8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.05 Low
EPSS
Percentile
92.7%
Severity: High
Date : 2021-12-11
CVE-ID : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055
CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059
CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064
CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
Package : vivaldi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2601
The package vivaldi before version 5.0.2497.28-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing
and insufficient validation.
Upgrade to 5.0.2497.28-1.
The problems have been fixed upstream in version 5.0.2497.28.
None.
A use after free security issue has been found in the web apps
component of the Chromium browser engine before version 96.0.4664.93.
A use after free security issue has been found in the UI component of
the Chromium browser engine before version 96.0.4664.93.
An incorrect security UI security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.
A heap buffer overflow security issue has been found in the extensions
component of the Chromium browser engine before version 96.0.4664.93.
A type confusion security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.93.
A use after free security issue has been found in the file API
component of the Chromium browser engine before version 96.0.4664.93.
A heap buffer overflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.
An insufficient data validation security issue has been found in the
loader component of the Chromium browser engine before version
96.0.4664.93.
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.93.
A heap buffer overflow security issue has been found in the BFCache
component of the Chromium browser engine before version 96.0.4664.93.
A use after free security issue has been found in the developer tools
component of the Chromium browser engine before version 96.0.4664.93.
A use after free security issue has been found in the screen capture
component of the Chromium browser engine before version 96.0.4664.93.
A use after free security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.
An integer underflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.
A use after free security issue has been found in the window manager
component of the Chromium browser engine before version 96.0.4664.93.
An insufficient validation of untrusted input security issue has been
found in the new tab page component of the Chromium browser engine
before version 96.0.4664.93.
A remote attacker could execute arbitrary code or spoof content through
crafted web content.
https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/
https://vivaldi.com/blog/desktop/minor-update-5-0/
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
https://crbug.com/1267661
https://crbug.com/1267791
https://crbug.com/1239760
https://crbug.com/1266510
https://crbug.com/1260939
https://crbug.com/1262183
https://crbug.com/1267496
https://crbug.com/1270990
https://crbug.com/1271456
https://crbug.com/1272403
https://crbug.com/1273176
https://crbug.com/1273197
https://crbug.com/1273674
https://crbug.com/1274499
https://crbug.com/1274641
https://crbug.com/1265197
https://security.archlinux.org/CVE-2021-4052
https://security.archlinux.org/CVE-2021-4053
https://security.archlinux.org/CVE-2021-4054
https://security.archlinux.org/CVE-2021-4055
https://security.archlinux.org/CVE-2021-4056
https://security.archlinux.org/CVE-2021-4057
https://security.archlinux.org/CVE-2021-4058
https://security.archlinux.org/CVE-2021-4059
https://security.archlinux.org/CVE-2021-4061
https://security.archlinux.org/CVE-2021-4062
https://security.archlinux.org/CVE-2021-4063
https://security.archlinux.org/CVE-2021-4064
https://security.archlinux.org/CVE-2021-4065
https://security.archlinux.org/CVE-2021-4066
https://security.archlinux.org/CVE-2021-4067
https://security.archlinux.org/CVE-2021-4068
chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
crbug.com/1239760
crbug.com/1260939
crbug.com/1262183
crbug.com/1265197
crbug.com/1266510
crbug.com/1267496
crbug.com/1267661
crbug.com/1267791
crbug.com/1270990
crbug.com/1271456
crbug.com/1272403
crbug.com/1273176
crbug.com/1273197
crbug.com/1273674
crbug.com/1274499
crbug.com/1274641
security.archlinux.org/AVG-2601
security.archlinux.org/CVE-2021-4052
security.archlinux.org/CVE-2021-4053
security.archlinux.org/CVE-2021-4054
security.archlinux.org/CVE-2021-4055
security.archlinux.org/CVE-2021-4056
security.archlinux.org/CVE-2021-4057
security.archlinux.org/CVE-2021-4058
security.archlinux.org/CVE-2021-4059
security.archlinux.org/CVE-2021-4061
security.archlinux.org/CVE-2021-4062
security.archlinux.org/CVE-2021-4063
security.archlinux.org/CVE-2021-4064
security.archlinux.org/CVE-2021-4065
security.archlinux.org/CVE-2021-4066
security.archlinux.org/CVE-2021-4067
security.archlinux.org/CVE-2021-4068
vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/
vivaldi.com/blog/desktop/minor-update-5-0/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.05 Low
EPSS
Percentile
92.7%