Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 95.0.4638.54 (boo#1191844):
- CVE-2021-37981: Heap buffer overflow in Skia
- CVE-2021-37982: Use after free in Incognito
- CVE-2021-37983: Use after free in Dev Tools
- CVE-2021-37984: Heap buffer overflow in PDFium
- CVE-2021-37985: Use after free in V8
- CVE-2021-37986: Heap buffer overflow in Settings
- CVE-2021-37987: Use after free in Network APIs
- CVE-2021-37988: Use after free in Profiles
- CVE-2021-37989: Inappropriate implementation in Blink
- CVE-2021-37990: Inappropriate implementation in WebView
- CVE-2021-37991: Race in V8
- CVE-2021-37992: Out of bounds read in WebAudio
- CVE-2021-37993: Use after free in PDF Accessibility
- CVE-2021-37996: Insufficient validation of untrusted input in Downloads
- CVE-2021-37994: Inappropriate implementation in iFrame Sandbox
- CVE-2021-37995: Inappropriate implementation in WebApp Installer
Список пакетов
SUSE Package Hub 15 SP3
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2021:1392-1
- SUSE Security Ratings
- SUSE Bug 1191844
- SUSE CVE CVE-2021-37981 page
- SUSE CVE CVE-2021-37982 page
- SUSE CVE CVE-2021-37983 page
- SUSE CVE CVE-2021-37984 page
- SUSE CVE CVE-2021-37985 page
- SUSE CVE CVE-2021-37986 page
- SUSE CVE CVE-2021-37987 page
- SUSE CVE CVE-2021-37988 page
- SUSE CVE CVE-2021-37989 page
- SUSE CVE CVE-2021-37990 page
- SUSE CVE CVE-2021-37991 page
- SUSE CVE CVE-2021-37992 page
- SUSE CVE CVE-2021-37993 page
- SUSE CVE CVE-2021-37994 page
- SUSE CVE CVE-2021-37995 page
- SUSE CVE CVE-2021-37996 page
Описание
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37981
- SUSE Bug 1191844
Описание
Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37982
- SUSE Bug 1191844
Описание
Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37983
- SUSE Bug 1191844
Описание
Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37984
- SUSE Bug 1191844
Описание
Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37985
- SUSE Bug 1191844
Описание
Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37986
- SUSE Bug 1191844
Описание
Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37987
- SUSE Bug 1191844
Описание
Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37988
- SUSE Bug 1191844
Описание
Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37989
- SUSE Bug 1191844
Описание
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
Затронутые продукты
Ссылки
- CVE-2021-37990
- SUSE Bug 1191844
Описание
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37991
- SUSE Bug 1191844
Описание
Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37992
- SUSE Bug 1191844
Описание
Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37993
- SUSE Bug 1191844
Описание
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37994
- SUSE Bug 1191844
Описание
Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37995
- SUSE Bug 1191844
Описание
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
Затронутые продукты
Ссылки
- CVE-2021-37996
- SUSE Bug 1191844