DebianDEBIAN:DSA-4886-1:8DF2D[SECURITY] [DSA 4886-1] chromium security update
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Debian Security Advisory DSA-4886-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
April 06, 2021 https://www.debian.org/security/faq
Package : chromium
CVE ID : CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162
CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167
CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171
CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175
CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179
CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183
CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187
CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191
CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195
CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199
Several vulnerabilites have been discovered in the chromium web browser.
CVE-2021-21159
Khalil Zhani disocvered a buffer overflow issue in the tab implementation.
CVE-2021-21160
Marcin Noga discovered a buffer overflow issue in WebAudio.
CVE-2021-21161
Khalil Zhani disocvered a buffer overflow issue in the tab implementation.
CVE-2021-21162
A use-after-free issue was discovered in the WebRTC implementation.
CVE-2021-21163
Alison Huffman discovered a data validation issue.
CVE-2021-21165
Alison Huffman discovered an error in the audio implementation.
CVE-2021-21166
Alison Huffman discovered an error in the audio implementation.
CVE-2021-21167
Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks
implementation.
CVE-2021-21168
Luan Herrera discovered a policy enforcement error in the appcache.
CVE-2021-21169
Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the
v8 javascript library.
CVE-2021-21170
David Erceg discovered a user interface error.
CVE-2021-21171
Irvan Kurniawan discovered a user interface error.
CVE-2021-21172
Maciej Pulikowski discovered a policy enforcement error in the File
System API.
CVE-2021-21173
Tom Van Goethem discovered a network based information leak.
CVE-2021-21174
Ashish Guatam Kambled discovered an implementation error in the Referrer
policy.
CVE-2021-21175
Jun Kokatsu discovered an implementation error in the Site Isolation
feature.
CVE-2021-21176
Luan Herrera discovered an implementation error in the full screen mode.
CVE-2021-21177
Abdulrahman Alqabandi discovered a policy enforcement error in the
Autofill feature.
CVE-2021-21178
Japong discovered an error in the Compositor implementation.
CVE-2021-21179
A use-after-free issue was discovered in the networking implementation.
CVE-2021-21180
Abdulrahman Alqabandi discovered a use-after-free issue in the tab search
feature.
CVE-2021-21181
Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel
information leak in the Autofill feature.
CVE-2021-21182
Luan Herrera discovered a policy enforcement error in the site navigation
implementation.
CVE-2021-21183
Takashi Yoneuchi discovered an implementation error in the Performance API.
CVE-2021-21184
James Hartig discovered an implementation error in the Performance API.
CVE-2021-21185
David Erceg discovered a policy enforcement error in Extensions.
CVE-2021-21186
dhirajkumarnifty discovered a policy enforcement error in the QR scan
implementation.
CVE-2021-21187
Kirtikumar Anandrao Ramchandani discovered a data validation error in
URL formatting.
CVE-2021-21188
Woojin Oh discovered a use-after-free issue in Blink/Webkit.
CVE-2021-21189
Khalil Zhani discovered a policy enforcement error in the Payments
implementation.
CVE-2021-21190
Zhou Aiting discovered use of uninitialized memory in the pdfium library.
CVE-2021-21191
raven discovered a use-after-free issue in the WebRTC implementation.
CVE-2021-21192
Abdulrahman Alqabandi discovered a buffer overflow issue in the tab
implementation.
CVE-2021-21193
A use-after-free issue was discovered in Blink/Webkit.
CVE-2021-21194
Leecraso and Guang Gong discovered a use-after-free issue in the screen
capture feature.
CVE-2021-21195
Liu and Liang discovered a use-after-free issue in the v8 javascript
library.
CVE-2021-21196
Khalil Zhani discovered a buffer overflow issue in the tab implementation.
CVE-2021-21197
Abdulrahman Alqabandi discovered a buffer overflow issue in the tab
implementation.
CVE-2021-21198
Mark Brand discovered an out-of-bounds read issue in the Inter-Process
Communication implementation.
CVE-2021-21199
Weipeng Jiang discovered a use-after-free issue in the Aura window and
event manager.
For the stable distribution (buster), these problems have been fixed in
version 89.0.4389.114-1~deb10u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P