
Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30511
- SUSE Bug 1185908
Описание
Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30512
- SUSE Bug 1185908
Описание
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30513
- SUSE Bug 1185908
Описание
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30514
- SUSE Bug 1185908
Описание
Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30515
- SUSE Bug 1185908
Описание
Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30516
- SUSE Bug 1185908
Описание
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30517
- SUSE Bug 1185908
Описание
Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30518
- SUSE Bug 1185908
Описание
Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30519
- SUSE Bug 1185908
Описание
Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-30520
- SUSE Bug 1185908