Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202110-2
HistoryOct 21, 2021 - 12:00 a.m.

[ASA-202110-2] chromium: multiple issues

2021-10-2100:00:00
security.archlinux.org
12

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON

Arch Linux Security Advisory ASA-202110-2

Severity: High
Date : 2021-10-21
CVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984
CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988
CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992
CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2474

Summary

The package chromium before version 95.0.4638.54-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and insufficient validation.

Resolution

Upgrade to 95.0.4638.54-1.

pacman -Syu “chromium>=95.0.4638.54-1”

The problems have been fixed upstream in version 95.0.4638.54.

Workaround

None.

Description

  • CVE-2021-37981 (arbitrary code execution)

A heap buffer overflow security issue has been found in the Skia
component of the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37982 (arbitrary code execution)

A use after free security issue has been found in the Incognito
component of the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37983 (arbitrary code execution)

A use after free security issue has been found in the Dev Tools
component of the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37984 (arbitrary code execution)

A heap buffer overflow security issue has been found in the PDFium
component of the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37985 (arbitrary code execution)

A use after free security issue has been found in the V8 component of
the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37986 (arbitrary code execution)

A heap buffer overflow security issue has been found in the Settings
component of the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37987 (arbitrary code execution)

A use after free security issue has been found in the Network APIs
component of the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37988 (arbitrary code execution)

A use after free security issue has been found in the Profiles
component of the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37989 (arbitrary code execution)

An inappropriate implementation security issue has been found in the
Blink component of the Chromium browser engine before version
95.0.4638.54.

  • CVE-2021-37990 (arbitrary code execution)

An inappropriate implementation security issue has been found in the
WebView component of the Chromium browser engine before version
95.0.4638.54.

  • CVE-2021-37991 (arbitrary code execution)

A race security issue has been found in the V8 component of the
Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37992 (information disclosure)

An out of bounds read security issue has been found in the WebAudio
component of the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37993 (arbitrary code execution)

A use after free security issue has been found in the PDF Accessibility
component of the Chromium browser engine before version 95.0.4638.54.

  • CVE-2021-37994 (arbitrary code execution)

An inappropriate implementation security issue has been found in the
iFrame Sandbox component of the Chromium browser engine before version
95.0.4638.54.

  • CVE-2021-37995 (arbitrary code execution)

An inappropriate implementation security issue has been found in the
WebApp Installer component of the Chromium browser engine before
version 95.0.4638.54.

  • CVE-2021-37996 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the Downloads component of the Chromium browser engine before
version 95.0.4638.54.

Impact

A remote attacker could execute arbitrary code or disclose sensitive
information through crafted web content.

References

https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
https://crbug.com/1246631
https://crbug.com/1248661
https://crbug.com/1249810
https://crbug.com/1253399
https://crbug.com/1241860
https://crbug.com/1242404
https://crbug.com/1206928
https://crbug.com/1228248
https://crbug.com/1233067
https://crbug.com/1247395
https://crbug.com/1250660
https://crbug.com/1253746
https://crbug.com/1255332
https://crbug.com/1100761
https://crbug.com/1242315
https://crbug.com/1243020
https://security.archlinux.org/CVE-2021-37981
https://security.archlinux.org/CVE-2021-37982
https://security.archlinux.org/CVE-2021-37983
https://security.archlinux.org/CVE-2021-37984
https://security.archlinux.org/CVE-2021-37985
https://security.archlinux.org/CVE-2021-37986
https://security.archlinux.org/CVE-2021-37987
https://security.archlinux.org/CVE-2021-37988
https://security.archlinux.org/CVE-2021-37989
https://security.archlinux.org/CVE-2021-37990
https://security.archlinux.org/CVE-2021-37991
https://security.archlinux.org/CVE-2021-37992
https://security.archlinux.org/CVE-2021-37993
https://security.archlinux.org/CVE-2021-37994
https://security.archlinux.org/CVE-2021-37995
https://security.archlinux.org/CVE-2021-37996

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanychromium< 95.0.4638.54-1UNKNOWN

References

Related

nessus 10
suse 6
chrome 1
archlinux 2
openvas 9
freebsd 1
kaspersky 1
malwarebytes 1
veracode 16
cnvd 16
ubuntucve 16
prion 16
mscve 16
cve 16
debiancve 16
alpinelinux 6
redhatcve 2
debian 1
osv 1
mageia 1
fedora 2
gentoo 1
nessus
nessus
Google Chrome < 95.0.4638.54 Multiple Vulnerabilities
2021-10-19 00:00:00
openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1396-1)
2021-10-31 00:00:00
Google Chrome < 95.0.4638.54 Multiple Vulnerabilities
2021-10-19 00:00:00
suse
suse
Security update for chromium (important)
2021-10-26 00:00:00
Security update for chromium (important)
2021-10-30 00:00:00
Security update for opera (important)
2021-11-19 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-10-19 00:00:00
archlinux
archlinux
[ASA-202111-4] opera: multiple issues
2021-11-05 00:00:00
[ASA-202112-1] vivaldi: multiple issues
2021-12-03 00:00:00
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop_19-2021-10) - Windows
2021-10-25 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_19-2021-10) - Mac OS X
2021-10-25 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_19-2021-10) - Linux
2021-10-25 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-10-19 00:00:00
kaspersky
kaspersky
KLA12329 Multiple vulnerability in Microsoft Browser
2021-10-21 00:00:00
malwarebytes
malwarebytes
Update now! Chrome fixes more security issues
2021-10-21 13:31:23
veracode
veracode
Content Spoofing
2021-11-09 15:06:49
Directory Traversal
2021-11-09 15:06:53
Denial Of Service (DoS)
2021-11-09 15:06:15
cnvd
cnvd
Google Chrome WebApp Installer improperly implemented vulnerability
2021-10-21 00:00:00
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84814)
2021-10-21 00:00:00
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84810)
2021-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2021-37983
2021-11-02 00:00:00
CVE-2021-37995
2021-11-02 00:00:00
CVE-2021-37992
2021-11-02 00:00:00
prion
prion
Design/Logic Flaw
2021-11-02 22:15:00
Design/Logic Flaw
2021-11-02 22:15:00
Design/Logic Flaw
2021-11-02 22:15:00
mscve
mscve
Chromium: CVE-2021-37992 Out of bounds read in WebAudio
2021-10-21 07:00:00
Chromium: CVE-2021-37995 Inappropriate implementation in WebApp Installer
2021-10-21 07:00:00
Chromium: CVE-2021-37983 Use after free in Dev Tools
2021-10-21 07:00:00
cve
cve
CVE-2021-37983
2021-11-02 22:15:00
CVE-2021-37986
2021-11-02 22:15:00
CVE-2021-37996
2021-11-02 22:15:00
debiancve
debiancve
CVE-2021-37995
2021-11-02 22:15:00
CVE-2021-37983
2021-11-02 22:15:00
CVE-2021-37992
2021-11-02 22:15:00
alpinelinux
alpinelinux
CVE-2021-37984
2021-11-02 22:15:00
CVE-2021-37989
2021-11-02 22:15:00
CVE-2021-37992
2021-11-02 22:15:00
redhatcve
redhatcve
CVE-2021-37981
2022-05-20 23:09:48
CVE-2021-37984
2022-05-20 22:47:25
debian
debian
[SECURITY] [DSA 5046-1] chromium security update
2022-01-14 19:31:45
osv
osv
chromium - security update
2022-01-14 00:00:00
mageia
mageia
Updated qtwebengine5 packages fix security vulnerability
2022-02-05 23:23:13
fedora
fedora
[SECURITY] Fedora 35 Update: qt5-qtwebengine-5.15.8-2.fc35
2022-01-30 01:44:13
[SECURITY] Fedora 34 Update: qt5-qtwebengine-5.15.8-2.fc34
2022-02-04 01:23:18
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2022-01-31 00:00:00

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON
Related for ASA-202110-2
nessus10suse6chrome1archlinux2openvas9freebsd1kaspersky1malwarebytes1veracode16cnvd16ubuntucve16prion16mscve16cve16debiancve16alpinelinux6redhatcve2debian1osv1mageia1fedora2gentoo1