Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202106-2
HistoryJun 01, 2021 - 12:00 a.m.

[ASA-202106-2] chromium: multiple issues

2021-06-0100:00:00
security.archlinux.org
186

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON

Arch Linux Security Advisory ASA-202106-2

Severity: High
Date : 2021-06-01
CVE-ID : CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524
CVE-2021-30525 CVE-2021-30526 CVE-2021-30527 CVE-2021-30528
CVE-2021-30529 CVE-2021-30530 CVE-2021-30531 CVE-2021-30532
CVE-2021-30533 CVE-2021-30534 CVE-2021-30535 CVE-2021-30536
CVE-2021-30537 CVE-2021-30538 CVE-2021-30539 CVE-2021-30540
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1990

Summary

The package chromium before version 91.0.4472.77-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure, insufficient validation and content spoofing.

Resolution

Upgrade to 91.0.4472.77-1.

pacman -Syu “chromium>=91.0.4472.77-1”

The problems have been fixed upstream in version 91.0.4472.77.

Workaround

None.

Description

  • CVE-2021-30521 (arbitrary code execution)

A heap buffer overflow security issue has been found in the Autofill
component of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30522 (arbitrary code execution)

A use after free security issue has been found in the WebAudio
component of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30523 (arbitrary code execution)

A use after free security issue has been found in the WebRTC component
of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30524 (arbitrary code execution)

A use after free security issue has been found in the TabStrip
component of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30525 (arbitrary code execution)

A use after free security issue has been found in the TabGroups
component of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30526 (arbitrary code execution)

An out of bounds write security issue has been found in the TabStrip
component of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30527 (arbitrary code execution)

A use after free security issue has been found in the WebUI component
of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30528 (arbitrary code execution)

A use after free security issue has been found in the WebAuthentication
component of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30529 (arbitrary code execution)

A use after free security issue has been found in the Bookmarks
component of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30530 (information disclosure)

An out of bounds memory access security issue has been found in the
WebAudio component of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30531 (insufficient validation)

An insufficient policy enforcement security issue has been found in the
Content Security Policy component of the Chromium browser before
version 91.0.4472.77.

  • CVE-2021-30532 (insufficient validation)

An insufficient policy enforcement security issue has been found in the
Content Security Policy component of the Chromium browser before
version 91.0.4472.77.

  • CVE-2021-30533 (insufficient validation)

An insufficient policy enforcement security issue has been found in the
PopupBlocker component of the Chromium browser before version
91.0.4472.77.

  • CVE-2021-30534 (insufficient validation)

An insufficient policy enforcement security issue has been found in the
iFrameSandbox component of the Chromium browser before version
91.0.4472.77.

  • CVE-2021-30535 (arbitrary code execution)

A double free security issue has been found in the ICU component of the
Chromium browser before version 91.0.4472.77.

  • CVE-2021-30536 (information disclosure)

An out of bounds read security issue has been found in the V8 component
of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30537 (insufficient validation)

An insufficient policy enforcement security issue has been found in the
cookies component of the Chromium browser before version 91.0.4472.77.

  • CVE-2021-30538 (insufficient validation)

An insufficient policy enforcement security issue has been found in the
content security policy component of the Chromium browser before
version 91.0.4472.77.

  • CVE-2021-30539 (insufficient validation)

An insufficient policy enforcement security issue has been found in the
content security policy component of the Chromium browser before
version 91.0.4472.77.

  • CVE-2021-30540 (content spoofing)

An incorrect security UI security issue has been found in the payments
component of the Chromium browser before version 91.0.4472.77.

Impact

A remote attacker could spoof content, disclose sensitive information,
or execute arbitrary code through crafted web pages.

References

https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
https://crbug.com/1208721
https://crbug.com/1176218
https://crbug.com/1187797
https://crbug.com/1197146
https://crbug.com/1197888
https://crbug.com/1198717
https://crbug.com/1199198
https://crbug.com/1206329
https://crbug.com/1195278
https://crbug.com/1201033
https://crbug.com/1115628
https://crbug.com/1117687
https://crbug.com/1145553
https://crbug.com/1151507
https://crbug.com/1194899
https://crbug.com/1194358
https://crbug.com/830101
https://crbug.com/1115045
https://crbug.com/971231
https://crbug.com/1184147
https://security.archlinux.org/CVE-2021-30521
https://security.archlinux.org/CVE-2021-30522
https://security.archlinux.org/CVE-2021-30523
https://security.archlinux.org/CVE-2021-30524
https://security.archlinux.org/CVE-2021-30525
https://security.archlinux.org/CVE-2021-30526
https://security.archlinux.org/CVE-2021-30527
https://security.archlinux.org/CVE-2021-30528
https://security.archlinux.org/CVE-2021-30529
https://security.archlinux.org/CVE-2021-30530
https://security.archlinux.org/CVE-2021-30531
https://security.archlinux.org/CVE-2021-30532
https://security.archlinux.org/CVE-2021-30533
https://security.archlinux.org/CVE-2021-30534
https://security.archlinux.org/CVE-2021-30535
https://security.archlinux.org/CVE-2021-30536
https://security.archlinux.org/CVE-2021-30537
https://security.archlinux.org/CVE-2021-30538
https://security.archlinux.org/CVE-2021-30539
https://security.archlinux.org/CVE-2021-30540

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanychromium< 91.0.4472.77-1UNKNOWN

References

Related

suse 2
nessus 7
freebsd 1
openvas 9
kaspersky 2
archlinux 1
chrome 1
fedora 3
gentoo 1
veracode 20
cve 20
prion 20
alpinelinux 20
debiancve 20
mscve 20
ubuntucve 20
attackerkb 1
ubuntu 1
osv 1
checkpoint_advisories 1
cisa_kev 1
mageia 1
talos 1
thn 1
suse
suse
Security update for chromium (important)
2021-06-04 00:00:00
Security update for chromium (important)
2021-06-02 00:00:00
nessus
nessus
openSUSE Security Update : chromium (openSUSE-2021-825)
2021-06-04 00:00:00
Google Chrome < 91.0.4472.77 Multiple Vulnerabilities
2021-05-25 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (674ed047-be0a-11eb-b927-3065ec8fd3ec)
2021-05-27 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-05-25 00:00:00
openvas
openvas
openSUSE: Security Advisory for chromium (openSUSE-SU-2021:0825-1)
2021-06-03 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_25-2021-05) - Windows
2022-12-28 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_25-2021-05) - Mac OS X
2022-12-28 00:00:00
kaspersky
kaspersky
KLA12192 Multiple vulnerabilities in Microsoft Browser
2021-05-27 00:00:00
KLA12189 Multiple vulnerabilities in Google Chrome
2021-05-25 00:00:00
archlinux
archlinux
[ASA-202106-33] opera: multiple issues
2021-06-15 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-05-25 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: chromium-91.0.4472.114-1.fc34
2021-07-09 01:03:32
[SECURITY] Fedora 33 Update: chromium-91.0.4472.114-2.fc33
2021-07-18 01:04:26
[SECURITY] Fedora 34 Update: qt5-qtwebengine-5.15.8-2.fc34
2022-02-04 01:23:18
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2021-07-06 00:00:00
veracode
veracode
Insufficient Policy Enforcement
2021-05-28 13:04:05
Insufficient Policy Enforcement
2021-05-28 13:04:09
Information Disclosure
2021-05-28 13:04:06
cve
cve
CVE-2021-30527
2021-06-07 20:15:00
CVE-2021-30532
2021-06-07 20:15:00
CVE-2021-30526
2021-06-07 20:15:00
prion
prion
Heap overflow
2021-06-07 20:15:00
Design/Logic Flaw
2021-06-07 20:15:00
Design/Logic Flaw
2021-06-07 20:15:00
alpinelinux
alpinelinux
CVE-2021-30521
2021-06-07 20:15:00
CVE-2021-30538
2021-06-07 20:15:00
CVE-2021-30529
2021-06-07 20:15:00
debiancve
debiancve
CVE-2021-30539
2021-06-07 20:15:00
CVE-2021-30540
2021-06-07 20:15:00
CVE-2021-30529
2021-06-07 20:15:00
mscve
mscve
Chromium: CVE-2021-30524 Use after free in TabStrip
2021-05-27 07:00:00
Chromium: CVE-2021-30521 Heap buffer overflow in Autofill
2021-05-27 07:00:00
Chromium: CVE-2021-30529 Use after free in Bookmarks
2021-05-27 07:00:00
ubuntucve
ubuntucve
CVE-2021-30540
2021-06-07 00:00:00
CVE-2021-30521
2021-06-07 00:00:00
CVE-2021-30532
2021-06-07 00:00:00
attackerkb
attackerkb
CVE-2021-30533
2021-06-07 00:00:00
ubuntu
ubuntu
ICU vulnerability
2021-11-24 00:00:00
osv
osv
A security issue was fixed in ICU
2021-11-24 17:26:57
checkpoint_advisories
checkpoint_advisories
Google Chrome Authentication Bypass (CVE-2021-30533)
2022-07-10 00:00:00
cisa_kev
cisa_kev
Google Chromium PopupBlocker Security Bypass Vulnerability
2022-06-27 00:00:00
mageia
mageia
Updated icu packages fix security vulnerability
2021-10-02 21:57:04
talos
talos
Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability
2021-06-08 00:00:00
thn
thn
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild
2022-06-29 04:01:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON
Related for ASA-202106-2
suse2nessus7freebsd1openvas9kaspersky2archlinux1chrome1fedora3gentoo1veracode20cve20prion20alpinelinux20debiancve20mscve20ubuntucve20attackerkb1ubuntu1osv1checkpoint_advisories1cisa_kev1mageia1talos1thn1