Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202112-7
HistoryDec 11, 2021 - 12:00 a.m.

[ASA-202112-7] vivaldi: multiple issues

2021-12-1100:00:00
security.archlinux.org
26

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.7%

JSON

Arch Linux Security Advisory ASA-202112-7

Severity: High
Date : 2021-12-11
CVE-ID : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055
CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059
CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064
CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
Package : vivaldi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2601

Summary

The package vivaldi before version 5.0.2497.28-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing
and insufficient validation.

Resolution

Upgrade to 5.0.2497.28-1.

pacman -Syu “vivaldi>=5.0.2497.28-1”

The problems have been fixed upstream in version 5.0.2497.28.

Workaround

None.

Description

  • CVE-2021-4052 (arbitrary code execution)

A use after free security issue has been found in the web apps
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4053 (arbitrary code execution)

A use after free security issue has been found in the UI component of
the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4054 (content spoofing)

An incorrect security UI security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4055 (arbitrary code execution)

A heap buffer overflow security issue has been found in the extensions
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4056 (arbitrary code execution)

A type confusion security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4057 (arbitrary code execution)

A use after free security issue has been found in the file API
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4058 (arbitrary code execution)

A heap buffer overflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4059 (insufficient validation)

An insufficient data validation security issue has been found in the
loader component of the Chromium browser engine before version
96.0.4664.93.

  • CVE-2021-4061 (arbitrary code execution)

A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4062 (arbitrary code execution)

A heap buffer overflow security issue has been found in the BFCache
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4063 (arbitrary code execution)

A use after free security issue has been found in the developer tools
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4064 (arbitrary code execution)

A use after free security issue has been found in the screen capture
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4065 (arbitrary code execution)

A use after free security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4066 (arbitrary code execution)

An integer underflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4067 (arbitrary code execution)

A use after free security issue has been found in the window manager
component of the Chromium browser engine before version 96.0.4664.93.

  • CVE-2021-4068 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the new tab page component of the Chromium browser engine
before version 96.0.4664.93.

Impact

A remote attacker could execute arbitrary code or spoof content through
crafted web content.

References

https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/
https://vivaldi.com/blog/desktop/minor-update-5-0/
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
https://crbug.com/1267661
https://crbug.com/1267791
https://crbug.com/1239760
https://crbug.com/1266510
https://crbug.com/1260939
https://crbug.com/1262183
https://crbug.com/1267496
https://crbug.com/1270990
https://crbug.com/1271456
https://crbug.com/1272403
https://crbug.com/1273176
https://crbug.com/1273197
https://crbug.com/1273674
https://crbug.com/1274499
https://crbug.com/1274641
https://crbug.com/1265197
https://security.archlinux.org/CVE-2021-4052
https://security.archlinux.org/CVE-2021-4053
https://security.archlinux.org/CVE-2021-4054
https://security.archlinux.org/CVE-2021-4055
https://security.archlinux.org/CVE-2021-4056
https://security.archlinux.org/CVE-2021-4057
https://security.archlinux.org/CVE-2021-4058
https://security.archlinux.org/CVE-2021-4059
https://security.archlinux.org/CVE-2021-4061
https://security.archlinux.org/CVE-2021-4062
https://security.archlinux.org/CVE-2021-4063
https://security.archlinux.org/CVE-2021-4064
https://security.archlinux.org/CVE-2021-4065
https://security.archlinux.org/CVE-2021-4066
https://security.archlinux.org/CVE-2021-4067
https://security.archlinux.org/CVE-2021-4068

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyvivaldi< 5.0.2497.28-1UNKNOWN

References

Related

nessus 8
kaspersky 2
archlinux 1
freebsd 1
mageia 2
chrome 1
suse 4
fedora 4
veracode 16
prion 16
debiancve 16
mscve 16
ubuntucve 16
cnvd 8
cve 16
alpinelinux 4
rapid7blog 1
debian 1
osv 1
gentoo 1
photon 1
nessus
nessus
Microsoft Edge (Chromium) < 96.0.1054.53 Multiple Vulnerabilities
2021-12-11 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (18ac074c-579f-11ec-aac7-3065ec8fd3ec)
2021-12-13 00:00:00
Google Chrome < 96.0.4664.93 Multiple Vulnerabilities
2021-12-06 00:00:00
kaspersky
kaspersky
KLA12381 Multiple vulnerabilities in Microsoft Browser
2021-12-10 00:00:00
KLA12398 Multiple vulnerabilities in Opera
2021-12-14 00:00:00
archlinux
archlinux
[ASA-202112-6] chromium: multiple issues
2021-12-11 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-12-06 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2021-12-11 01:19:07
Updated qtwebengine5 packages fix security vulnerability
2022-02-05 23:23:13
chrome
chrome
Stable Channel Update for Desktop
2021-12-06 00:00:00
suse
suse
Security update for chromium (important)
2021-12-14 00:00:00
Security update for chromium (important)
2021-12-28 00:00:00
Security update for opera (important)
2022-02-21 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: chromium-96.0.4664.110-3.fc34
2022-01-07 01:12:20
[SECURITY] Fedora 35 Update: chromium-96.0.4664.110-3.fc35
2022-01-29 06:39:34
[SECURITY] Fedora 35 Update: qt5-qtwebengine-5.15.8-2.fc35
2022-01-30 01:44:13
veracode
veracode
Use After Free
2022-01-15 00:30:45
Remote Code Execution (RCE)
2021-12-12 10:08:31
Denial Of Service (DoS)
2021-12-12 10:10:08
prion
prion
Design/Logic Flaw
2021-12-23 01:15:00
Input validation
2021-12-23 01:15:00
Design/Logic Flaw
2021-12-23 01:15:00
debiancve
debiancve
CVE-2021-4052
2021-12-23 01:15:00
CVE-2021-4064
2021-12-23 01:15:00
CVE-2021-4054
2021-12-23 01:15:00
mscve
mscve
Chromium: CVE-2021-4066 Integer underflow in ANGLE
2021-12-10 08:00:00
Chromium: CVE-2021-4064 Use after free in screen capture
2021-12-10 08:00:00
Chromium: CVE-2021-4057 Use after free in file API
2021-12-10 08:00:00
ubuntucve
ubuntucve
CVE-2021-4052
2021-12-23 00:00:00
CVE-2021-4054
2021-12-23 00:00:00
CVE-2021-4064
2021-12-23 00:00:00
cnvd
cnvd
Google Chrome autofill security bypass vulnerability (CNVD-2021-100607)
2021-12-08 00:00:00
Google Chrome Resource Management Error Vulnerability (CNVD-2022-02627)
2021-12-08 00:00:00
Google Chrome Resource Management Error Vulnerability (CNVD-2022-01696)
2021-12-08 00:00:00
cve
cve
CVE-2021-4052
2021-12-23 01:15:00
CVE-2021-4057
2021-12-23 01:15:00
CVE-2021-4064
2021-12-23 01:15:00
alpinelinux
alpinelinux
CVE-2021-4062
2021-12-23 01:15:00
CVE-2021-4057
2021-12-23 01:15:00
CVE-2021-4059
2021-12-23 01:15:00
rapid7blog
rapid7blog
Patch Tuesday - December 2021
2021-12-14 22:12:53
debian
debian
[SECURITY] [DSA 5046-1] chromium security update
2022-01-14 19:31:45
osv
osv
chromium - security update
2022-01-14 00:00:00
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
2022-08-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0602
2023-06-21 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.7%

JSON
Related for ASA-202112-7
nessus8kaspersky2archlinux1freebsd1mageia2chrome1suse4fedora4veracode16prion16debiancve16mscve16ubuntucve16cnvd8cve16alpinelinux4rapid7blog1debian1osv1gentoo1photon1