Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 95.0.4638.69 (boo#1192184):
- CVE-2021-37997: Use after free in Sign-In
- CVE-2021-37998: Use after free in Garbage Collection
- CVE-2021-37999: Insufficient data validation in New Tab Page
- CVE-2021-38000: Insufficient validation of untrusted input in Intents
- CVE-2021-38001: Type Confusion in V8
- CVE-2021-38002: Use after free in Web Transport
- CVE-2021-38003: Inappropriate implementation in V8
Список пакетов
SUSE Package Hub 15 SP3
openSUSE Leap 15.2
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2021:1462-1
- SUSE Security Ratings
- SUSE Bug 1192184
- SUSE CVE CVE-2021-37997 page
- SUSE CVE CVE-2021-37998 page
- SUSE CVE CVE-2021-37999 page
- SUSE CVE CVE-2021-38000 page
- SUSE CVE CVE-2021-38001 page
- SUSE CVE CVE-2021-38002 page
- SUSE CVE CVE-2021-38003 page
Описание
Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37997
- SUSE Bug 1192184
Описание
Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37998
- SUSE Bug 1192184
Описание
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-37999
- SUSE Bug 1192184
Описание
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-38000
- SUSE Bug 1192184
Описание
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-38001
- SUSE Bug 1192184
Описание
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-38002
- SUSE Bug 1192184
Описание
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2021-38003
- SUSE Bug 1192184