Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 94.0.4606.81 (boo#1191463):
- CVE-2021-37977: Use after free in Garbage Collection
- CVE-2021-37978: Heap buffer overflow in Blink
- CVE-2021-37979: Heap buffer overflow in WebRTC
- CVE-2021-37980: Inappropriate implementation in Sandbox
Chromium 94.0.4606.54 (boo#1190765):
- CVE-2021-37956: Use after free in Offline use
- CVE-2021-37957: Use after free in WebGPU
- CVE-2021-37958: Inappropriate implementation in Navigation
- CVE-2021-37959: Use after free in Task Manager
- CVE-2021-37960: Inappropriate implementation in Blink graphics
- CVE-2021-37961: Use after free in Tab Strip
- CVE-2021-37962: Use after free in Performance Manager
- CVE-2021-37963: Side-channel information leakage in DevTools
- CVE-2021-37964: Inappropriate implementation in ChromeOS Networking
- CVE-2021-37965: Inappropriate implementation in Background Fetch API
- CVE-2021-37966: Inappropriate implementation in Compositing
- CVE-2021-37967: Inappropriate implementation in Background Fetch API
- CVE-2021-37968: Inappropriate implementation in Background Fetch API
- CVE-2021-37969: Inappropriate implementation in Google Updater
- CVE-2021-37970: Use after free in File System API
- CVE-2021-37971: Incorrect security UI in Web Browser UI
- CVE-2021-37972: Out of bounds read in libjpeg-turbo
Chromium 94.0.4606.61 (boo#1191166):
- CVE-2021-37973: Use after free in Portals
Chromium 94.0.4606.71 (boo#1191204):
- CVE-2021-37974 : Use after free in Safe Browsing
- CVE-2021-37975 : Use after free in V8
- CVE-2021-37976 : Information leak in core
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:1350-1
- SUSE Security Ratings
- SUSE Bug 1190765
- SUSE Bug 1191166
- SUSE Bug 1191204
- SUSE Bug 1191463
- SUSE CVE CVE-2021-37956 page
- SUSE CVE CVE-2021-37957 page
- SUSE CVE CVE-2021-37958 page
- SUSE CVE CVE-2021-37959 page
- SUSE CVE CVE-2021-37960 page
- SUSE CVE CVE-2021-37961 page
- SUSE CVE CVE-2021-37962 page
- SUSE CVE CVE-2021-37963 page
- SUSE CVE CVE-2021-37964 page
- SUSE CVE CVE-2021-37965 page
- SUSE CVE CVE-2021-37966 page
- SUSE CVE CVE-2021-37967 page
- SUSE CVE CVE-2021-37968 page
- SUSE CVE CVE-2021-37969 page
Описание
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37956
- SUSE Bug 1190765
Описание
Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37957
- SUSE Bug 1190765
Описание
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37958
- SUSE Bug 1190765
Описание
Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37959
- SUSE Bug 1190765
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Затронутые продукты
Ссылки
- CVE-2021-37960
- SUSE Bug 1190765
Описание
Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37961
- SUSE Bug 1190765
Описание
Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37962
- SUSE Bug 1190765
Описание
Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37963
- SUSE Bug 1190765
Описание
Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.
Затронутые продукты
Ссылки
- CVE-2021-37964
- SUSE Bug 1190765
Описание
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37965
- SUSE Bug 1190765
Описание
Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37966
- SUSE Bug 1190765
Описание
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37967
- SUSE Bug 1190765
Описание
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37968
- SUSE Bug 1190765
Описание
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
Затронутые продукты
Ссылки
- CVE-2021-37969
- SUSE Bug 1190765
Описание
Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37970
- SUSE Bug 1190765
Описание
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37971
- SUSE Bug 1190765
Описание
Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37972
- SUSE Bug 1190765
Описание
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37973
- SUSE Bug 1191166
Описание
Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37974
- SUSE Bug 1191204
Описание
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37975
- SUSE Bug 1191204
Описание
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37976
- SUSE Bug 1191204
Описание
Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37977
- SUSE Bug 1191463
Описание
Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37978
- SUSE Bug 1191463
Описание
heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37979
- SUSE Bug 1191463
Описание
Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.
Затронутые продукты
Ссылки
- CVE-2021-37980
- SUSE Bug 1191463