DATABASE RESOURCES PRICING ABOUT US

{"id": "GENTOO_GLSA-202201-02.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-202201-02 : Chromium, Google Chrome: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-202201-02 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page. (CVE-2021-30580)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30583)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30586)\n\n - Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-30587)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30590)\n\n - Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.\n (CVE-2021-30593)\n\n - Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. (CVE-2021-30594)\n\n - Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-30596)\n\n - Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. (CVE-2021-30597)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (CVE-2021-30598, CVE-2021-30599)\n\n - Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30600)\n\n - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30601)\n\n - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30602)\n\n - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30603)\n\n - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30604)\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626)\n\n - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627)\n\n - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628)\n\n - Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30629)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-30630)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-30631, CVE-2021-37960)\n\n - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30632)\n\n - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-30633)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978)\n\n - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37979)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\n - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.\n (CVE-2021-37999)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.\n (CVE-2021-38000)\n\n - Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38001)\n\n - Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38002)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\n - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38009)\n\n - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2021-38010)\n\n - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38013)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014)\n\n - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (CVE-2021-38015)\n\n - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016)\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38019)\n\n - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-38020)\n\n - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2022-01-31T00:00:00", "modified": "2022-02-03T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/157241", "reporter": "This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30576", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38016", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0117", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37995", "https://bugs.gentoo.org/show_bug.cgi?id=814617", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30568", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37987", "https://bugs.gentoo.org/show_bug.cgi?id=811348", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30625", "https://bugs.gentoo.org/show_bug.cgi?id=813035", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30623", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37977", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30606", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0113", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38010", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38009", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37991", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30569", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38018", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30586", "https://bugs.gentoo.org/show_bug.cgi?id=808715", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30620", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30604", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0102", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37999", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30621", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37984", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30630", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0297", "https://bugs.gentoo.org/show_bug.cgi?id=815673", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38011", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38001", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38013", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30597", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30631", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38015", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0115", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30611", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0291", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0289", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0296", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0099", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0309", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30591", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30599", "https://bugs.gentoo.org/show_bug.cgi?id=819054", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38003", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30577", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30567", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30609", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0308", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30583", "https://bugs.gentoo.org/show_bug.cgi?id=803167", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30581", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30575", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0311", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0111", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0107", "https://bugs.gentoo.org/show_bug.cgi?id=830642", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30616", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38008", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30633", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30603", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38000", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38017", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4102", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0116", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30571", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30593", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38022", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0295", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0098", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37981", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37983", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0294", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30579", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30626", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30589", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30602", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0110", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38007", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30614", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37993", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30613", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38014", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30578", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37978", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30624", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38005", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0108", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30618", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30600", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38006", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30594", "https://bugs.gentoo.org/show_bug.cgi?id=831624", "https://bugs.gentoo.org/show_bug.cgi?id=824274", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30632", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30574", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0106", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38021", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0293", "https://security.gentoo.org/glsa/202201-02", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30610", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0101", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30596", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0105", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37994", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30592", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0103", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0298", "https://bugs.gentoo.org/show_bug.cgi?id=814221", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0310", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30582", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4100", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0118", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0301", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0104", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0305", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0307", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30607", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4098", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30612", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30585", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0114", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0306", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37976", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30590", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0109", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0302", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30584", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0097", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30617", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30619", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30622", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30598", "https://bugs.gentoo.org/show_bug.cgi?id=829190", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4101", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38012", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30615", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0290", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37985", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30608", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30629", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0300", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38019", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38020", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30572", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0096", "https://bugs.gentoo.org/show_bug.cgi?id=816984", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30601", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0112", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30580", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0120", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0304", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37989", "https://bugs.gentoo.org/show_bug.cgi?id=806223", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37997", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30627", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37988", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37986", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37998", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4099", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37990", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37996", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0100", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0303", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37982", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37992", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://bugs.gentoo.org/show_bug.cgi?id=820689"], "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "immutableFields": [], "lastseen": "2023-07-04T14:33:42", "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-30565", "ALPINE:CVE-2021-30566", "ALPINE:CVE-2021-30567", "ALPINE:CVE-2021-30568", "ALPINE:CVE-2021-30569", "ALPINE:CVE-2021-30571", "ALPINE:CVE-2021-30572", "ALPINE:CVE-2021-30573", "ALPINE:CVE-2021-30574", "ALPINE:CVE-2021-30575", "ALPINE:CVE-2021-30576", "ALPINE:CVE-2021-30577", "ALPINE:CVE-2021-30578", "ALPINE:CVE-2021-30579", "ALPINE:CVE-2021-30580", "ALPINE:CVE-2021-30581", "ALPINE:CVE-2021-30582", "ALPINE:CVE-2021-30583", "ALPINE:CVE-2021-30584", "ALPINE:CVE-2021-30585", "ALPINE:CVE-2021-30586", "ALPINE:CVE-2021-30587", "ALPINE:CVE-2021-30588", "ALPINE:CVE-2021-30589", "ALPINE:CVE-2021-30590", "ALPINE:CVE-2021-30591", "ALPINE:CVE-2021-30592", "ALPINE:CVE-2021-30593", "ALPINE:CVE-2021-30594", "ALPINE:CVE-2021-30596", "ALPINE:CVE-2021-30597", "ALPINE:CVE-2021-30598", "ALPINE:CVE-2021-30599", "ALPINE:CVE-2021-30600", "ALPINE:CVE-2021-30601", "ALPINE:CVE-2021-30602", "ALPINE:CVE-2021-30603", "ALPINE:CVE-2021-30604", "ALPINE:CVE-2021-30606", "ALPINE:CVE-2021-30607", "ALPINE:CVE-2021-30608", "ALPINE:CVE-2021-30609", "ALPINE:CVE-2021-30610", "ALPINE:CVE-2021-30611", "ALPINE:CVE-2021-30612", "ALPINE:CVE-2021-30613", "ALPINE:CVE-2021-30614", "ALPINE:CVE-2021-30615", "ALPINE:CVE-2021-30616", "ALPINE:CVE-2021-30617", "ALPINE:CVE-2021-30618", "ALPINE:CVE-2021-30619", "ALPINE:CVE-2021-30620", "ALPINE:CVE-2021-30621", "ALPINE:CVE-2021-30622", "ALPINE:CVE-2021-30623", "ALPINE:CVE-2021-30624", "ALPINE:CVE-2021-30625", "ALPINE:CVE-2021-30626", "ALPINE:CVE-2021-30627", "ALPINE:CVE-2021-30628", "ALPINE:CVE-2021-30629", "ALPINE:CVE-2021-30630", "ALPINE:CVE-2021-30631", "ALPINE:CVE-2021-30632", "ALPINE:CVE-2021-30633", "ALPINE:CVE-2021-37962", "ALPINE:CVE-2021-37967", "ALPINE:CVE-2021-37968", "ALPINE:CVE-2021-37971", "ALPINE:CVE-2021-37973", "ALPINE:CVE-2021-37975", "ALPINE:CVE-2021-37978", "ALPINE:CVE-2021-37979", "ALPINE:CVE-2021-37984", "ALPINE:CVE-2021-37987", "ALPINE:CVE-2021-37989", "ALPINE:CVE-2021-37992", "ALPINE:CVE-2021-37993", "ALPINE:CVE-2021-37996", "ALPINE:CVE-2021-38001", "ALPINE:CVE-2021-38003", "ALPINE:CVE-2021-38005", "ALPINE:CVE-2021-38007", "ALPINE:CVE-2021-38009", "ALPINE:CVE-2021-38010", "ALPINE:CVE-2021-38012", "ALPINE:CVE-2021-38015", "ALPINE:CVE-2021-38017", "ALPINE:CVE-2021-38018", "ALPINE:CVE-2021-38019", "ALPINE:CVE-2021-38021", "ALPINE:CVE-2021-38022", "ALPINE:CVE-2021-4098", "ALPINE:CVE-2021-4099", "ALPINE:CVE-2021-4101", "ALPINE:CVE-2022-0100", "ALPINE:CVE-2022-0102", "ALPINE:CVE-2022-0103", "ALPINE:CVE-2022-0104", "ALPINE:CVE-2022-0108", "ALPINE:CVE-2022-0109", "ALPINE:CVE-2022-0111", "ALPINE:CVE-2022-0113", "ALPINE:CVE-2022-0116", "ALPINE:CVE-2022-0117", "ALPINE:CVE-2022-0289", "ALPINE:CVE-2022-0291", "ALPINE:CVE-2022-0293", "ALPINE:CVE-2022-0298", "ALPINE:CVE-2022-0305", "ALPINE:CVE-2022-0306", "ALPINE:CVE-2022-0310"]}, {"type": "apple", "idList": ["APPLE:08DE176B86DAA09F8266D63196603C37", "APPLE:0E19F39ED87696979017DD0475ECA32E", "APPLE:753F950C07ED0D7DBFED1A9F81071A03", "APPLE:892077C6B27CF2C4732F0FC8E1D90189", "APPLE:8D1362426A1A094C3D36F7EE5ADF4FDD"]}, {"type": "archlinux", "idList": ["ASA-202107-47", "ASA-202107-74", "ASA-202108-4", "ASA-202108-5", "ASA-202108-6", "ASA-202109-6", "ASA-202110-2", "ASA-202110-7", "ASA-202110-8", "ASA-202111-4", "ASA-202111-8", "ASA-202111-9", "ASA-202112-1", "ASA-202112-2"]}, {"type": "attackerkb", "idList": ["AKB:16678767-3DE3-4BA4-8797-50D3F72B2B5C", "AKB:411A7B9E-A187-43CF-8DA1-E0E921F590D1", "AKB:624AC3C7-B310-4975-8649-2694A0CF4962", "AKB:795A9D93-F12E-4850-BD6A-5E10D1372B2C", "AKB:AC92E5DD-15E0-44E1-99A5-C1AED6D4703F", "AKB:C21CBC3B-DA85-49D2-A7A6-9061F5B01CF9", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30", "AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916", "AVLEONOV:B6F052DA6F44A6D3C449552BB1B53A9A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0685", "CPAI-2021-1028", "CPAI-2021-1055", "CPAI-2021-1104", "CPAI-2021-1116"]}, {"type": "chrome", "idList": ["GCSA-1169691578072612224", "GCSA-1656672544346881992", "GCSA-2371492188806762489", "GCSA-2471449198019300311", "GCSA-2705646769654617144", "GCSA-2951730441638118565", "GCSA-3758141203538733592", "GCSA-4605650058444101231", "GCSA-53254084301211911", "GCSA-6006518675849485979", "GCSA-6082209000390727773", "GCSA-6179617491562660930", "GCSA-7342407883646540962", "GCSA-8146707100851062467", "GCSA-8579736825619455708"]}, {"type": "cisa", "idList": ["CISA:28B486B568E680DD9C27FB088FAEC3C7", "CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-30632", "CISA-KEV-CVE-2021-30633", "CISA-KEV-CVE-2021-37973", "CISA-KEV-CVE-2021-37975", "CISA-KEV-CVE-2021-37976", "CISA-KEV-CVE-2021-38000", "CISA-KEV-CVE-2021-38003", "CISA-KEV-CVE-2021-4102"]}, {"type": "cnvd", "idList": ["CNVD-2021-100599", "CNVD-2021-100600", "CNVD-2021-100601", "CNVD-2021-100602", "CNVD-2021-55918", "CNVD-2021-55919", "CNVD-2021-55920", "CNVD-2021-55921", "CNVD-2021-55922", "CNVD-2021-55923", "CNVD-2021-55924", "CNVD-2021-55925", "CNVD-2021-55926", "CNVD-2021-55927", "CNVD-2021-55928", "CNVD-2021-55929", "CNVD-2021-55930", "CNVD-2021-55931", "CNVD-2021-55932", "CNVD-2021-55933", "CNVD-2021-55934", "CNVD-2021-55935", "CNVD-2021-55936", "CNVD-2021-55937", "CNVD-2021-62166", "CNVD-2021-62167", "CNVD-2021-62168", "CNVD-2021-62169", "CNVD-2021-62183", "CNVD-2021-62184", "CNVD-2021-62185", "CNVD-2021-62186", "CNVD-2021-62187", "CNVD-2021-62188", "CNVD-2021-62189", "CNVD-2021-67538", "CNVD-2021-67539", "CNVD-2021-67540", "CNVD-2021-67541", "CNVD-2021-67542", "CNVD-2021-67543", "CNVD-2021-67544", "CNVD-2021-67545", "CNVD-2021-67546", "CNVD-2021-67547", "CNVD-2021-67548", "CNVD-2021-67549", "CNVD-2021-67550", "CNVD-2021-67551", "CNVD-2021-67552", "CNVD-2021-67553", "CNVD-2021-67554", "CNVD-2021-67555", "CNVD-2021-67556", "CNVD-2021-67557", "CNVD-2021-68452", "CNVD-2021-68453", "CNVD-2021-68454", "CNVD-2021-68455", "CNVD-2021-68456", "CNVD-2021-68457", "CNVD-2021-73415", "CNVD-2021-73416", "CNVD-2021-73418", "CNVD-2021-73419", "CNVD-2021-73420", "CNVD-2021-73421", "CNVD-2021-73423", "CNVD-2021-73424", "CNVD-2021-73425", "CNVD-2021-73426", "CNVD-2021-73427", "CNVD-2021-73428", "CNVD-2021-73429", "CNVD-2021-73430", "CNVD-2021-73431", "CNVD-2021-73432", "CNVD-2021-73433", "CNVD-2021-84800", "CNVD-2021-84801", "CNVD-2021-84802", "CNVD-2021-84803", "CNVD-2021-84804", "CNVD-2021-84805", "CNVD-2021-84806", "CNVD-2021-84807", "CNVD-2021-84808", "CNVD-2021-84809", "CNVD-2021-84810", "CNVD-2021-84811", "CNVD-2021-84812", "CNVD-2021-84813", "CNVD-2021-84814", "CNVD-2021-84815", "CNVD-2021-84817", "CNVD-2021-84818", "CNVD-2021-84819", "CNVD-2021-91284", "CNVD-2021-91285", "CNVD-2021-91286", "CNVD-2021-91287", "CNVD-2021-91288", "CNVD-2021-91289", "CNVD-2021-91290", "CNVD-2021-91291", "CNVD-2021-91292", "CNVD-2021-91293", "CNVD-2021-91294", "CNVD-2021-91295", "CNVD-2021-91296", "CNVD-2021-91297", "CNVD-2021-92808", "CNVD-2021-92809", "CNVD-2021-92831", "CNVD-2021-92832", "CNVD-2021-92833", "CNVD-2021-92834", "CNVD-2021-92835", "CNVD-2021-92836", "CNVD-2021-99260", "CNVD-2021-99261", "CNVD-2021-99262", "CNVD-2021-99263", "CNVD-2021-99264", "CNVD-2021-99277", "CNVD-2021-99278", "CNVD-2021-99279", "CNVD-2021-99288", "CNVD-2022-12740", "CNVD-2022-12741", "CNVD-2022-12742", "CNVD-2022-12743", "CNVD-2022-14875", "CNVD-2022-14876", "CNVD-2022-14877", "CNVD-2022-14878", "CNVD-2022-14879", "CNVD-2022-14880", "CNVD-2022-15133", "CNVD-2022-15134", "CNVD-2022-15135", "CNVD-2022-15136", "CNVD-2022-15137", "CNVD-2022-15138", "CNVD-2022-15139", "CNVD-2022-15140", "CNVD-2022-15141", "CNVD-2022-15142", "CNVD-2022-15143", "CNVD-2022-15154", "CNVD-2022-15155", "CNVD-2022-15156", "CNVD-2022-15157", "CNVD-2022-15158", "CNVD-2022-15159", "CNVD-2022-15160", "CNVD-2022-15161", "CNVD-2022-15162", "CNVD-2022-16301", "CNVD-2022-16302", "CNVD-2022-16303", "CNVD-2022-16304", "CNVD-2022-65570", "CNVD-2022-65571", "CNVD-2022-65572", "CNVD-2022-65573", "CNVD-2022-65574", "CNVD-2022-65575", "CNVD-2022-65576", "CNVD-2022-65577", "CNVD-2022-65578", "CNVD-2022-65579", "CNVD-2022-65580", "CNVD-2022-65581", "CNVD-2022-65582", "CNVD-2022-65583", "CNVD-2022-65584"]}, {"type": "cve", "idList": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5046-1:A18C0", "DEBIAN:DSA-5054-1:6F130", "DEBIAN:DSA-5396-1:6E347", "DEBIAN:DSA-5397-1:3771E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30565", "DEBIANCVE:CVE-2021-30566", "DEBIANCVE:CVE-2021-30567", "DEBIANCVE:CVE-2021-30568", "DEBIANCVE:CVE-2021-30569", "DEBIANCVE:CVE-2021-30571", "DEBIANCVE:CVE-2021-30572", "DEBIANCVE:CVE-2021-30573", "DEBIANCVE:CVE-2021-30574", "DEBIANCVE:CVE-2021-30575", "DEBIANCVE:CVE-2021-30576", "DEBIANCVE:CVE-2021-30577", "DEBIANCVE:CVE-2021-30578", "DEBIANCVE:CVE-2021-30579", "DEBIANCVE:CVE-2021-30580", "DEBIANCVE:CVE-2021-30581", "DEBIANCVE:CVE-2021-30582", "DEBIANCVE:CVE-2021-30583", "DEBIANCVE:CVE-2021-30584", "DEBIANCVE:CVE-2021-30585", "DEBIANCVE:CVE-2021-30586", "DEBIANCVE:CVE-2021-30587", "DEBIANCVE:CVE-2021-30588", "DEBIANCVE:CVE-2021-30589", "DEBIANCVE:CVE-2021-30590", "DEBIANCVE:CVE-2021-30591", "DEBIANCVE:CVE-2021-30592", "DEBIANCVE:CVE-2021-30593", "DEBIANCVE:CVE-2021-30594", "DEBIANCVE:CVE-2021-30596", "DEBIANCVE:CVE-2021-30597", "DEBIANCVE:CVE-2021-30598", "DEBIANCVE:CVE-2021-30599", "DEBIANCVE:CVE-2021-30600", "DEBIANCVE:CVE-2021-30601", "DEBIANCVE:CVE-2021-30602", "DEBIANCVE:CVE-2021-30603", "DEBIANCVE:CVE-2021-30604", "DEBIANCVE:CVE-2021-30606", "DEBIANCVE:CVE-2021-30607", "DEBIANCVE:CVE-2021-30608", "DEBIANCVE:CVE-2021-30609", "DEBIANCVE:CVE-2021-30610", "DEBIANCVE:CVE-2021-30611", "DEBIANCVE:CVE-2021-30612", "DEBIANCVE:CVE-2021-30613", "DEBIANCVE:CVE-2021-30614", "DEBIANCVE:CVE-2021-30615", "DEBIANCVE:CVE-2021-30616", "DEBIANCVE:CVE-2021-30617", "DEBIANCVE:CVE-2021-30618", "DEBIANCVE:CVE-2021-30619", "DEBIANCVE:CVE-2021-30620", "DEBIANCVE:CVE-2021-30621", "DEBIANCVE:CVE-2021-30622", "DEBIANCVE:CVE-2021-30623", "DEBIANCVE:CVE-2021-30624", "DEBIANCVE:CVE-2021-30625", "DEBIANCVE:CVE-2021-30626", "DEBIANCVE:CVE-2021-30627", "DEBIANCVE:CVE-2021-30628", "DEBIANCVE:CVE-2021-30629", "DEBIANCVE:CVE-2021-30630", "DEBIANCVE:CVE-2021-30632", "DEBIANCVE:CVE-2021-30633", "DEBIANCVE:CVE-2021-37956", "DEBIANCVE:CVE-2021-37957", "DEBIANCVE:CVE-2021-37958", "DEBIANCVE:CVE-2021-37959", "DEBIANCVE:CVE-2021-37961", "DEBIANCVE:CVE-2021-37962", "DEBIANCVE:CVE-2021-37963", "DEBIANCVE:CVE-2021-37965", "DEBIANCVE:CVE-2021-37966", "DEBIANCVE:CVE-2021-37967", "DEBIANCVE:CVE-2021-37968", "DEBIANCVE:CVE-2021-37970", "DEBIANCVE:CVE-2021-37971", "DEBIANCVE:CVE-2021-37973", "DEBIANCVE:CVE-2021-37974", "DEBIANCVE:CVE-2021-37975", "DEBIANCVE:CVE-2021-37976", "DEBIANCVE:CVE-2021-37977", "DEBIANCVE:CVE-2021-37978", "DEBIANCVE:CVE-2021-37979", "DEBIANCVE:CVE-2021-37981", "DEBIANCVE:CVE-2021-37982", "DEBIANCVE:CVE-2021-37983", "DEBIANCVE:CVE-2021-37984", "DEBIANCVE:CVE-2021-37985", "DEBIANCVE:CVE-2021-37986", "DEBIANCVE:CVE-2021-37987", "DEBIANCVE:CVE-2021-37988", "DEBIANCVE:CVE-2021-37989", "DEBIANCVE:CVE-2021-37990", "DEBIANCVE:CVE-2021-37991", "DEBIANCVE:CVE-2021-37992", "DEBIANCVE:CVE-2021-37993", "DEBIANCVE:CVE-2021-37994", "DEBIANCVE:CVE-2021-37995", "DEBIANCVE:CVE-2021-37996", "DEBIANCVE:CVE-2021-37997", "DEBIANCVE:CVE-2021-37998", "DEBIANCVE:CVE-2021-37999", "DEBIANCVE:CVE-2021-38000", "DEBIANCVE:CVE-2021-38001", "DEBIANCVE:CVE-2021-38002", "DEBIANCVE:CVE-2021-38003", "DEBIANCVE:CVE-2021-38005", "DEBIANCVE:CVE-2021-38006", "DEBIANCVE:CVE-2021-38007", "DEBIANCVE:CVE-2021-38008", "DEBIANCVE:CVE-2021-38009", "DEBIANCVE:CVE-2021-38010", "DEBIANCVE:CVE-2021-38011", "DEBIANCVE:CVE-2021-38012", "DEBIANCVE:CVE-2021-38013", "DEBIANCVE:CVE-2021-38014", "DEBIANCVE:CVE-2021-38015", "DEBIANCVE:CVE-2021-38016", "DEBIANCVE:CVE-2021-38017", "DEBIANCVE:CVE-2021-38018", "DEBIANCVE:CVE-2021-38019", "DEBIANCVE:CVE-2021-38020", "DEBIANCVE:CVE-2021-38021", "DEBIANCVE:CVE-2021-38022", "DEBIANCVE:CVE-2021-4098", "DEBIANCVE:CVE-2021-4099", "DEBIANCVE:CVE-2021-4100", "DEBIANCVE:CVE-2021-4101", "DEBIANCVE:CVE-2021-4102", "DEBIANCVE:CVE-2022-0096", "DEBIANCVE:CVE-2022-0097", "DEBIANCVE:CVE-2022-0098", "DEBIANCVE:CVE-2022-0099", "DEBIANCVE:CVE-2022-0100", "DEBIANCVE:CVE-2022-0101", "DEBIANCVE:CVE-2022-0102", "DEBIANCVE:CVE-2022-0103", "DEBIANCVE:CVE-2022-0104", "DEBIANCVE:CVE-2022-0105", "DEBIANCVE:CVE-2022-0106", "DEBIANCVE:CVE-2022-0107", "DEBIANCVE:CVE-2022-0108", "DEBIANCVE:CVE-2022-0109", "DEBIANCVE:CVE-2022-0110", "DEBIANCVE:CVE-2022-0111", "DEBIANCVE:CVE-2022-0112", "DEBIANCVE:CVE-2022-0113", "DEBIANCVE:CVE-2022-0114", "DEBIANCVE:CVE-2022-0115", "DEBIANCVE:CVE-2022-0116", "DEBIANCVE:CVE-2022-0117", "DEBIANCVE:CVE-2022-0118", "DEBIANCVE:CVE-2022-0120", "DEBIANCVE:CVE-2022-0289", "DEBIANCVE:CVE-2022-0290", "DEBIANCVE:CVE-2022-0291", "DEBIANCVE:CVE-2022-0292", "DEBIANCVE:CVE-2022-0293", "DEBIANCVE:CVE-2022-0294", "DEBIANCVE:CVE-2022-0295", "DEBIANCVE:CVE-2022-0296", "DEBIANCVE:CVE-2022-0297", "DEBIANCVE:CVE-2022-0298", "DEBIANCVE:CVE-2022-0300", "DEBIANCVE:CVE-2022-0301", "DEBIANCVE:CVE-2022-0302", "DEBIANCVE:CVE-2022-0303", "DEBIANCVE:CVE-2022-0304", "DEBIANCVE:CVE-2022-0305", "DEBIANCVE:CVE-2022-0306", "DEBIANCVE:CVE-2022-0307", "DEBIANCVE:CVE-2022-0308", "DEBIANCVE:CVE-2022-0309", "DEBIANCVE:CVE-2022-0310", "DEBIANCVE:CVE-2022-0311"]}, {"type": "fedora", "idList": ["FEDORA:0AA80217E4B2", "FEDORA:12FCA30F5428", "FEDORA:1E8AD3056996", "FEDORA:210C430584A5", "FEDORA:4CD8430AA7AD", "FEDORA:54EF9304CB93", "FEDORA:59B6820C6D43", "FEDORA:5A5E120C65F1", "FEDORA:5C0DB31397D8", "FEDORA:6E174304C6DC", "FEDORA:75CA430AA7A6", "FEDORA:7AA7C307F074", "FEDORA:9952031143B1", "FEDORA:B923630946D6", "FEDORA:BC8983072E0A", "FEDORA:BD29330987FD", "FEDORA:BE52E30CCCAA", "FEDORA:D72E230C6791", "FEDORA:E043930AE6E8"]}, {"type": "freebsd", "idList": ["128DEBA6-FF56-11EB-8514-3065EC8FD3EC", "3551E106-1B17-11EC-A8A7-704D7B472482", "47B571F2-157B-11EC-AE98-704D7B472482", "51496CBC-7A0E-11EC-A323-3065EC8FD3EC", "76487640-EA29-11EB-A686-3065EC8FD3EC", "777EDBBE-2230-11EC-8869-704D7B472482", "7D3D94D3-2810-11EC-9C51-3065EC8FD3EC", "976D7BF9-38EA-11EC-B3B0-3065EC8FD3EC", "9EECCBF3-6E26-11EC-BB10-3065EC8FD3EC", "A7732806-0B2A-11EC-836B-3065EC8FD3EC", "B6C875F1-1D76-11EC-AE80-704D7B472482", "B8C0CBCA-472D-11EC-83DC-3065EC8FD3EC", "BDAECFAD-3117-11EC-B3B0-3065EC8FD3EC", "C3C6C4A3-F47D-11EB-B632-3065EC8FD3EC", "FB9BA490-5CC4-11EC-AAC7-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202201-02"]}, {"type": "github", "idList": ["GITHUB:D9472F716C46C02F88677DBAD0EEA334"]}, {"type": "githubexploit", "idList": ["07422776-E872-566B-BA69-08250EF06A7B", "32BEE5C7-0E79-59A0-BA93-AB01FA18AF14", "5BC9FD05-BCBB-5B7C-AE22-BE3732D2976B", "795FA590-8E97-5C33-A401-7C3EFECA9A25", "C2541EBF-1196-56DE-A74C-2B851CA3CE08", "D03F8616-CD02-52E2-80E1-347A8A3132BC", "D210EB39-6ACF-5BE7-9DDB-17248A36E11D", "E860E27F-13A7-53D6-8B01-C4391764E6F3"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hivepro", "idList": ["HIVEPRO:8AF52D0A3BB6DDEEAC663A63DA954039", "HIVEPRO:E94A0D5F817307E8C9D45F52D6A000D1", "HIVEPRO:F0E08A7B0A92ED0929AD9DE27F33C527", "HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "ibm", "idList": ["4E77D6807CCB5F39F0079A9612FD44F47C18AEBAF1D9AA7EBBCB816C3FD025B9"]}, {"type": "kaspersky", "idList": ["KLA12236", "KLA12243", "KLA12249", "KLA12267", "KLA12271", "KLA12284", "KLA12296", "KLA12299", "KLA12301", "KLA12307", "KLA12329", "KLA12333", "KLA12351", "KLA12382", "KLA12413", "KLA12430"]}, {"type": "mageia", "idList": ["MGASA-2021-0458", "MGASA-2021-0565", "MGASA-2022-0043", "MGASA-2022-0050", "MGASA-2023-0177"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1151D0D15101B94C9C41B6DCAFD58AD5", "MALWAREBYTES:1BBB147ADD90DF3A3483E6805D78B6A6", "MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "MALWAREBYTES:3EAF616381CA068D86347AB0BE88B0A2"]}, {"type": "mscve", "idList": ["MS:CVE-2021-30565", "MS:CVE-2021-30566", "MS:CVE-2021-30567", "MS:CVE-2021-30568", "MS:CVE-2021-30569", "MS:CVE-2021-30571", "MS:CVE-2021-30572", "MS:CVE-2021-30573", "MS:CVE-2021-30574", "MS:CVE-2021-30575", "MS:CVE-2021-30576", "MS:CVE-2021-30577", "MS:CVE-2021-30578", "MS:CVE-2021-30579", "MS:CVE-2021-30580", "MS:CVE-2021-30581", "MS:CVE-2021-30582", "MS:CVE-2021-30583", "MS:CVE-2021-30584", "MS:CVE-2021-30585", "MS:CVE-2021-30586", "MS:CVE-2021-30587", "MS:CVE-2021-30588", "MS:CVE-2021-30589", "MS:CVE-2021-30590", "MS:CVE-2021-30591", "MS:CVE-2021-30592", "MS:CVE-2021-30593", "MS:CVE-2021-30594", "MS:CVE-2021-30596", "MS:CVE-2021-30597", "MS:CVE-2021-30598", "MS:CVE-2021-30599", "MS:CVE-2021-30601", "MS:CVE-2021-30602", "MS:CVE-2021-30603", "MS:CVE-2021-30604", "MS:CVE-2021-30606", "MS:CVE-2021-30607", "MS:CVE-2021-30608", "MS:CVE-2021-30609", "MS:CVE-2021-30610", "MS:CVE-2021-30611", "MS:CVE-2021-30612", "MS:CVE-2021-30613", "MS:CVE-2021-30614", "MS:CVE-2021-30615", "MS:CVE-2021-30616", "MS:CVE-2021-30617", "MS:CVE-2021-30618", "MS:CVE-2021-30619", "MS:CVE-2021-30620", "MS:CVE-2021-30621", "MS:CVE-2021-30622", "MS:CVE-2021-30623", "MS:CVE-2021-30624", "MS:CVE-2021-30625", "MS:CVE-2021-30626", "MS:CVE-2021-30627", "MS:CVE-2021-30628", "MS:CVE-2021-30629", "MS:CVE-2021-30630", "MS:CVE-2021-30631", "MS:CVE-2021-30632", "MS:CVE-2021-30633", "MS:CVE-2021-37956", "MS:CVE-2021-37957", "MS:CVE-2021-37958", "MS:CVE-2021-37959", "MS:CVE-2021-37960", "MS:CVE-2021-37961", "MS:CVE-2021-37962", "MS:CVE-2021-37963", "MS:CVE-2021-37965", "MS:CVE-2021-37966", "MS:CVE-2021-37967", "MS:CVE-2021-37968", "MS:CVE-2021-37970", "MS:CVE-2021-37971", "MS:CVE-2021-37973", "MS:CVE-2021-37974", "MS:CVE-2021-37975", "MS:CVE-2021-37976", "MS:CVE-2021-37977", "MS:CVE-2021-37978", "MS:CVE-2021-37979", "MS:CVE-2021-37981", "MS:CVE-2021-37982", "MS:CVE-2021-37983", "MS:CVE-2021-37984", "MS:CVE-2021-37985", "MS:CVE-2021-37986", "MS:CVE-2021-37987", "MS:CVE-2021-37988", "MS:CVE-2021-37989", "MS:CVE-2021-37990", "MS:CVE-2021-37991", "MS:CVE-2021-37992", "MS:CVE-2021-37993", "MS:CVE-2021-37994", "MS:CVE-2021-37995", "MS:CVE-2021-37996", "MS:CVE-2021-37997", "MS:CVE-2021-37998", "MS:CVE-2021-37999", "MS:CVE-2021-38000", "MS:CVE-2021-38001", "MS:CVE-2021-38002", "MS:CVE-2021-38003", "MS:CVE-2021-38005", "MS:CVE-2021-38006", "MS:CVE-2021-38007", "MS:CVE-2021-38008", "MS:CVE-2021-38009", "MS:CVE-2021-38010", "MS:CVE-2021-38011", "MS:CVE-2021-38012", "MS:CVE-2021-38013", "MS:CVE-2021-38014", "MS:CVE-2021-38015", "MS:CVE-2021-38016", "MS:CVE-2021-38017", "MS:CVE-2021-38018", "MS:CVE-2021-38019", "MS:CVE-2021-38020", "MS:CVE-2021-38021", "MS:CVE-2021-38022", "MS:CVE-2021-4098", "MS:CVE-2021-4099", "MS:CVE-2021-4100", "MS:CVE-2021-4101", "MS:CVE-2021-4102", "MS:CVE-2022-0096", "MS:CVE-2022-0097", "MS:CVE-2022-0098", "MS:CVE-2022-0099", "MS:CVE-2022-0100", "MS:CVE-2022-0101", "MS:CVE-2022-0102", "MS:CVE-2022-0103", "MS:CVE-2022-0104", "MS:CVE-2022-0105", "MS:CVE-2022-0106", "MS:CVE-2022-0107", "MS:CVE-2022-0108", "MS:CVE-2022-0109", "MS:CVE-2022-0110", "MS:CVE-2022-0111", "MS:CVE-2022-0112", "MS:CVE-2022-0113", "MS:CVE-2022-0114", "MS:CVE-2022-0115", "MS:CVE-2022-0116", "MS:CVE-2022-0117", "MS:CVE-2022-0118", "MS:CVE-2022-0120", "MS:CVE-2022-0289", "MS:CVE-2022-0290", "MS:CVE-2022-0291", "MS:CVE-2022-0292", "MS:CVE-2022-0293", "MS:CVE-2022-0294", "MS:CVE-2022-0295", "MS:CVE-2022-0296", "MS:CVE-2022-0297", "MS:CVE-2022-0298", "MS:CVE-2022-0300", "MS:CVE-2022-0301", "MS:CVE-2022-0302", "MS:CVE-2022-0303", "MS:CVE-2022-0304", "MS:CVE-2022-0305", "MS:CVE-2022-0306", "MS:CVE-2022-0307", "MS:CVE-2022-0308", "MS:CVE-2022-0309", "MS:CVE-2022-0310", "MS:CVE-2022-0311"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-3419.NASL", "DEBIAN_DSA-5046.NASL", "DEBIAN_DSA-5396.NASL", "DEBIAN_DSA-5397.NASL", "FEDORA_2021-116EFF380F.NASL", "FEDORA_2023-5B61346BBE.NASL", "FEDORA_2023-8900B35C6F.NASL", "FEDORA_2023-A4BBF02A57.NASL", "FREEBSD_PKG_128DEBA6FF5611EB85143065EC8FD3EC.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "FREEBSD_PKG_47B571F2157B11ECAE98704D7B472482.NASL", "FREEBSD_PKG_76487640EA2911EBA6863065EC8FD3EC.NASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "FREEBSD_PKG_7D3D94D3281011EC9C513065EC8FD3EC.NASL", "FREEBSD_PKG_976D7BF938EA11ECB3B03065EC8FD3EC.NASL", "FREEBSD_PKG_9EECCBF36E2611ECBB103065EC8FD3EC.NASL", "FREEBSD_PKG_A77328060B2A11EC836B3065EC8FD3EC.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "FREEBSD_PKG_BDAECFAD311711ECB3B03065EC8FD3EC.NASL", "FREEBSD_PKG_C3C6C4A3F47D11EBB6323065EC8FD3EC.NASL", "FREEBSD_PKG_FB9BA4905CC411ECAAC73065EC8FD3EC.NASL", "GOOGLE_CHROME_92_0_4515_107.NASL", "GOOGLE_CHROME_92_0_4515_131.NASL", "GOOGLE_CHROME_92_0_4515_159.NASL", "GOOGLE_CHROME_93_0_4577_63.NASL", "GOOGLE_CHROME_93_0_4577_82.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "GOOGLE_CHROME_94_0_4606_81.NASL", "GOOGLE_CHROME_95_0_4638_54.NASL", "GOOGLE_CHROME_95_0_4638_69.NASL", "GOOGLE_CHROME_96_0_4664_110.NASL", "GOOGLE_CHROME_96_0_4664_45.NASL", "GOOGLE_CHROME_97_0_4692_71.NASL", "GOOGLE_CHROME_97_0_4692_99.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_107.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_131.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_159.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_63.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_82.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_81.NASL", "MACOSX_GOOGLE_CHROME_95_0_4638_54.NASL", "MACOSX_GOOGLE_CHROME_95_0_4638_69.NASL", "MACOSX_GOOGLE_CHROME_96_0_4664_110.NASL", "MACOSX_GOOGLE_CHROME_96_0_4664_45.NASL", "MACOSX_GOOGLE_CHROME_97_0_4692_71.NASL", "MACOSX_GOOGLE_CHROME_97_0_4692_99.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_55.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_67.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_78.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_38.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_47.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_52.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_47.NASL", "MICROSOFT_EDGE_CHROMIUM_95_0_1020_30.NASL", "MICROSOFT_EDGE_CHROMIUM_95_0_1020_40.NASL", "MICROSOFT_EDGE_CHROMIUM_96_0_1052_29.NASL", "MICROSOFT_EDGE_CHROMIUM_96_0_1054_29.NASL", "MICROSOFT_EDGE_CHROMIUM_96_0_1054_57.NASL", "MICROSOFT_EDGE_CHROMIUM_97_0_1072_55.NASL", "MICROSOFT_EDGE_CHROMIUM_97_0_1072_69.NASL", "OPENSUSE-2021-1131.NASL", "OPENSUSE-2021-1144.NASL", "OPENSUSE-2021-1172.NASL", "OPENSUSE-2021-1180.NASL", "OPENSUSE-2021-1209.NASL", "OPENSUSE-2021-1221.NASL", "OPENSUSE-2021-1300.NASL", "OPENSUSE-2021-1303.NASL", "OPENSUSE-2021-1310.NASL", "OPENSUSE-2021-1330.NASL", "OPENSUSE-2021-1339.NASL", "OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1358.NASL", "OPENSUSE-2021-1392.NASL", "OPENSUSE-2021-1396.NASL", "OPENSUSE-2021-1433.NASL", "OPENSUSE-2021-1462.NASL", "OPENSUSE-2021-1488.NASL", "OPENSUSE-2021-1582.NASL", "OPENSUSE-2021-1600.NASL", "OPENSUSE-2021-1632.NASL", "OPENSUSE-2022-0014-1.NASL", "OPENSUSE-2022-0019-1.NASL", "OPENSUSE-2022-0070-1.NASL", "SUSE_SU-2023-2056-1.NASL", "SUSE_SU-2023-2065-1.NASL", "SUSE_SU-2023-2077-1.NASL", "SUSE_SU-2023-2078-1.NASL", "UBUNTU_USN-6061-1.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-3419-1", "OSV:DSA-5046-1", "OSV:DSA-5054-1", "OSV:DSA-5396-1", "OSV:DSA-5397-1"]}, {"type": "photon", "idList": ["PHSA-2023-3.0-0602"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:20364300767E58631FFE0D21622E63A3", "RAPID7BLOG:73EAE8A2825E9B6764F314122B4E5F25", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "RAPID7BLOG:DE426F8A59CA497BB6C0B90C0F1849CD"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-30577", "RH:CVE-2021-30586", "RH:CVE-2021-30598", "RH:CVE-2021-30610", "RH:CVE-2021-30616", "RH:CVE-2021-30621", "RH:CVE-2021-30624", "RH:CVE-2021-37959", "RH:CVE-2021-37961", "RH:CVE-2021-37970", "RH:CVE-2021-37975", "RH:CVE-2021-37981", "RH:CVE-2021-37984", "RH:CVE-2021-38000", "RH:CVE-2021-38009", "RH:CVE-2022-0096", "RH:CVE-2022-0103", "RH:CVE-2022-0118", "RH:CVE-2022-0303", "RH:CVE-2022-0304", "RH:CVE-2022-0305", "RH:CVE-2022-0307", "RH:CVE-2022-0310"]}, {"type": "securelist", "idList": ["SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1131-1", "OPENSUSE-SU-2021:1144-1", "OPENSUSE-SU-2021:1172-1", "OPENSUSE-SU-2021:1180-1", "OPENSUSE-SU-2021:1209-1", "OPENSUSE-SU-2021:1221-1", "OPENSUSE-SU-2021:1300-1", "OPENSUSE-SU-2021:1303-1", "OPENSUSE-SU-2021:1310-1", "OPENSUSE-SU-2021:1330-1", "OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1358-1", "OPENSUSE-SU-2021:1392-1", "OPENSUSE-SU-2021:1396-1", "OPENSUSE-SU-2021:1433-1", "OPENSUSE-SU-2021:1434-1", "OPENSUSE-SU-2021:1462-1", "OPENSUSE-SU-2021:1488-1", "OPENSUSE-SU-2021:1489-1", "OPENSUSE-SU-2021:1582-1", "OPENSUSE-SU-2021:1600-1", "OPENSUSE-SU-2021:1632-1", "OPENSUSE-SU-2022:0014-1", "OPENSUSE-SU-2022:0019-1", "OPENSUSE-SU-2022:0047-1", "OPENSUSE-SU-2022:0070-1", "OPENSUSE-SU-2022:0110-1"]}, {"type": "talos", "idList": ["TALOS-2021-1348", "TALOS-2021-1352", "TALOS-2021-1372", "TALOS-2021-1398"]}, {"type": "talosblog", "idList": ["TALOSBLOG:19A970885FC181F6A961E85781A8A818"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:5DCF4FF1D8F641348F799D406F8DB1F1", "THN:6A9CD6F085628D08978727C0FF597535", "THN:7323080B670457C9B10250332ADE8B87", "THN:B7217784F9D53002315C9C43CCC73766", "THN:C6CED16C5E8707F2EF9BD08516F7456C"]}, {"type": "threatpost", "idList": ["THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}, {"type": "ubuntu", "idList": ["USN-6061-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30565", "UB:CVE-2021-30566", "UB:CVE-2021-30567", "UB:CVE-2021-30568", "UB:CVE-2021-30569", "UB:CVE-2021-30571", "UB:CVE-2021-30572", "UB:CVE-2021-30573", "UB:CVE-2021-30574", "UB:CVE-2021-30575", "UB:CVE-2021-30576", "UB:CVE-2021-30577", "UB:CVE-2021-30578", "UB:CVE-2021-30579", "UB:CVE-2021-30580", "UB:CVE-2021-30581", "UB:CVE-2021-30582", "UB:CVE-2021-30583", "UB:CVE-2021-30584", "UB:CVE-2021-30585", "UB:CVE-2021-30586", "UB:CVE-2021-30587", "UB:CVE-2021-30588", "UB:CVE-2021-30589", "UB:CVE-2021-30590", "UB:CVE-2021-30591", "UB:CVE-2021-30592", "UB:CVE-2021-30593", "UB:CVE-2021-30594", "UB:CVE-2021-30596", "UB:CVE-2021-30597", "UB:CVE-2021-30598", "UB:CVE-2021-30599", "UB:CVE-2021-30600", "UB:CVE-2021-30601", "UB:CVE-2021-30602", "UB:CVE-2021-30603", "UB:CVE-2021-30604", "UB:CVE-2021-30606", "UB:CVE-2021-30607", "UB:CVE-2021-30608", "UB:CVE-2021-30609", "UB:CVE-2021-30610", "UB:CVE-2021-30611", "UB:CVE-2021-30612", "UB:CVE-2021-30613", "UB:CVE-2021-30614", "UB:CVE-2021-30615", "UB:CVE-2021-30616", "UB:CVE-2021-30617", "UB:CVE-2021-30618", "UB:CVE-2021-30619", "UB:CVE-2021-30620", "UB:CVE-2021-30621", "UB:CVE-2021-30622", "UB:CVE-2021-30623", "UB:CVE-2021-30624", "UB:CVE-2021-30625", "UB:CVE-2021-30626", "UB:CVE-2021-30627", "UB:CVE-2021-30628", "UB:CVE-2021-30629", "UB:CVE-2021-30630", "UB:CVE-2021-30631", "UB:CVE-2021-30632", "UB:CVE-2021-30633", "UB:CVE-2021-37956", "UB:CVE-2021-37957", "UB:CVE-2021-37958", "UB:CVE-2021-37959", "UB:CVE-2021-37960", "UB:CVE-2021-37961", "UB:CVE-2021-37962", "UB:CVE-2021-37963", "UB:CVE-2021-37965", "UB:CVE-2021-37966", "UB:CVE-2021-37967", "UB:CVE-2021-37968", "UB:CVE-2021-37970", "UB:CVE-2021-37971", "UB:CVE-2021-37973", "UB:CVE-2021-37974", "UB:CVE-2021-37975", "UB:CVE-2021-37976", "UB:CVE-2021-37977", "UB:CVE-2021-37978", "UB:CVE-2021-37979", "UB:CVE-2021-37981", "UB:CVE-2021-37982", "UB:CVE-2021-37983", "UB:CVE-2021-37984", "UB:CVE-2021-37985", "UB:CVE-2021-37986", "UB:CVE-2021-37987", "UB:CVE-2021-37988", "UB:CVE-2021-37989", "UB:CVE-2021-37990", "UB:CVE-2021-37991", "UB:CVE-2021-37992", "UB:CVE-2021-37993", "UB:CVE-2021-37994", "UB:CVE-2021-37995", "UB:CVE-2021-37996", "UB:CVE-2021-37997", "UB:CVE-2021-37998", "UB:CVE-2021-37999", "UB:CVE-2021-38000", "UB:CVE-2021-38001", "UB:CVE-2021-38002", "UB:CVE-2021-38003", "UB:CVE-2021-38005", "UB:CVE-2021-38006", "UB:CVE-2021-38007", "UB:CVE-2021-38008", "UB:CVE-2021-38009", "UB:CVE-2021-38010", "UB:CVE-2021-38011", "UB:CVE-2021-38012", "UB:CVE-2021-38013", "UB:CVE-2021-38014", "UB:CVE-2021-38015", "UB:CVE-2021-38016", "UB:CVE-2021-38017", "UB:CVE-2021-38018", "UB:CVE-2021-38019", "UB:CVE-2021-38020", "UB:CVE-2021-38021", "UB:CVE-2021-38022", "UB:CVE-2021-4098", "UB:CVE-2021-4099", "UB:CVE-2021-4100", "UB:CVE-2021-4101", "UB:CVE-2021-4102", "UB:CVE-2022-0096", "UB:CVE-2022-0097", "UB:CVE-2022-0098", "UB:CVE-2022-0099", "UB:CVE-2022-0100", "UB:CVE-2022-0101", "UB:CVE-2022-0102", "UB:CVE-2022-0103", "UB:CVE-2022-0104", "UB:CVE-2022-0105", "UB:CVE-2022-0106", "UB:CVE-2022-0107", "UB:CVE-2022-0108", "UB:CVE-2022-0109", "UB:CVE-2022-0110", "UB:CVE-2022-0111", "UB:CVE-2022-0112", "UB:CVE-2022-0113", "UB:CVE-2022-0114", "UB:CVE-2022-0115", "UB:CVE-2022-0116", "UB:CVE-2022-0117", "UB:CVE-2022-0118", "UB:CVE-2022-0120", "UB:CVE-2022-0289", "UB:CVE-2022-0290", "UB:CVE-2022-0291", "UB:CVE-2022-0292", "UB:CVE-2022-0293", "UB:CVE-2022-0294", "UB:CVE-2022-0295", "UB:CVE-2022-0296", "UB:CVE-2022-0297", "UB:CVE-2022-0298", "UB:CVE-2022-0300", "UB:CVE-2022-0301", "UB:CVE-2022-0302", "UB:CVE-2022-0303", "UB:CVE-2022-0304", "UB:CVE-2022-0305", "UB:CVE-2022-0306", "UB:CVE-2022-0307", "UB:CVE-2022-0308", "UB:CVE-2022-0309", "UB:CVE-2022-0310", "UB:CVE-2022-0311"]}, {"type": "veracode", "idList": ["VERACODE:31311", "VERACODE:31312", "VERACODE:31313", "VERACODE:31318", "VERACODE:31319", "VERACODE:31328", "VERACODE:31329", "VERACODE:31330", "VERACODE:31333", "VERACODE:31334", "VERACODE:31335", "VERACODE:31839", "VERACODE:31840", "VERACODE:31841", "VERACODE:31842", "VERACODE:31843", "VERACODE:31900", "VERACODE:31901", "VERACODE:31902", "VERACODE:31903", "VERACODE:31904", "VERACODE:31905", "VERACODE:31906", "VERACODE:31910", "VERACODE:31911", "VERACODE:32086", "VERACODE:32087", "VERACODE:32088", "VERACODE:32089", "VERACODE:32090", "VERACODE:32091", "VERACODE:32092", "VERACODE:32093", "VERACODE:32094", "VERACODE:32095", "VERACODE:32096", "VERACODE:32097", "VERACODE:32098", "VERACODE:32099", "VERACODE:32100", "VERACODE:32101", "VERACODE:32102", "VERACODE:32103", "VERACODE:32104", "VERACODE:32105", "VERACODE:32106", "VERACODE:32107", "VERACODE:32108", "VERACODE:32112", "VERACODE:32113", "VERACODE:32114", "VERACODE:32115", "VERACODE:32410", "VERACODE:32411", "VERACODE:32412", "VERACODE:32413", "VERACODE:32414", "VERACODE:32415", "VERACODE:32416", "VERACODE:32418", "VERACODE:32419", "VERACODE:32420", "VERACODE:32421", "VERACODE:32423", "VERACODE:32424", "VERACODE:32426", "VERACODE:32427", "VERACODE:32428", "VERACODE:32429", "VERACODE:32659", "VERACODE:32660", "VERACODE:32863", "VERACODE:32864", "VERACODE:32865", "VERACODE:32866", "VERACODE:32867", "VERACODE:32868", "VERACODE:32869", "VERACODE:32870", "VERACODE:32871", "VERACODE:32872", "VERACODE:32873", "VERACODE:32874", "VERACODE:32875", "VERACODE:32876", "VERACODE:32877", "VERACODE:32878", "VERACODE:32879", "VERACODE:32880", "VERACODE:32881", "VERACODE:32882", "VERACODE:32883", "VERACODE:32884", "VERACODE:32885", "VERACODE:33056", "VERACODE:33258", "VERACODE:33259", "VERACODE:33260", "VERACODE:33261", "VERACODE:33262", "VERACODE:33263", "VERACODE:33264", "VERACODE:33265", "VERACODE:33266", "VERACODE:33267", "VERACODE:33268", "VERACODE:33433", "VERACODE:33445", "VERACODE:33446", "VERACODE:33661", "VERACODE:33662", "VERACODE:33663", "VERACODE:33664", "VERACODE:33665", "VERACODE:33666", "VERACODE:33667", "VERACODE:33668", "VERACODE:33669", "VERACODE:33670", "VERACODE:33671", "VERACODE:33672", "VERACODE:33673", "VERACODE:33674", "VERACODE:33675", "VERACODE:33676", "VERACODE:33677", "VERACODE:33678", "VERACODE:33679", "VERACODE:33680", "VERACODE:33681", "VERACODE:33682", "VERACODE:33683", "VERACODE:33684", "VERACODE:33685", "VERACODE:33686", "VERACODE:33687", "VERACODE:33688", "VERACODE:33689", "VERACODE:33690", "VERACODE:33691", "VERACODE:33784", "VERACODE:33785", "VERACODE:33833", "VERACODE:33834", "VERACODE:33835", "VERACODE:33836", "VERACODE:33837", "VERACODE:33838", "VERACODE:33839", "VERACODE:33840", "VERACODE:33841", "VERACODE:33842", "VERACODE:33843", "VERACODE:33844", "VERACODE:33845", "VERACODE:33846", "VERACODE:33847", "VERACODE:33848", "VERACODE:33849", "VERACODE:33850", "VERACODE:33851", "VERACODE:33852", "VERACODE:33853", "VERACODE:33854"]}]}, "score": {"value": 9.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-202107-47", "ASA-202107-74", "ASA-202108-4", "ASA-202108-5", "ASA-202108-6", "ASA-202109-6", "ASA-202111-8", "ASA-202111-9"]}, {"type": "attackerkb", "idList": ["AKB:16678767-3DE3-4BA4-8797-50D3F72B2B5C"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0685"]}, {"type": "chrome", "idList": ["GCSA-1169691578072612224", "GCSA-1656672544346881992", "GCSA-2371492188806762489", "GCSA-2471449198019300311", "GCSA-2705646769654617144", "GCSA-4605650058444101231", "GCSA-53254084301211911", "GCSA-6006518675849485979", "GCSA-6082209000390727773", "GCSA-6179617491562660930", "GCSA-7342407883646540962", "GCSA-8146707100851062467", "GCSA-8579736825619455708"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "cve", "idList": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30631", "CVE-2021-37960", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5046-1:A18C0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30565", "DEBIANCVE:CVE-2021-30566", "DEBIANCVE:CVE-2021-30567", "DEBIANCVE:CVE-2021-30568", "DEBIANCVE:CVE-2021-30569", "DEBIANCVE:CVE-2021-30571", "DEBIANCVE:CVE-2021-30572", "DEBIANCVE:CVE-2021-30573", "DEBIANCVE:CVE-2021-30574", "DEBIANCVE:CVE-2021-30575", "DEBIANCVE:CVE-2021-30576", "DEBIANCVE:CVE-2021-30577", "DEBIANCVE:CVE-2021-30578", "DEBIANCVE:CVE-2021-30579", "DEBIANCVE:CVE-2021-30580", "DEBIANCVE:CVE-2021-30581", "DEBIANCVE:CVE-2021-30582", "DEBIANCVE:CVE-2021-30583", "DEBIANCVE:CVE-2021-30584", "DEBIANCVE:CVE-2021-30585", "DEBIANCVE:CVE-2021-30586", "DEBIANCVE:CVE-2021-30587", "DEBIANCVE:CVE-2021-30588", "DEBIANCVE:CVE-2021-30589", "DEBIANCVE:CVE-2021-30590", "DEBIANCVE:CVE-2021-30591", "DEBIANCVE:CVE-2021-30592", "DEBIANCVE:CVE-2021-30593", "DEBIANCVE:CVE-2021-30594", "DEBIANCVE:CVE-2021-30596", "DEBIANCVE:CVE-2021-30597", "DEBIANCVE:CVE-2021-30598", "DEBIANCVE:CVE-2021-30599", "DEBIANCVE:CVE-2021-30600", "DEBIANCVE:CVE-2021-30601", "DEBIANCVE:CVE-2021-30602", "DEBIANCVE:CVE-2021-30603", "DEBIANCVE:CVE-2021-30604", "DEBIANCVE:CVE-2021-30606", "DEBIANCVE:CVE-2021-30607", "DEBIANCVE:CVE-2021-30608", "DEBIANCVE:CVE-2021-30609", "DEBIANCVE:CVE-2021-30610", "DEBIANCVE:CVE-2021-30611", "DEBIANCVE:CVE-2021-30612", "DEBIANCVE:CVE-2021-30613", "DEBIANCVE:CVE-2021-30614", "DEBIANCVE:CVE-2021-30615", "DEBIANCVE:CVE-2021-30616", "DEBIANCVE:CVE-2021-30617", "DEBIANCVE:CVE-2021-30618", "DEBIANCVE:CVE-2021-30619", "DEBIANCVE:CVE-2021-30620", "DEBIANCVE:CVE-2021-30621", "DEBIANCVE:CVE-2021-30622", "DEBIANCVE:CVE-2021-30623", "DEBIANCVE:CVE-2021-30624", "DEBIANCVE:CVE-2021-30625", "DEBIANCVE:CVE-2021-30626", "DEBIANCVE:CVE-2021-30627", "DEBIANCVE:CVE-2021-30628", "DEBIANCVE:CVE-2021-30629", "DEBIANCVE:CVE-2021-30630", "DEBIANCVE:CVE-2021-30632", "DEBIANCVE:CVE-2021-30633", "DEBIANCVE:CVE-2021-37956", "DEBIANCVE:CVE-2021-37957", "DEBIANCVE:CVE-2021-37958", "DEBIANCVE:CVE-2021-37959", "DEBIANCVE:CVE-2021-37961", "DEBIANCVE:CVE-2021-37962", "DEBIANCVE:CVE-2021-37963", "DEBIANCVE:CVE-2021-37965", "DEBIANCVE:CVE-2021-37966", "DEBIANCVE:CVE-2021-37967", "DEBIANCVE:CVE-2021-37968", "DEBIANCVE:CVE-2021-37970", "DEBIANCVE:CVE-2021-37971", "DEBIANCVE:CVE-2021-37973", "DEBIANCVE:CVE-2021-37974", "DEBIANCVE:CVE-2021-37975", "DEBIANCVE:CVE-2021-37976", "DEBIANCVE:CVE-2021-37977", "DEBIANCVE:CVE-2021-37978", "DEBIANCVE:CVE-2021-37979", "DEBIANCVE:CVE-2021-37981", "DEBIANCVE:CVE-2021-37982", "DEBIANCVE:CVE-2021-37983", "DEBIANCVE:CVE-2021-37984", "DEBIANCVE:CVE-2021-37985", "DEBIANCVE:CVE-2021-37986", "DEBIANCVE:CVE-2021-37987", "DEBIANCVE:CVE-2021-37988", "DEBIANCVE:CVE-2021-37989", "DEBIANCVE:CVE-2021-37990", "DEBIANCVE:CVE-2021-37991", "DEBIANCVE:CVE-2021-37992", "DEBIANCVE:CVE-2021-37993", "DEBIANCVE:CVE-2021-37994", "DEBIANCVE:CVE-2021-37995", "DEBIANCVE:CVE-2021-37996", "DEBIANCVE:CVE-2021-37997", "DEBIANCVE:CVE-2021-37998", "DEBIANCVE:CVE-2021-37999", "DEBIANCVE:CVE-2021-38000", "DEBIANCVE:CVE-2021-38001", "DEBIANCVE:CVE-2021-38002", "DEBIANCVE:CVE-2021-38003"]}, {"type": "fedora", "idList": ["FEDORA:54EF9304CB93", "FEDORA:6E174304C6DC", "FEDORA:B923630946D6"]}, {"type": "freebsd", "idList": ["128DEBA6-FF56-11EB-8514-3065EC8FD3EC", "47B571F2-157B-11EC-AE98-704D7B472482", "76487640-EA29-11EB-A686-3065EC8FD3EC", "A7732806-0B2A-11EC-836B-3065EC8FD3EC", "B8C0CBCA-472D-11EC-83DC-3065EC8FD3EC", "C3C6C4A3-F47D-11EB-B632-3065EC8FD3EC", "FB9BA490-5CC4-11EC-AAC7-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202201-02"]}, {"type": "githubexploit", "idList": ["32BEE5C7-0E79-59A0-BA93-AB01FA18AF14", "5BC9FD05-BCBB-5B7C-AE22-BE3732D2976B", "795FA590-8E97-5C33-A401-7C3EFECA9A25", "C2541EBF-1196-56DE-A74C-2B851CA3CE08", "D03F8616-CD02-52E2-80E1-347A8A3132BC"]}, {"type": "hivepro", "idList": ["HIVEPRO:8AF52D0A3BB6DDEEAC663A63DA954039", "HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12236", "KLA12243", "KLA12249", "KLA12271", "KLA12351", "KLA12413", "KLA12430"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A"]}, {"type": "mscve", "idList": ["MS:CVE-2021-30565", "MS:CVE-2021-30566", "MS:CVE-2021-30567", "MS:CVE-2021-30568", "MS:CVE-2021-30569", "MS:CVE-2021-30571", "MS:CVE-2021-30572", "MS:CVE-2021-30573", "MS:CVE-2021-30574", "MS:CVE-2021-30575", "MS:CVE-2021-30576", "MS:CVE-2021-30577", "MS:CVE-2021-30578", "MS:CVE-2021-30579", "MS:CVE-2021-30580", "MS:CVE-2021-30581", "MS:CVE-2021-30582", "MS:CVE-2021-30583", "MS:CVE-2021-30584", "MS:CVE-2021-30585", "MS:CVE-2021-30586", "MS:CVE-2021-30587", "MS:CVE-2021-30588", "MS:CVE-2021-30589", "MS:CVE-2021-30590", "MS:CVE-2021-30591", "MS:CVE-2021-30592", "MS:CVE-2021-30593", "MS:CVE-2021-30594", "MS:CVE-2021-30596", "MS:CVE-2021-30597", "MS:CVE-2021-30598", "MS:CVE-2021-30599", "MS:CVE-2021-30601", "MS:CVE-2021-30602", "MS:CVE-2021-30603", "MS:CVE-2021-30604", "MS:CVE-2021-30606", "MS:CVE-2021-30607", "MS:CVE-2021-30608", "MS:CVE-2021-30609", "MS:CVE-2021-30610", "MS:CVE-2021-30611", "MS:CVE-2021-30612", "MS:CVE-2021-30613", "MS:CVE-2021-30614", "MS:CVE-2021-30615", "MS:CVE-2021-30616", "MS:CVE-2021-30617", "MS:CVE-2021-30618", "MS:CVE-2021-30619", "MS:CVE-2021-30620", "MS:CVE-2021-30621", "MS:CVE-2021-30622", "MS:CVE-2021-30623", "MS:CVE-2021-30624", "MS:CVE-2021-30625", "MS:CVE-2021-30626", "MS:CVE-2021-30627", "MS:CVE-2021-30628", "MS:CVE-2021-30629", "MS:CVE-2021-30630", "MS:CVE-2021-30631", "MS:CVE-2021-30632", "MS:CVE-2021-30633", "MS:CVE-2021-37956", "MS:CVE-2021-37957", "MS:CVE-2021-37958", "MS:CVE-2021-37959", "MS:CVE-2021-37960", "MS:CVE-2021-37961", "MS:CVE-2021-37962", "MS:CVE-2021-37963", "MS:CVE-2021-37965", "MS:CVE-2021-37966", "MS:CVE-2021-37967", "MS:CVE-2021-37968", "MS:CVE-2021-37970", "MS:CVE-2021-37971", "MS:CVE-2021-37973", "MS:CVE-2021-38005", "MS:CVE-2021-38006", "MS:CVE-2021-38007", "MS:CVE-2021-38008", "MS:CVE-2021-38009", "MS:CVE-2021-38010", "MS:CVE-2021-38011", "MS:CVE-2021-38012", "MS:CVE-2021-38013", "MS:CVE-2021-38014", "MS:CVE-2021-38015", "MS:CVE-2021-38016", "MS:CVE-2021-38017", "MS:CVE-2021-38018", "MS:CVE-2021-38019", "MS:CVE-2021-38020", "MS:CVE-2021-38021", "MS:CVE-2021-38022", "MS:CVE-2021-4098", "MS:CVE-2021-4099", "MS:CVE-2021-4100", "MS:CVE-2021-4101", "MS:CVE-2021-4102"]}, {"type": "nessus", "idList": ["701369.PASL", "701370.PASL", "701375.PASL", "701377.PASL", "701378.PASL", "FREEBSD_PKG_128DEBA6FF5611EB85143065EC8FD3EC.NASL", "FREEBSD_PKG_47B571F2157B11ECAE98704D7B472482.NASL", "FREEBSD_PKG_76487640EA2911EBA6863065EC8FD3EC.NASL", "FREEBSD_PKG_A77328060B2A11EC836B3065EC8FD3EC.NASL", "FREEBSD_PKG_C3C6C4A3F47D11EBB6323065EC8FD3EC.NASL", "FREEBSD_PKG_FB9BA4905CC411ECAAC73065EC8FD3EC.NASL", "GOOGLE_CHROME_92_0_4515_107.NASL", "GOOGLE_CHROME_92_0_4515_131.NASL", "GOOGLE_CHROME_92_0_4515_159.NASL", "GOOGLE_CHROME_93_0_4577_63.NASL", "GOOGLE_CHROME_93_0_4577_82.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_96_0_4664_110.NASL", "GOOGLE_CHROME_96_0_4664_45.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_107.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_131.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_159.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_63.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_82.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_96_0_4664_110.NASL", "MACOSX_GOOGLE_CHROME_96_0_4664_45.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_55.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_67.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_38.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_47.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_52.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MICROSOFT_EDGE_CHROMIUM_96_0_1052_29.NASL", "OPENSUSE-2021-1144.NASL", "OPENSUSE-2021-1221.NASL", "OPENSUSE-2021-1300.NASL", "OPENSUSE-2021-1303.NASL", "OPENSUSE-2021-1433.NASL", "OPENSUSE-2021-1488.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:20364300767E58631FFE0D21622E63A3", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "RAPID7BLOG:DE426F8A59CA497BB6C0B90C0F1849CD"]}, {"type": "securelist", "idList": ["SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1131-1", "OPENSUSE-SU-2021:1144-1", "OPENSUSE-SU-2021:1172-1", "OPENSUSE-SU-2021:1180-1", "OPENSUSE-SU-2021:1221-1", "OPENSUSE-SU-2021:1300-1", "OPENSUSE-SU-2021:1303-1", "OPENSUSE-SU-2021:1310-1", "OPENSUSE-SU-2021:1488-1", "OPENSUSE-SU-2021:1489-1"]}, {"type": "talos", "idList": ["TALOS-2021-1348"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:6A9CD6F085628D08978727C0FF597535"]}, {"type": "threatpost", "idList": ["THREATPOST:88DD5812D3C8652E304F32507E4F68DD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30565", "UB:CVE-2021-30566", "UB:CVE-2021-30567", "UB:CVE-2021-30568", "UB:CVE-2021-30569", "UB:CVE-2021-30571", "UB:CVE-2021-30572", "UB:CVE-2021-30573", "UB:CVE-2021-30574", "UB:CVE-2021-30575", "UB:CVE-2021-30576", "UB:CVE-2021-30577", "UB:CVE-2021-30578", "UB:CVE-2021-30579", "UB:CVE-2021-30580", "UB:CVE-2021-30581", "UB:CVE-2021-30582", "UB:CVE-2021-30583", "UB:CVE-2021-30584", "UB:CVE-2021-30585", "UB:CVE-2021-30586", "UB:CVE-2021-30587", "UB:CVE-2021-30588", "UB:CVE-2021-30589", "UB:CVE-2021-30590", "UB:CVE-2021-30591", "UB:CVE-2021-30592", "UB:CVE-2021-30593", "UB:CVE-2021-30594", "UB:CVE-2021-30596", "UB:CVE-2021-30597", "UB:CVE-2021-30606", "UB:CVE-2021-30607", "UB:CVE-2021-30608", "UB:CVE-2021-30609", "UB:CVE-2021-30610", "UB:CVE-2021-30611", "UB:CVE-2021-30612", "UB:CVE-2021-30613", "UB:CVE-2021-30614", "UB:CVE-2021-30615", "UB:CVE-2021-30616", "UB:CVE-2021-30617", "UB:CVE-2021-30618", "UB:CVE-2021-30619", "UB:CVE-2021-30620", "UB:CVE-2021-30621", "UB:CVE-2021-30622", "UB:CVE-2021-30623", "UB:CVE-2021-30624", "UB:CVE-2021-30625", "UB:CVE-2021-30626", "UB:CVE-2021-30627", "UB:CVE-2021-30628", "UB:CVE-2021-30629", "UB:CVE-2021-30630", "UB:CVE-2021-30631", "UB:CVE-2021-30632", "UB:CVE-2021-30633", "UB:CVE-2021-37956", "UB:CVE-2021-37957", "UB:CVE-2021-37958", "UB:CVE-2021-37959", "UB:CVE-2021-37960", "UB:CVE-2021-37961", "UB:CVE-2021-37962", "UB:CVE-2021-37963", "UB:CVE-2021-37965", "UB:CVE-2021-37966", "UB:CVE-2021-37967", "UB:CVE-2021-37968", "UB:CVE-2021-37970", "UB:CVE-2021-37971", "UB:CVE-2021-37997", "UB:CVE-2021-37998", "UB:CVE-2021-37999", "UB:CVE-2021-38000", "UB:CVE-2021-38001", "UB:CVE-2021-38002", "UB:CVE-2021-4098", "UB:CVE-2021-4099", "UB:CVE-2021-4100", "UB:CVE-2021-4101", "UB:CVE-2021-4102", "UB:CVE-2022-0117", "UB:CVE-2022-0118", "UB:CVE-2022-0120", "UB:CVE-2022-0289"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-30565", "epss": 0.00205, "percentile": 0.57, "modified": "2023-05-01"}, {"cve": "CVE-2021-30566", "epss": 0.00379, "percentile": 0.68833, "modified": "2023-05-01"}, {"cve": "CVE-2021-30567", "epss": 0.0021, "percentile": 0.57425, "modified": "2023-05-01"}, {"cve": "CVE-2021-30568", "epss": 0.00358, "percentile": 0.67909, "modified": "2023-05-01"}, {"cve": "CVE-2021-30569", "epss": 0.004, "percentile": 0.69694, "modified": "2023-05-01"}, {"cve": "CVE-2021-30571", "epss": 0.00259, "percentile": 0.62162, "modified": "2023-05-01"}, {"cve": "CVE-2021-30572", "epss": 0.00358, "percentile": 0.67945, "modified": "2023-05-01"}, {"cve": "CVE-2021-30573", "epss": 0.00358, "percentile": 0.67945, "modified": "2023-05-01"}, {"cve": "CVE-2021-30574", "epss": 0.00358, "percentile": 0.67945, "modified": "2023-05-01"}, {"cve": "CVE-2021-30575", "epss": 0.00526, "percentile": 0.7352, "modified": "2023-05-01"}, {"cve": "CVE-2021-30576", "epss": 0.00182, "percentile": 0.54008, "modified": "2023-05-01"}, {"cve": "CVE-2021-30577", "epss": 0.00085, "percentile": 0.34648, "modified": "2023-05-01"}, {"cve": "CVE-2021-30578", "epss": 0.00508, "percentile": 0.73072, "modified": "2023-05-01"}, {"cve": "CVE-2021-30579", "epss": 0.00358, "percentile": 0.67945, "modified": "2023-05-01"}, {"cve": "CVE-2021-30580", "epss": 0.00229, "percentile": 0.59528, "modified": "2023-05-01"}, {"cve": "CVE-2021-30581", "epss": 0.00182, "percentile": 0.54008, "modified": "2023-05-01"}, {"cve": "CVE-2021-30582", "epss": 0.04401, "percentile": 0.91127, "modified": "2023-05-01"}, {"cve": "CVE-2021-30583", "epss": 0.01347, "percentile": 0.84119, "modified": "2023-05-01"}, {"cve": "CVE-2021-30584", "epss": 0.00293, "percentile": 0.64528, "modified": "2023-05-01"}, {"cve": "CVE-2021-30585", "epss": 0.004, "percentile": 0.69694, "modified": "2023-05-01"}, {"cve": "CVE-2021-30586", "epss": 0.00194, "percentile": 0.55685, "modified": "2023-05-01"}, {"cve": "CVE-2021-30587", "epss": 0.00639, "percentile": 0.76152, "modified": "2023-05-01"}, {"cve": "CVE-2021-30588", "epss": 0.00508, "percentile": 0.73072, "modified": "2023-05-01"}, {"cve": "CVE-2021-30589", "epss": 0.0022, "percentile": 0.58616, "modified": "2023-05-01"}, {"cve": "CVE-2021-30590", "epss": 0.003, "percentile": 0.64916, "modified": "2023-05-01"}, {"cve": "CVE-2021-30591", "epss": 0.00284, "percentile": 0.63953, "modified": "2023-05-01"}, {"cve": "CVE-2021-30592", "epss": 0.00205, "percentile": 0.57, "modified": "2023-05-01"}, {"cve": "CVE-2021-30593", "epss": 0.00231, "percentile": 0.59779, "modified": "2023-05-01"}, {"cve": "CVE-2021-30594", "epss": 0.00146, "percentile": 0.49236, "modified": "2023-05-01"}, {"cve": "CVE-2021-30596", "epss": 0.00248, "percentile": 0.61175, "modified": "2023-05-01"}, {"cve": "CVE-2021-30597", "epss": 0.00146, "percentile": 0.49236, "modified": "2023-05-01"}, {"cve": "CVE-2021-30598", "epss": 0.00365, "percentile": 0.6822, "modified": "2023-05-02"}, {"cve": "CVE-2021-30599", "epss": 0.00644, "percentile": 0.76244, "modified": "2023-05-02"}, {"cve": "CVE-2021-30600", "epss": 0.00284, "percentile": 0.63958, "modified": "2023-05-02"}, {"cve": "CVE-2021-30601", "epss": 0.00205, "percentile": 0.57013, "modified": "2023-05-02"}, {"cve": "CVE-2021-30602", "epss": 0.00422, "percentile": 0.70421, "modified": "2023-05-02"}, {"cve": "CVE-2021-30603", "epss": 0.00555, "percentile": 0.74247, "modified": "2023-05-02"}, {"cve": "CVE-2021-30604", "epss": 0.00284, "percentile": 0.63958, "modified": "2023-05-02"}, {"cve": "CVE-2021-30606", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-02"}, {"cve": "CVE-2021-30607", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-02"}, {"cve": "CVE-2021-30608", "epss": 0.00198, "percentile": 0.56193, "modified": "2023-05-02"}, {"cve": "CVE-2021-30609", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-02"}, {"cve": "CVE-2021-30610", "epss": 0.00242, "percentile": 0.6063, "modified": "2023-05-02"}, {"cve": "CVE-2021-30611", "epss": 0.00153, "percentile": 0.50081, "modified": "2023-05-02"}, {"cve": "CVE-2021-30612", "epss": 0.00198, "percentile": 0.56193, "modified": "2023-05-02"}, {"cve": "CVE-2021-30613", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-02"}, {"cve": "CVE-2021-30614", "epss": 0.00385, "percentile": 0.69068, "modified": "2023-05-02"}, {"cve": "CVE-2021-30615", "epss": 0.00198, "percentile": 0.56194, "modified": "2023-05-02"}, {"cve": "CVE-2021-30616", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-02"}, {"cve": "CVE-2021-30617", "epss": 0.00117, "percentile": 0.44173, "modified": "2023-05-02"}, {"cve": "CVE-2021-30618", "epss": 0.0026, "percentile": 0.62246, "modified": "2023-05-02"}, {"cve": "CVE-2021-30619", "epss": 0.00166, "percentile": 0.51818, "modified": "2023-05-02"}, {"cve": "CVE-2021-30620", "epss": 0.0026, "percentile": 0.62246, "modified": "2023-05-02"}, {"cve": "CVE-2021-30621", "epss": 0.00166, "percentile": 0.51818, "modified": "2023-05-02"}, {"cve": "CVE-2021-30622", "epss": 0.00198, "percentile": 0.56193, "modified": "2023-05-02"}, {"cve": "CVE-2021-30623", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-02"}, {"cve": "CVE-2021-30624", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-02"}, {"cve": "CVE-2021-30625", "epss": 0.00173, "percentile": 0.52925, "modified": "2023-05-02"}, {"cve": "CVE-2021-30626", "epss": 0.00267, "percentile": 0.62735, "modified": "2023-05-02"}, {"cve": "CVE-2021-30627", "epss": 0.00267, "percentile": 0.62735, "modified": "2023-05-02"}, {"cve": "CVE-2021-30628", "epss": 0.00267, "percentile": 0.62735, "modified": "2023-05-02"}, {"cve": "CVE-2021-30629", "epss": 0.00378, "percentile": 0.68821, "modified": "2023-05-02"}, {"cve": "CVE-2021-30630", "epss": 0.00179, "percentile": 0.53536, "modified": "2023-05-02"}, {"cve": "CVE-2021-30632", "epss": 0.86698, "percentile": 0.98049, "modified": "2023-05-02"}, {"cve": "CVE-2021-30633", "epss": 0.00233, "percentile": 0.59934, "modified": "2023-05-02"}, {"cve": "CVE-2021-37956", "epss": 0.00227, "percentile": 0.59406, "modified": "2023-05-02"}, {"cve": "CVE-2021-37957", "epss": 0.00204, "percentile": 0.56864, "modified": "2023-05-02"}, {"cve": "CVE-2021-37958", "epss": 0.00338, "percentile": 0.67007, "modified": "2023-05-02"}, {"cve": "CVE-2021-37959", "epss": 0.00147, "percentile": 0.49375, "modified": "2023-05-02"}, {"cve": "CVE-2021-37961", "epss": 0.00227, "percentile": 0.59406, "modified": "2023-05-02"}, {"cve": "CVE-2021-37962", "epss": 0.00227, "percentile": 0.59406, "modified": "2023-05-02"}, {"cve": "CVE-2021-37963", "epss": 0.00341, "percentile": 0.67128, "modified": "2023-05-02"}, {"cve": "CVE-2021-37965", "epss": 0.00336, "percentile": 0.66938, "modified": "2023-05-02"}, {"cve": "CVE-2021-37966", "epss": 0.00237, "percentile": 0.6029, "modified": "2023-05-02"}, {"cve": "CVE-2021-37967", "epss": 0.00237, "percentile": 0.6029, "modified": "2023-05-02"}, {"cve": "CVE-2021-37968", "epss": 0.00477, "percentile": 0.72157, "modified": "2023-05-02"}, {"cve": "CVE-2021-37970", "epss": 0.00182, "percentile": 0.53997, "modified": "2023-05-02"}, {"cve": "CVE-2021-37971", "epss": 0.0039, "percentile": 0.69311, "modified": "2023-05-02"}, {"cve": "CVE-2021-37973", "epss": 0.00301, "percentile": 0.6498, "modified": "2023-05-02"}, {"cve": "CVE-2021-37974", "epss": 0.00329, "percentile": 0.66586, "modified": "2023-05-02"}, {"cve": "CVE-2021-37975", "epss": 0.52228, "percentile": 0.9703, "modified": "2023-05-02"}, {"cve": "CVE-2021-37976", "epss": 0.02814, "percentile": 0.89114, "modified": "2023-05-02"}, {"cve": "CVE-2021-37977", "epss": 0.00301, "percentile": 0.64957, "modified": "2023-05-02"}, {"cve": "CVE-2021-37978", "epss": 0.00212, "percentile": 0.57713, "modified": "2023-05-02"}, {"cve": "CVE-2021-37979", "epss": 0.00211, "percentile": 0.57566, "modified": "2023-05-02"}, {"cve": "CVE-2021-37981", "epss": 0.00175, "percentile": 0.53138, "modified": "2023-05-02"}, {"cve": "CVE-2021-37982", "epss": 0.00284, "percentile": 0.63953, "modified": "2023-05-02"}, {"cve": "CVE-2021-37983", "epss": 0.00284, "percentile": 0.63953, "modified": "2023-05-02"}, {"cve": "CVE-2021-37984", "epss": 0.002, "percentile": 0.56405, "modified": "2023-05-02"}, {"cve": "CVE-2021-37985", "epss": 0.00284, "percentile": 0.63953, "modified": "2023-05-02"}, {"cve": "CVE-2021-37986", "epss": 0.002, "percentile": 0.56405, "modified": "2023-05-02"}, {"cve": "CVE-2021-37987", "epss": 0.00284, "percentile": 0.63953, "modified": "2023-05-02"}, {"cve": "CVE-2021-37988", "epss": 0.00284, "percentile": 0.63953, "modified": "2023-05-02"}, {"cve": "CVE-2021-37989", "epss": 0.00182, "percentile": 0.5401, "modified": "2023-05-02"}, {"cve": "CVE-2021-37990", "epss": 0.00107, "percentile": 0.42116, "modified": "2023-05-02"}, {"cve": "CVE-2021-37991", "epss": 0.002, "percentile": 0.56405, "modified": "2023-05-02"}, {"cve": "CVE-2021-37992", "epss": 0.002, "percentile": 0.56405, "modified": "2023-05-02"}, {"cve": "CVE-2021-37993", "epss": 0.00284, "percentile": 0.63953, "modified": "2023-05-02"}, {"cve": "CVE-2021-37994", "epss": 0.00148, "percentile": 0.49447, "modified": "2023-05-02"}, {"cve": "CVE-2021-37995", "epss": 0.00182, "percentile": 0.5401, "modified": "2023-05-02"}, {"cve": "CVE-2021-37996", "epss": 0.00106, "percentile": 0.41862, "modified": "2023-05-02"}, {"cve": "CVE-2021-37997", "epss": 0.00241, "percentile": 0.60578, "modified": "2023-05-02"}, {"cve": "CVE-2021-37998", "epss": 0.00241, "percentile": 0.60578, "modified": "2023-05-02"}, {"cve": "CVE-2021-37999", "epss": 0.00148, "percentile": 0.49405, "modified": "2023-05-02"}, {"cve": "CVE-2021-38000", "epss": 0.00258, "percentile": 0.62052, "modified": "2023-05-02"}, {"cve": "CVE-2021-38001", "epss": 0.0017, "percentile": 0.52616, "modified": "2023-05-02"}, {"cve": "CVE-2021-38002", "epss": 0.00148, "percentile": 0.4948, "modified": "2023-05-02"}, {"cve": "CVE-2021-38003", "epss": 0.01295, "percentile": 0.83796, "modified": "2023-05-02"}, {"cve": "CVE-2021-38005", "epss": 0.00252, "percentile": 0.61568, "modified": "2023-05-02"}, {"cve": "CVE-2021-38006", "epss": 0.00252, "percentile": 0.61568, "modified": "2023-05-02"}, {"cve": "CVE-2021-38007", "epss": 0.00178, "percentile": 0.53473, "modified": "2023-05-02"}, {"cve": "CVE-2021-38008", "epss": 0.003, "percentile": 0.64905, "modified": "2023-05-02"}, {"cve": "CVE-2021-38009", "epss": 0.00218, "percentile": 0.58286, "modified": "2023-05-02"}, {"cve": "CVE-2021-38010", "epss": 0.00146, "percentile": 0.492, "modified": "2023-05-02"}, {"cve": "CVE-2021-38011", "epss": 0.00252, "percentile": 0.61568, "modified": "2023-05-02"}, {"cve": "CVE-2021-38012", "epss": 0.00178, "percentile": 0.53473, "modified": "2023-05-02"}, {"cve": "CVE-2021-38013", "epss": 0.00186, "percentile": 0.54487, "modified": "2023-05-02"}, {"cve": "CVE-2021-38014", "epss": 0.00173, "percentile": 0.52972, "modified": "2023-05-02"}, {"cve": "CVE-2021-38015", "epss": 0.00115, "percentile": 0.43889, "modified": "2023-05-02"}, {"cve": "CVE-2021-38016", "epss": 0.00178, "percentile": 0.53473, "modified": "2023-05-02"}, {"cve": "CVE-2021-38017", "epss": 0.00178, "percentile": 0.53473, "modified": "2023-05-02"}, {"cve": "CVE-2021-38018", "epss": 0.00106, "percentile": 0.41655, "modified": "2023-05-02"}, {"cve": "CVE-2021-38019", "epss": 0.00214, "percentile": 0.57935, "modified": "2023-05-02"}, {"cve": "CVE-2021-38020", "epss": 0.00148, "percentile": 0.49408, "modified": "2023-05-02"}, {"cve": "CVE-2021-38021", "epss": 0.00146, "percentile": 0.492, "modified": "2023-05-02"}, {"cve": "CVE-2021-38022", "epss": 0.00214, "percentile": 0.57935, "modified": "2023-05-02"}, {"cve": "CVE-2021-4098", "epss": 0.00102, "percentile": 0.40333, "modified": "2023-05-02"}, {"cve": "CVE-2021-4099", "epss": 0.00133, "percentile": 0.4691, "modified": "2023-05-02"}, {"cve": "CVE-2021-4100", "epss": 0.00133, "percentile": 0.46951, "modified": "2023-05-02"}, {"cve": "CVE-2021-4101", "epss": 0.00133, "percentile": 0.46951, "modified": "2023-05-02"}, {"cve": "CVE-2021-4102", "epss": 0.0051, "percentile": 0.73116, "modified": "2023-05-02"}, {"cve": "CVE-2022-0096", "epss": 0.00247, "percentile": 0.61102, "modified": "2023-05-02"}, {"cve": "CVE-2022-0097", "epss": 0.00121, "percentile": 0.44956, "modified": "2023-05-02"}, {"cve": "CVE-2022-0098", "epss": 0.00117, "percentile": 0.4429, "modified": "2023-05-02"}, {"cve": "CVE-2022-0099", "epss": 0.00263, "percentile": 0.62447, "modified": "2023-05-02"}, {"cve": "CVE-2022-0100", "epss": 0.00304, "percentile": 0.65246, "modified": "2023-05-02"}, {"cve": "CVE-2022-0101", "epss": 0.00304, "percentile": 0.65246, "modified": "2023-05-02"}, {"cve": "CVE-2022-0102", "epss": 0.00263, "percentile": 0.62447, "modified": "2023-05-02"}, {"cve": "CVE-2022-0103", "epss": 0.00263, "percentile": 0.62447, "modified": "2023-05-02"}, {"cve": "CVE-2022-0104", "epss": 0.00249, "percentile": 0.61263, "modified": "2023-05-02"}, {"cve": "CVE-2022-0105", "epss": 0.00247, "percentile": 0.61102, "modified": "2023-05-02"}, {"cve": "CVE-2022-0106", "epss": 0.00247, "percentile": 0.61102, "modified": "2023-05-02"}, {"cve": "CVE-2022-0107", "epss": 0.00117, "percentile": 0.4429, "modified": "2023-05-02"}, {"cve": "CVE-2022-0108", "epss": 0.01044, "percentile": 0.81789, "modified": "2023-05-02"}, {"cve": "CVE-2022-0109", "epss": 0.0047, "percentile": 0.71939, "modified": "2023-05-02"}, {"cve": "CVE-2022-0110", "epss": 0.00259, "percentile": 0.62141, "modified": "2023-05-02"}, {"cve": "CVE-2022-0111", "epss": 0.00319, "percentile": 0.66061, "modified": "2023-05-02"}, {"cve": "CVE-2022-0112", "epss": 0.00229, "percentile": 0.59589, "modified": "2023-05-02"}, {"cve": "CVE-2022-0113", "epss": 0.00529, "percentile": 0.73616, "modified": "2023-05-02"}, {"cve": "CVE-2022-0114", "epss": 0.0028, "percentile": 0.63694, "modified": "2023-05-02"}, {"cve": "CVE-2022-0115", "epss": 0.00247, "percentile": 0.61102, "modified": "2023-05-02"}, {"cve": "CVE-2022-0116", "epss": 0.00275, "percentile": 0.633, "modified": "2023-05-02"}, {"cve": "CVE-2022-0117", "epss": 0.00533, "percentile": 0.73717, "modified": "2023-05-02"}, {"cve": "CVE-2022-0118", "epss": 0.00212, "percentile": 0.57663, "modified": "2023-05-02"}, {"cve": "CVE-2022-0120", "epss": 0.00444, "percentile": 0.7113, "modified": "2023-05-02"}, {"cve": "CVE-2022-0289", "epss": 0.00484, "percentile": 0.7242, "modified": "2023-05-02"}, {"cve": "CVE-2022-0290", "epss": 0.00486, "percentile": 0.72466, "modified": "2023-05-02"}, {"cve": "CVE-2022-0291", "epss": 0.00115, "percentile": 0.43836, "modified": "2023-05-02"}, {"cve": "CVE-2022-0292", "epss": 0.00111, "percentile": 0.42907, "modified": "2023-05-02"}, {"cve": "CVE-2022-0293", "epss": 0.00145, "percentile": 0.49101, "modified": "2023-05-02"}, {"cve": "CVE-2022-0294", "epss": 0.00115, "percentile": 0.43836, "modified": "2023-05-02"}, {"cve": "CVE-2022-0295", "epss": 0.00133, "percentile": 0.4691, "modified": "2023-05-02"}, {"cve": "CVE-2022-0296", "epss": 0.00133, "percentile": 0.4691, "modified": "2023-05-02"}, {"cve": "CVE-2022-0297", "epss": 0.00133, "percentile": 0.4691, "modified": "2023-05-02"}, {"cve": "CVE-2022-0298", "epss": 0.00133, "percentile": 0.4691, "modified": "2023-05-02"}, {"cve": "CVE-2022-0300", "epss": 0.00133, "percentile": 0.4691, "modified": "2023-05-02"}, {"cve": "CVE-2022-0301", "epss": 0.00052, "percentile": 0.18211, "modified": "2023-05-02"}, {"cve": "CVE-2022-0302", "epss": 0.00112, "percentile": 0.43215, "modified": "2023-05-02"}, {"cve": "CVE-2022-0304", "epss": 0.00133, "percentile": 0.4691, "modified": "2023-05-02"}, {"cve": "CVE-2022-0305", "epss": 0.00092, "percentile": 0.37986, "modified": "2023-05-02"}, {"cve": "CVE-2022-0306", "epss": 0.00255, "percentile": 0.61918, "modified": "2023-05-02"}, {"cve": "CVE-2022-0307", "epss": 0.00133, "percentile": 0.4691, "modified": "2023-05-02"}, {"cve": "CVE-2022-0308", "epss": 0.00133, "percentile": 0.4691, "modified": "2023-05-02"}, {"cve": "CVE-2022-0309", "epss": 0.00092, "percentile": 0.37986, "modified": "2023-05-02"}, {"cve": "CVE-2022-0310", "epss": 0.00111, "percentile": 0.42921, "modified": "2023-05-02"}, {"cve": "CVE-2022-0311", "epss": 0.00111, "percentile": 0.42921, "modified": "2023-05-02"}], "vulnersScore": 9.4}, "_state": {"dependencies": 1688481230, "score": 1688481536, "epss": 0}, "_internal": {"score_hash": "d3e58cc419d554038a9e7cc717356ac7"}, "pluginID": "157241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202201-02.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157241);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\n \"CVE-2021-4098\",\n \"CVE-2021-4099\",\n \"CVE-2021-4100\",\n \"CVE-2021-4101\",\n \"CVE-2021-4102\",\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30580\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30583\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30586\",\n \"CVE-2021-30587\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\",\n \"CVE-2021-30590\",\n \"CVE-2021-30591\",\n \"CVE-2021-30592\",\n \"CVE-2021-30593\",\n \"CVE-2021-30594\",\n \"CVE-2021-30596\",\n \"CVE-2021-30597\",\n \"CVE-2021-30598\",\n \"CVE-2021-30599\",\n \"CVE-2021-30600\",\n \"CVE-2021-30601\",\n \"CVE-2021-30602\",\n \"CVE-2021-30603\",\n \"CVE-2021-30604\",\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\",\n \"CVE-2021-30625\",\n \"CVE-2021-30626\",\n \"CVE-2021-30627\",\n \"CVE-2021-30628\",\n \"CVE-2021-30629\",\n \"CVE-2021-30630\",\n \"CVE-2021-30631\",\n \"CVE-2021-30632\",\n \"CVE-2021-30633\",\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\",\n \"CVE-2021-37977\",\n \"CVE-2021-37978\",\n \"CVE-2021-37979\",\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\",\n \"CVE-2021-37997\",\n \"CVE-2021-37998\",\n \"CVE-2021-37999\",\n \"CVE-2021-38000\",\n \"CVE-2021-38001\",\n \"CVE-2021-38002\",\n \"CVE-2021-38003\",\n \"CVE-2021-38005\",\n \"CVE-2021-38006\",\n \"CVE-2021-38007\",\n \"CVE-2021-38008\",\n \"CVE-2021-38009\",\n \"CVE-2021-38010\",\n \"CVE-2021-38011\",\n \"CVE-2021-38012\",\n \"CVE-2021-38013\",\n \"CVE-2021-38014\",\n \"CVE-2021-38015\",\n \"CVE-2021-38016\",\n \"CVE-2021-38017\",\n \"CVE-2021-38018\",\n \"CVE-2021-38019\",\n \"CVE-2021-38020\",\n \"CVE-2021-38021\",\n \"CVE-2021-38022\",\n \"CVE-2022-0096\",\n \"CVE-2022-0097\",\n \"CVE-2022-0098\",\n \"CVE-2022-0099\",\n \"CVE-2022-0100\",\n \"CVE-2022-0101\",\n \"CVE-2022-0102\",\n \"CVE-2022-0103\",\n \"CVE-2022-0104\",\n \"CVE-2022-0105\",\n \"CVE-2022-0106\",\n \"CVE-2022-0107\",\n \"CVE-2022-0108\",\n \"CVE-2022-0109\",\n \"CVE-2022-0110\",\n \"CVE-2022-0111\",\n \"CVE-2022-0112\",\n \"CVE-2022-0113\",\n \"CVE-2022-0114\",\n \"CVE-2022-0115\",\n \"CVE-2022-0116\",\n \"CVE-2022-0117\",\n \"CVE-2022-0118\",\n \"CVE-2022-0120\",\n \"CVE-2022-0289\",\n \"CVE-2022-0290\",\n \"CVE-2022-0291\",\n \"CVE-2022-0292\",\n \"CVE-2022-0293\",\n \"CVE-2022-0294\",\n \"CVE-2022-0295\",\n \"CVE-2022-0296\",\n \"CVE-2022-0297\",\n \"CVE-2022-0298\",\n \"CVE-2022-0300\",\n \"CVE-2022-0301\",\n \"CVE-2022-0302\",\n \"CVE-2022-0303\",\n \"CVE-2022-0304\",\n \"CVE-2022-0305\",\n \"CVE-2022-0306\",\n \"CVE-2022-0307\",\n \"CVE-2022-0308\",\n \"CVE-2022-0309\",\n \"CVE-2022-0310\",\n \"CVE-2022-0311\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0385-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0411-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0449-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0459-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0522-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0555-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0576-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0001-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0042-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/12/29\");\n\n script_name(english:\"GLSA-202201-02 : Chromium, Google Chrome: Multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202201-02 (Chromium, Google Chrome: Multiple\nvulnerabilities)\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious extension to perform an out of bounds memory write\n via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who\n had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker\n who convinced a user to install a malicious extension to potentially perform a sandbox escape via a\n crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform\n out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious application to obtain potentially sensitive\n information via a crafted HTML page. (CVE-2021-30580)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107\n allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30583)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via\n a crafted HTML page. (CVE-2021-30586)\n\n - Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-30587)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a\n remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30590)\n\n - Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who\n convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted\n HTML page. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced\n a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.\n (CVE-2021-30593)\n\n - Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to\n potentially exploit heap corruption via physical access to the device. (CVE-2021-30594)\n\n - Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote\n attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-30596)\n\n - Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker\n to potentially exploit heap corruption via physical access to the device. (CVE-2021-30597)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute\n arbitrary code inside a sandbox via a crafted HTML page. (CVE-2021-30598, CVE-2021-30599)\n\n - Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30600)\n\n - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30601)\n\n - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user\n to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30602)\n\n - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30603)\n\n - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30604)\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who\n convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML\n page. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626)\n\n - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627)\n\n - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to\n potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628)\n\n - Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30629)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who\n had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-30630)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by\n its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-30631,\n CVE-2021-37960)\n\n - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30632)\n\n - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-30633)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978)\n\n - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who\n convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2021-37979)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a\n user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced\n a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote\n attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a\n remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\n - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a\n user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote\n attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.\n (CVE-2021-37999)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69\n allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.\n (CVE-2021-38000)\n\n - Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38001)\n\n - Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38002)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\n - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2021-38009)\n\n - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2021-38010)\n\n - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed\n a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via\n a crafted HTML page. (CVE-2021-38013)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014)\n\n - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who\n convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome\n Extension. (CVE-2021-38015)\n\n - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a\n remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016)\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2021-38019)\n\n - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-38020)\n\n - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker\n to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202201-02\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=803167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=806223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=808715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=811348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=813035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=814221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=814617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=815673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=816984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=819054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=820689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=824274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=829190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=830642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=831624\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n\t\t\t# emerge --sync\n\t\t\t# emerge --ask --oneshot --verbose\n\t\t\t>=www-client/chromium-97.0.4692.99\n\t\t\nAll Google Chrome users should upgrade to the latest version:\n\n\t\t\t# emerge --sync\n\t\t\t# emerge --ask --oneshot --verbose\n\t\t\t>=www-client/google-chrome-97.0.4692.99\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 97.0.4692.99\"),\n 'vulnerable' : make_list(\"lt 97.0.4692.99\")\n },\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 97.0.4692.99\"),\n 'vulnerable' : make_list(\"lt 97.0.4692.99\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "solution": "All Chromium users should upgrade to the latest version:\n\n\t\t\t# emerge --sync \t\t\t# emerge --ask --oneshot --verbose \t\t\t>=www-client/chromium-97.0.4692.99 \t\tAll Google Chrome users should upgrade to the latest version:\n\n\t\t\t# emerge --sync \t\t\t# emerge --ask --oneshot --verbose \t\t\t>=www-client/google-chrome-97.0.4692.99", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-38017", "vendor_cvss2": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.0"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-01-31T00:00:00", "vulnerabilityPublicationDate": "2021-07-20T00:00:00", "exploitableWith": []}

{"fedora": [{"lastseen": "2023-05-27T14:49:26", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-13T03:49:46", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-93.0.4577.63-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-09-13T03:49:46", "id": "FEDORA:54EF9304CB93", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5LVY4WIWTVVYKQMROJJS365TZBKEARCF/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:26", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-13T13:09:01", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-93.0.4577.63-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-09-13T13:09:01", "id": "FEDORA:B923630946D6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:27", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-24T20:47:44", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-93.0.4577.63-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-09-24T20:47:44", "id": "FEDORA:6E174304C6DC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-09T00:27:38", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-94.0.4606.61-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30542", "CVE-2021-30543", "CVE-2021-30558", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "modified": "2021-10-09T00:27:38", "id": "FEDORA:E043930AE6E8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:06", "description": "Qt5 - QtWebEngine components. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-30T01:44:13", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: qt5-qtwebengine-5.15.8-2.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30613", "CVE-2021-30616", "CVE-2021-30618", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30630", "CVE-2021-30633", "CVE-2021-3517", "CVE-2021-3541", "CVE-2021-37962", "CVE-2021-37968", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980", "CVE-2021-37984", "CVE-2021-37989", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37996", "CVE-2021-38001", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38012", "CVE-2021-38015", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38022", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4062", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2022-01-30T01:44:13", "id": "FEDORA:210C430584A5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2MLX3OHXV7SCLP5MK4AA5TVXPPNSWDUP/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-03T01:10:21", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-94.0.4606.61-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30542", "CVE-2021-30543", "CVE-2021-30558", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "modified": "2021-10-03T01:10:21", "id": "FEDORA:4CD8430AA7AD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WKQDE3PWDKASAPSUJYMOQGL73L3YQRFS/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-29T23:16:24", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-94.0.4606.61-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30542", "CVE-2021-30543", "CVE-2021-30558", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "modified": "2021-10-29T23:16:24", "id": "FEDORA:5C0DB31397D8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:06", "description": "Qt5 - QtWebEngine components. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-02-04T01:23:18", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: qt5-qtwebengine-5.15.8-2.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30530", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30541", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30551", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30556", "CVE-2021-30559", "CVE-2021-30560", "CVE-2021-30563", "CVE-2021-30566", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30573", "CVE-2021-30585", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30613", "CVE-2021-30616", "CVE-2021-30618", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30633", "CVE-2021-3517", "CVE-2021-3541", "CVE-2021-37962", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980", "CVE-2021-37984", "CVE-2021-37987", "CVE-2021-37989", "CVE-2021-37993", "CVE-2021-37996", "CVE-2021-38001", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38007", "CVE-2021-38009", "CVE-2021-38012", "CVE-2021-38015", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4062", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2022-02-04T01:23:18", "id": "FEDORA:75CA430AA7A6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TAQAOVT4SUACCJLZJ5TNNXKVBC2JWMPG/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-04T01:24:01", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-94.0.4606.81-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-11-04T01:24:01", "id": "FEDORA:1E8AD3056996", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:36:18", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-29T06:39:34", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-96.0.4664.110-3.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38004", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2022-01-29T06:39:34", "id": "FEDORA:12FCA30F5428", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6DYRBUWTP7BHWIWYZCVTN437SG6GUZDC/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:36:18", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-07T01:12:20", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-96.0.4664.110-3.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38004", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2022-01-07T01:12:20", "id": "FEDORA:D72E230C6791", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-29T23:26:34", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-94.0.4606.81-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-10-29T23:26:34", "id": "FEDORA:BC8983072E0A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FRFXUDH46PFVE75VQVWY6PYY5DK3S2XT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-15T19:23:21", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-94.0.4606.81-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-10-15T19:23:21", "id": "FEDORA:BE52E30CCCAA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D63JZ3ROXCUHP4CFWDHCPZNTGET7T34R/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-15T17:09:19", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-03-14T22:27:09", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-99.0.4844.51-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22570", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809"], "modified": "2022-03-14T22:27:09", "id": "FEDORA:BD29330987FD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-15T17:09:19", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-03-11T14:48:13", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-99.0.4844.51-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22570", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809"], "modified": "2022-03-11T14:48:13", "id": "FEDORA:7AA7C307F074", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-15T17:09:20", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-03-26T15:43:20", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: chromium-99.0.4844.51-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22570", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809"], "modified": "2022-03-26T15:43:20", "id": "FEDORA:9952031143B1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-09-15T17:08:11", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one, fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n \t\t\t# emerge --sync\n \t\t\t# emerge --ask --oneshot --verbose\n \t\t\t\">=www-client/chromium-97.0.4692.99\"\n \t\t\n\nAll Google Chrome users should upgrade to the latest version:\n \n \n \t\t\t# emerge --sync\n \t\t\t# emerge --ask --oneshot --verbose\n \t\t\t\">=www-client/google-chrome-97.0.4692.99\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-31T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "modified": "2022-01-31T00:00:00", "id": "GLSA-202201-02", "href": "https://security.gentoo.org/glsa/202201-02", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-05-27T14:56:04", "description": "\n\nChrome Releases reports:\n\nThis release contains 27 security fixes, including:\n\n[1233975] High CVE-2021-30606: Use after free in Blink. Reported\n\t by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360\n\t Alpha Lab on 2021-07-28\n[1235949] High CVE-2021-30607: Use after free in Permissions.\n\t Reported by Weipeng Jiang (@Krace) from Codesafe Team of\n\t Legendsec at Qi'anxin Group on 2021-08-03\n[1219870] High CVE-2021-30608: Use after free in Web Share.\n\t Reported by Huyna at Viettel Cyber Security on 2021-06-15\n[1239595] High CVE-2021-30609: Use after free in Sign-In.\n\t Reported by raven (@raid_akame) on 2021-08-13\n[1200440] High CVE-2021-30610: Use after free in Extensions API.\n\t Reported by Igor Bukanov from Vivaldi on 2021-04-19\n[1233942] Medium CVE-2021-30611: Use after free in WebRTC.\n\t Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of\n\t 360 Alpha Lab on 2021-07-28\n[1234284] Medium CVE-2021-30612: Use after free in WebRTC.\n\t Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of\n\t 360 Alpha Lab on 2021-07-29\n[1209622] Medium CVE-2021-30613: Use after free in Base\n\t internals. Reported by Yangkang (@dnpushme) of 360 ATA on\n\t 2021-05-16\n[1207315] Medium CVE-2021-30614: Heap buffer overflow in\n\t TabStrip. Reported by Huinian Yang (@vmth6) of Amber Security Lab,\n\t OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10\n[1208614] Medium CVE-2021-30615: Cross-origin data leak in\n\t Navigation. Reported by NDevTK on 2021-05-12\n[1231432] Medium CVE-2021-30616: Use after free in Media.\n\t Reported by Anonymous on 2021-07-21\n[1226909] Medium CVE-2021-30617: Policy bypass in Blink.\n\t Reported by NDevTK on 2021-07-07\n[1232279] Medium CVE-2021-30618: Inappropriate implementation in\n\t DevTools. Reported by @DanAmodio and @mattaustin from Contrast\n\t Security on 2021-07-23\n[1235222] Medium CVE-2021-30619: UI Spoofing in Autofill.\n\t Reported by Alesandro Ortiz on 2021-08-02\n[1063518] Medium CVE-2021-30620: Insufficient policy enforcement\n\t in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\n\t Research on 2020-03-20\n[1204722] Medium CVE-2021-30621: UI Spoofing in Autofill.\n\t Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n\t Research on 2021-04-30\n[1224419] Medium CVE-2021-30622: Use after free in WebApp\n\t Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\n\t Research on 2021-06-28\n[1223667] Low CVE-2021-30623: Use after free in Bookmarks.\n\t Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2021-06-25\n[1230513] Low CVE-2021-30624: Use after free in Autofill.\n\t Reported by Wei Yuan of MoyunSec VLab on 2021-07-19\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-31T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-08-31T00:00:00", "id": "A7732806-0B2A-11EC-836B-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/a7732806-0b2a-11ec-836b-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:56:04", "description": "\n\nChrome Releases reports:\n\nThis release contains 35 security fixes, including:\n\n][1210985] High CVE-2021-30565: Out of bounds write in Tab\n\t Groups. Reported by David Erceg on 2021-05-19\n[1202661] High CVE-2021-30566: Stack buffer overflow in\n\t Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2021-04-26\n[1211326] High CVE-2021-30567: Use after free in DevTools.\n\t Reported by DDV_UA on 2021-05-20\n[1219886] High CVE-2021-30568: Heap buffer overflow in WebGL.\n\t Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15\n[1218707] High CVE-2021-30569: Use after free in sqlite.\n\t Reported by Chris Salls (@salls) of Makai Security on\n\t 2021-06-11\n[1101897] High CVE-2021-30571: Insufficient policy enforcement\n\t in DevTools. Reported by David Erceg on 2020-07-03\n[1214234] High CVE-2021-30572: Use after free in Autofill.\n\t Reported by Weipeng Jiang (@Krace) from Codesafe Team of\n\t Legendsec at Qi'anxin Group on 2021-05-28\n[1216822] High CVE-2021-30573: Use after free in GPU. Reported\n\t by Security For Everyone Team - https://securityforeveryone.com on\n\t 2021-06-06\n[1227315] High CVE-2021-30574: Use after free in protocol\n\t handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2021-07-08\n[1213313] Medium CVE-2021-30575: Out of bounds read in Autofill.\n\t Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2021-05-26\n[1194896] Medium CVE-2021-30576: Use after free in DevTools.\n\t Reported by David Erceg on 2021-04-01\n[1204811] Medium CVE-2021-30577: Insufficient policy enforcement\n\t in Installer. Reported by Jan van der Put (REQON B.V) on\n\t 2021-05-01\n[1201074] Medium CVE-2021-30578: Uninitialized Use in Media.\n\t Reported by Chaoyuan Peng on 2021-04-21\n[1207277] Medium CVE-2021-30579: Use after free in UI framework.\n\t Reported by Weipeng Jiang (@Krace) from Codesafe Team of\n\t Legendsec at Qi'anxin Group on 2021-05-10\n[1189092] Medium CVE-2021-30580: Insufficient policy enforcement\n\t in Android intents. Reported by @retsew0x01 on 2021-03-17\n[1194431] Medium CVE-2021-30581: Use after free in DevTools.\n\t Reported by David Erceg on 2021-03-31\n[1205981] Medium CVE-2021-30582: Inappropriate implementation in\n\t Animation. Reported by George Liu on 2021-05-05\n[1179290] Medium CVE-2021-30583: Insufficient policy enforcement\n\t in image handling on Windows. Reported by Muneaki Nishimura\n\t (nishimunea) on 2021-02-17\n[1213350] Medium CVE-2021-30584: Incorrect security UI in\n\t Downloads. Reported by @retsew0x01 on 2021-05-26\n[1023503] Medium CVE-2021-30585: Use after free in sensor\n\t handling. Reported by niarci on 2019-11-11\n[1201032] Medium CVE-2021-30586: Use after free in dialog box\n\t handling on Windows. Reported by kkomdal with kkwon and neodal on\n\t 2021-04-21\n[1204347] Medium CVE-2021-30587: Inappropriate implementation in\n\t Compositing on Windows. Reported by Abdulrahman Alqabandi,\n\t Microsoft Browser Vulnerability Research on 2021-04-30\n[1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by\n\t Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04\n[1180510] Low CVE-2021-30589: Insufficient validation of\n\t untrusted input in Sharing. Reported by Kirtikumar Anandrao\n\t Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on\n\t 2021-02-20\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-07-20T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2021-07-20T00:00:00", "id": "76487640-EA29-11EB-A686-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/76487640-ea29-11eb-a686-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:23:44", "description": "\n\nChrome Releases reports:\n\nThis release contains 25 security fixes, including:\n\n[1263620] High CVE-2021-38008: Use after free in media. Reported\n\t by Marcin Towalski of Cisco Talos on 2021-10-26\n[1260649] High CVE-2021-38009: Inappropriate implementation in\n\t cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16\n[1240593] High CVE-2021-38006: Use after free in storage\n\t foundation. Reported by Sergei Glazunov of Google Project Zero on\n\t 2021-08-17\n[1254189] High CVE-2021-38007: Type Confusion in V8. Reported by\n\t Polaris Feng and SGFvamll at Singular Security Lab on\n\t 2021-09-29\n[1241091] High CVE-2021-38005: Use after free in loader.\n\t Reported by Sergei Glazunov of Google Project Zero on\n\t 2021-08-18\n[1264477] High CVE-2021-38010: Inappropriate implementation in\n\t service workers. Reported by Sergei Glazunov of Google Project\n\t Zero on 2021-10-28\n[1268274] High CVE-2021-38011: Use after free in storage\n\t foundation. Reported by Sergei Glazunov of Google Project Zero on\n\t 2021-11-09\n[1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported\n\t by Yonghwi Jin (@jinmo123) on 2021-10-24\n[1242392] Medium CVE-2021-38013: Heap buffer overflow in\n\t fingerprint recognition. Reported by raven (@raid_akame) on\n\t 2021-08-23\n[1248567] Medium CVE-2021-38014: Out of bounds write in\n\t Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10\n[957553] Medium CVE-2021-38015: Inappropriate implementation in\n\t input. Reported by David Erceg on 2019-04-29\n[1244289] Medium CVE-2021-38016: Insufficient policy\n\t enforcement in background fetch. Reported by Maurice Dauer on\n\t 2021-08-28\n[1256822] Medium CVE-2021-38017: Insufficient policy enforcement\n\t in iframe sandbox. Reported by NDevTK on 2021-10-05\n[1197889] Medium CVE-2021-38018: Inappropriate implementation in\n\t navigation. Reported by Alesandro Ortiz on 2021-04-11\n[1251179] Medium CVE-2021-38019: Insufficient policy enforcement\n\t in CORS. Reported by Maurice Dauer on 2021-09-20\n[1259694] Medium CVE-2021-38020: Insufficient policy enforcement\n\t in contacts picker. Reported by Luan Herrera (@lbherrera_) on\n\t 2021-10-13\n[1233375] Medium CVE-2021-38021: Inappropriate implementation in\n\t referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on\n\t 2021-07-27\n[1248862] Low CVE-2021-38022: Inappropriate implementation in\n\t WebAuthentication. Reported by Michal Kepkowski on 2021-09-13\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-11-15T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022"], "modified": "2021-11-15T00:00:00", "id": "B8C0CBCA-472D-11EC-83DC-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/b8c0cbca-472d-11ec-83dc-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:23:44", "description": "\n\nChrome Releases reports:\n\nThis release contains 19 security fixes, including:\n\n[1246631] High CVE-2021-37981: Heap buffer overflow in Skia.\n\t Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04\n[1248661] High CVE-2021-37982: Use after free in Incognito.\n\t Reported by Weipeng Jiang (@Krace) from Codesafe Team of\n\t Legendsec at Qi'anxin Group on 2021-09-11\n[1249810] High CVE-2021-37983: Use after free in Dev Tools.\n\t Reported by Zhihua Yao of KunLun Lab on 2021-09-15\n[1253399] High CVE-2021-37984: Heap buffer overflow in PDFium.\n\t Reported by Antti Levom\u00e4ki, Joonas Pihlaja andChristian Jali\n\t from Forcepoint on 2021-09-27\n[1241860] High CVE-2021-37985: Use after free in V8. Reported\n\t by Yangkang (@dnpushme) of 360 ATA on 2021-08-20\n[1242404] Medium CVE-2021-37986: Heap buffer overflow in\n\t Settings. Reported by raven (@raid_akame) on 2021-08-23\n[1206928] Medium CVE-2021-37987: Use after free in Network APIs.\n\t Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08\n[1228248] Medium CVE-2021-37988: Use after free in Profiles.\n\t Reported by raven (@raid_akame) on 2021-07-12\n[1233067] Medium CVE-2021-37989: Inappropriate implementation\n\t in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26\n[1247395] Medium CVE-2021-37990: Inappropriate implementation\n\t in WebView. Reported by Kareem Selim of CyShield on\n\t 2021-09-07\n[1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel\n\t Gross of Google Project Zero on 2021-09-17\n[1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio.\n\t Reported by sunburst@Ant Security Light-Year Lab on\n\t 2021-09-28\n[1255332] Medium CVE-2021-37993: Use after free in PDF\n\t Accessibility. Reported by Cassidy Kim of Amber Security Lab,\n\t OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02\n[1243020] Medium CVE-2021-37996: Insufficient validation of\n\t untrusted input in Downloads. Reported by Anonymous on\n\t 2021-08-24\n[1100761] Low CVE-2021-37994: Inappropriate implementation in\n\t iFrame Sandbox. Reported by David Erceg on 2020-06-30\n[1242315] Low CVE-2021-37995: Inappropriate implementation in\n\t WebApp Installer. Reported by Terence Eden on 2021-08-23\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-19T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2021-10-19T00:00:00", "id": "BDAECFAD-3117-11EC-B3B0-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/bdaecfad-3117-11ec-b3b0-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:37:27", "description": "\n\nChrome Releases reports:\n\nThis release contains 26 security fixes, including:\n\n[1284367] Critical CVE-2022-0289: Use after free in Safe\n\t browsing. Reported by Sergei Glazunov of Google Project Zero on\n\t 2022-01-05\n[1260134][1260007] High CVE-2022-0290: Use after free in Site\n\t isolation. Reported by Brendon Tiszka and Sergei Glazunov of\n\t Google Project Zero on 2021-10-15\n[1281084] High CVE-2022-0291: Inappropriate implementation in\n\t Storage. Reported by Anonymous on 2021-12-19\n[1270358] High CVE-2022-0292: Inappropriate implementation in\n\t Fenced Frames. Reported by Brendon Tiszka on 2021-11-16\n[1283371] High CVE-2022-0293: Use after free in Web packaging.\n\t Reported by Rong Jian and Guang Gong of 360 Alpha Lab on\n\t 2021-12-30\n[1273017] High CVE-2022-0294: Inappropriate implementation in\n\t Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha\n\t Lab on 2021-11-23\n[1278180] High CVE-2022-0295: Use after free in Omnibox.\n\t Reported by Weipeng Jiang (@Krace) and Guang Gong of 360\n\t Vulnerability Research Institute on 2021-12-09\n[1283375] High CVE-2022-0296: Use after free in Printing.\n\t Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability\n\t Research Institute on 2021-12-30\n[1274316] High CVE-2022-0297: Use after free in Vulkan. Reported\n\t by Cassidy Kim of Amber Security Lab, OPPO Mobile\n\t Telecommunications Corp. Ltd. on 2021-11-28\n[1212957] High CVE-2022-0298: Use after free in Scheduling.\n\t Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25\n[1275438] High CVE-2022-0300: Use after free in Text Input\n\t Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha\n\t Lab on 2021-12-01\n[1276331] High CVE-2022-0301: Heap buffer overflow in DevTools.\n\t Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n\t Research on 2021-12-03\n[1278613] High CVE-2022-0302: Use after free in Omnibox.\n\t Reported by Weipeng Jiang (@Krace) and Guang Gong of 360\n\t Vulnerability Research Institute on 2021-12-10\n[1281979] High CVE-2022-0303: Race in GPU Watchdog. Reported by\n\t Yigit Can YILMAZ (@yilmazcanyigit) on 2021-12-22\n[1282118] High CVE-2022-0304: Use after free in Bookmarks.\n\t Reported by Rong Jian and Guang Gong of 360 Alpha Lab on\n\t 2021-12-22\n[1282354] High CVE-2022-0305: Inappropriate implementation in\n\t Service Worker API. Reported by @uwu7586 on 2021-12-23\n[1283198] High CVE-2022-0306: Heap buffer overflow in PDFium.\n\t Reported by Sergei Glazunov of Google Project Zero on\n\t 2021-12-29\n[1281881] Medium CVE-2022-0307: Use after free in Optimization\n\t Guide. Reported by Samet Bekmezci @sametbekmezci on\n\t 2021-12-21\n[1282480] Medium CVE-2022-0308: Use after free in Data Transfer.\n\t Reported by @ginggilBesel on 2021-12-24\n[1240472] Medium CVE-2022-0309: Inappropriate implementation in\n\t Autofill. Reported by Alesandro Ortiz on 2021-08-17\n[1283805] Medium CVE-2022-0310: Heap buffer overflow in Task\n\t Manager. Reported by Samet Bekmezci @sametbekmezci on\n\t 2022-01-03\n[1283807] Medium CVE-2022-0311: Heap buffer overflow in Task\n\t Manager. Reported by Samet Bekmezci @sametbekmezci on\n\t 2022-01-03\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-19T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "modified": "2022-01-19T00:00:00", "id": "51496CBC-7A0E-11EC-A323-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/51496cbc-7a0e-11ec-a323-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-15T17:14:41", "description": "\n\nChrome Releases reports:\n\nThis release contains 37 security fixes, including:\n\n[$TBD][1275020] Critical CVE-2022-0096: Use after free in\n\t Storage. Reported by Yangkang (@dnpushme) of 360 ATA on\n\t 2021-11-30\n[1117173] High CVE-2022-0097: Inappropriate implementation in\n\t DevTools. Reported by David Erceg on 2020-08-17\n[1273609] High CVE-2022-0098: Use after free in Screen Capture.\n\t Reported by @ginggilBesel on 2021-11-24\n[1245629] High CVE-2022-0099: Use after free in Sign-in.\n\t Reported by Rox on 2021-09-01\n[1238209] High CVE-2022-0100: Heap buffer overflow in Media\n\t streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO\n\t Mobile Telecommunications Corp. Ltd. on 2021-08-10\n[1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks.\n\t Reported by raven (@raid_akame) on 2021-09-14\n[1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by\n\t Brendon Tiszka on 2021-10-14\n[1272266] High CVE-2022-0103: Use after free in SwiftShader.\n\t Reported by Abraruddin Khan and Omair on 2021-11-21\n[1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE.\n\t Reported by Abraruddin Khan and Omair on 2021-11-25\n[1274376] High CVE-2022-0105: Use after free in PDF. Reported by\n\t Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications\n\t Corp. Ltd. on 2021-11-28\n[1278960] High CVE-2022-0106: Use after free in Autofill.\n\t Reported by Khalil Zhani on 2021-12-10\n[1248438] Medium CVE-2022-0107: Use after free in File Manager\n\t API. Reported by raven (@raid_akame) on 2021-09-10\n[1248444] Medium CVE-2022-0108: Inappropriate implementation in\n\t Navigation. Reported by Luan Herrera (@lbherrera_) on\n\t 2021-09-10\n[1261689] Medium CVE-2022-0109: Inappropriate implementation in\n\t Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at\n\t Seoul National University on 2021-10-20\n[1237310] Medium CVE-2022-0110: Incorrect security UI in\n\t Autofill. Reported by Alesandro Ortiz on 2021-08-06\n[1241188] Medium CVE-2022-0111: Inappropriate implementation in\n\t Navigation. Reported by garygreen on 2021-08-18\n[1255713] Medium CVE-2022-0112: Incorrect security UI in Browser\n\t UI. Reported by Thomas Orlita on 2021-10-04\n[1039885] Medium CVE-2022-0113: Inappropriate implementation in\n\t Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07\n[1267627] Medium CVE-2022-0114: Out of bounds memory access in\n\t Web Serial. Reported by Looben Yang on 2021-11-06\n[1268903] Medium CVE-2022-0115: Uninitialized Use in File API.\n\t Reported by Mark Brand of Google Project Zero on 2021-11-10\n[1272250] Medium CVE-2022-0116: Inappropriate implementation in\n\t Compositing. Reported by Irvan Kurniawan (sourc7) on\n\t 2021-11-20\n[1115847] Low CVE-2022-0117: Policy bypass in Service Workers.\n\t Reported by Dongsung Kim (@kid1ng) on 2020-08-13\n[1238631] Low CVE-2022-0118: Inappropriate implementation in\n\t WebShare. Reported by Alesandro Ortiz on 2021-08-11\n[1262953] Low CVE-2022-0120: Inappropriate implementation in\n\t Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-04T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120"], "modified": "2022-01-04T00:00:00", "id": "9EECCBF3-6E26-11EC-BB10-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:23:44", "description": "\n\nChrome Releases reports:\n\nThis update contains 19 security fixes, including:\n\n[1243117] High CVE-2021-37956: Use after free in Offline use.\n\t Reported by Huyna at Viettel Cyber Security on 2021-08-24\n[1242269] High CVE-2021-37957: Use after free in WebGPU.\n\t Reported by Looben Yang on 2021-08-23\n[1223290] High CVE-2021-37958: Inappropriate implementation in\n\t Navigation. Reported by James Lee (@Windowsrcer) on\n\t 2021-06-24\n[1229625] High CVE-2021-37959: Use after free in Task Manager.\n\t Reported by raven (@raid_akame) on 2021-07-15\n[1247196] High CVE-2021-37960: Inappropriate implementation in\n\t Blink graphics. Reported by Atte Kettunen of OUSPG on\n\t 2021-09-07\n[1228557] Medium CVE-2021-37961: Use after free in Tab Strip.\n\t Reported by Khalil Zhani on 2021-07-13\n[1231933] Medium CVE-2021-37962: Use after free in Performance\n\t Manager. Reported by Sri on 2021-07-22\n[1199865] Medium CVE-2021-37963: Side-channel information\n\t leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal,\n\t University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv\n\t University, Sioli O'Connell, University of Adelaide, and Jason\n\t Kim, Georgia Institute of Technology on 2021-04-16\n[1203612] Medium CVE-2021-37964: Inappropriate implementation in\n\t ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the\n\t Chinese University of Hong Kong on 2021-04-28\n[1239709] Medium CVE-2021-37965: Inappropriate implementation in\n\t Background Fetch API. Reported by Maurice Dauer on 2021-08-13\n[1238944] Medium CVE-2021-37966: Inappropriate implementation in\n\t Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11\n[1243622] Medium CVE-2021-37967: Inappropriate implementation in\n\t Background Fetch API. Reported by SorryMybad (@S0rryMybad) of\n\t Kunlun Lab on 2021-08-26\n[1245053] Medium CVE-2021-37968: Inappropriate implementation in\n\t Background Fetch API. Reported by Maurice Dauer on 2021-08-30\n[1245879] Medium CVE-2021-37969: Inappropriate implementation in\n\t Google Updater. Reported by Abdelhamid Naceri (halov) on\n\t 2021-09-02\n[1248030] Medium CVE-2021-37970: Use after free in File System\n\t API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on\n\t 2021-09-09\n[1219354] Low CVE-2021-37971: Incorrect security UI in Web\n\t Browser UI. Reported by Rayyan Bijoora on 2021-06-13\n[1234259] Low CVE-2021-37972: Out of bounds read in\n\t libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from\n\t Panguite-Forensics-Lab of Qianxin on 2021-07-29\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-21T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972"], "modified": "2021-09-21T00:00:00", "id": "3551E106-1B17-11EC-A8A7-704D7B472482", "href": "https://vuxml.freebsd.org/freebsd/3551e106-1b17-11ec-a8a7-704d7b472482.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:23:44", "description": "\n\nChrome Releases reports:\n\nThis release contains 8 security fixes, including:\n\n[1259864] High CVE-2021-37997 : Use after free in Sign-In.\n\t Reported by Wei Yuan of MoyunSec VLab on 2021-10-14\n[1259587] High CVE-2021-37998 : Use after free in Garbage\n\t Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO\n\t Mobile Telecommunications Corp. Ltd. on 2021-10-13\n[1251541] High CVE-2021-37999 : Insufficient data validation in\n\t New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21\n[1249962] High CVE-2021-38000 : Insufficient validation of\n\t untrusted input in Intents. Reported by Clement Lecigne, Neel\n\t Mehta, and Maddie Stone of Google Threat Analysis Group on\n\t 2021-09-15\n[1260577] High CVE-2021-38001 : Type Confusion in V8. Reported\n\t by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16\n[1260940] High CVE-2021-38002 : Use after free in Web Transport.\n\t Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on\n\t 2021-10-16\n[1263462] High CVE-2021-38003 : Inappropriate implementation in\n\t V8. Reported by Cl\u00e9ment Lecigne from Google TAG and Samuel Gross\n\t from Google Project Zero on 2021-10-26\n\nGoogle is aware that exploits for CVE-2021-38000 and\n\t CVE-2021-38003 exist in the wild.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-28T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003"], "modified": "2021-10-28T00:00:00", "id": "976D7BF9-38EA-11EC-B3B0-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:56:04", "description": "\n\nChrome Releases reports:\n\nThis release contains 9 security fixes, including:\n\n[1234764] High CVE-2021-30598: Type Confusion in V8. Reported by\n\t Manfred Paul on 2021-07-30\n[1234770] High CVE-2021-30599: Type Confusion in V8. Reported by\n\t Manfred Paul on 2021-07-30\n[1231134] High CVE-2021-30600: Use after free in Printing.\n\t Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2021-07-20\n[1234009] High CVE-2021-30601: Use after free in Extensions API.\n\t Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of\n\t 360 Alpha Lab on 2021-07-28\n[1230767] High CVE-2021-30602: Use after free in WebRTC.\n\t Reported by Marcin Towalski of Cisco Talos on 2021-07-19\n[1233564] High CVE-2021-30603: Race in WebAudio. Reported by\n\t Sergei Glazunov of Google Project Zero on 2021-07-27\n[1234829] High CVE-2021-30604: Use after free in ANGLE. Reported\n\t by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-16T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604"], "modified": "2021-08-16T00:00:00", "id": "128DEBA6-FF56-11EB-8514-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/128deba6-ff56-11eb-8514-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:37:27", "description": "\n\nChrome Releases reports:\n\nThis release includes 11 security fixes, including:\n\n[1237533] High CVE-2021-30625: Use after free in Selection API.\n\t Reported by Marcin Towalski of Cisco Talos on 2021-08-06\n[1241036] High CVE-2021-30626: Out of bounds memory access in\n\t ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18\n[1245786] High CVE-2021-30627: Type Confusion in Blink layout.\n\t Reported by Aki Helin of OUSPG on 2021-09-01\n[1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE.\n\t Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18\n[1243646] High CVE-2021-30629: Use after free in Permissions.\n\t Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n\t at Qi'anxin Group on 2021-08-26\n[1244568] High CVE-2021-30630: Inappropriate implementation in\n\t Blink. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on\n\t 2021-08-30\n[1246932] High CVE-2021-30631: Type Confusion in Blink layout.\n\t Reported by Atte Kettunen of OUSPG on 2021-09-06\n[1247763] High CVE-2021-30632: Out of bounds write in V8.\n\t Reported by Anonymous on 2021-09-08\n[1247766] High CVE-2021-30633: Use after free in Indexed DB API.\n\t Reported by Anonymous on 2021-09-08\n\nGoogle is aware that exploits for CVE-2021-30632 and CVE-2021-30633\n\t exist in the wild.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-13T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-13T00:00:00", "id": "47B571F2-157B-11EC-AE98-704D7B472482", "href": "https://vuxml.freebsd.org/freebsd/47b571f2-157b-11ec-ae98-704d7b472482.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:56:04", "description": "\n\nChrome Releases reports:\n\nThis release contains 10 security fixes, including:\n\n[1227777] High CVE-2021-30590: Heap buffer overflow in\n\t Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2021-07-09\n[1229298] High CVE-2021-30591: Use after free in File System\n\t API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on\n\t 2021-07-14\n[1209469] High CVE-2021-30592: Out of bounds write in Tab\n\t Groups. Reported by David Erceg on 2021-05-15\n[1209616] High CVE-2021-30593: Out of bounds read in Tab Strip.\n\t Reported by David Erceg on 2021-05-16\n[1218468] High CVE-2021-30594: Use after free in Page Info UI.\n\t Reported by raven (@raid_akame) on 2021-06-10\n[1214481] Medium CVE-2021-30596: Incorrect security UI in\n\t Navigation. Reported by Mohit Raj (shadow2639) on 2021-05-29\n[1232617] Medium CVE-2021-30597: Use after free in Browser UI.\n\t Reported by raven (@raid_akame) on 2021-07-24\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-02T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2021-08-02T00:00:00", "id": "C3C6C4A3-F47D-11EB-B632-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/c3c6c4a3-f47d-11eb-b632-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:23:44", "description": "\n\nChrome Releases reports:\n\nThis release contains 5 security fixes, including:\n\n[1263457] Critical CVE-2021-4098: Insufficient data validation\n\t in Mojo. Reported by Sergei Glazunov of Google Project Zero on\n\t 2021-10-26\n[1270658] High CVE-2021-4099: Use after free in Swiftshader.\n\t Reported by Aki Helin of Solita on 2021-11-16\n[1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE.\n\t Reported by Aki Helin of Solita on 2021-11-19\n[1262080] High CVE-2021-4101: Heap buffer overflow in\n\t Swiftshader. Reported by Abraruddin Khan and Omair on\n\t 2021-10-21\n[1278387] High CVE-2021-4102: Use after free in V8. Reported by\n\t Anonymous on 2021-12-09\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-13T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2021-12-13T00:00:00", "id": "FB9BA490-5CC4-11EC-AAC7-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:37:27", "description": "\n\nChrome Releases/Stable updates reports:\n\nThis release contains 4 security fixes, including:\n\n[1245578] High CVE-2021-37974: Use after free in Safe Browsing.\n\t Reported by Weipeng Jiang (@Krace) from Codesafe Team of\n\t Legendsec at Qi'anxin Group on 2021-09-01\n[1252918] High CVE-2021-37975: Use after free in V8. Reported by\n\t Anonymous on 2021-09-24\n[1251787] Medium CVE-2021-37976: Information leak in core.\n\t Reported by Clement Lecigne from Google TAG, with technical\n\t assistance from Sergei Glazunov and Mark Brand from Google\n\t Project Zero on 2021-09-21\n\nGoogle is aware the exploits for CVE-2021-37975 and CVE-2021-37976\n\t exist in the wild.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-30T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976"], "modified": "2021-09-30T00:00:00", "id": "777EDBBE-2230-11EC-8869-704D7B472482", "href": "https://vuxml.freebsd.org/freebsd/777edbbe-2230-11ec-8869-704d7b472482.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:23:44", "description": "\n\nChrome Releases reports:\n\nThis release contains 4 security fixes, including:\n\n[1252878] High CVE-2021-37977: Use after free in Garbage\n\t Collection. Reported by Anonymous on 2021-09-24\n[1236318] High CVE-2021-37978: Heap buffer overflow in Blink.\n\t Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-04\n[1247260] High CVE-2021-37979: Heap buffer overflow in WebRTC.\n\t Reported by Marcin Towalski of Cisco Talos on 2021-09-07\n[1254631] High CVE-2021-37980: Inappropriate implementation in\n\t Sandbox. Reported by Yonghwi Jin (@jinmo123) on 2021-09-30\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-07T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-10-07T00:00:00", "id": "7D3D94D3-2810-11EC-9C51-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/7d3d94d3-2810-11ec-9c51-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2023-05-23T16:20:51", "description": "Arch Linux Security Advisory ASA-202112-1\n=========================================\n\nSeverity: High\nDate : 2021-12-03\nCVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37984 CVE-2021-37985\nCVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989\nCVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993\nCVE-2021-37994 CVE-2021-37995 CVE-2021-37996 CVE-2021-37998\nCVE-2021-38000 CVE-2021-38001 CVE-2021-38003 CVE-2021-38004\nCVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008\nCVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012\nCVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016\nCVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020\nCVE-2021-38021 CVE-2021-38022\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2475\n\nSummary\n=======\n\nThe package vivaldi before version 5.0.2497.24-1 is vulnerable to\nmultiple issues including arbitrary code execution, insufficient\nvalidation, access restriction bypass, content spoofing, information\ndisclosure, same-origin policy bypass, sandbox escape and denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 5.0.2497.24-1.\n\n# pacman -Syu \"vivaldi>=5.0.2497.24-1\"\n\nThe problems have been fixed upstream in version 5.0.2497.24.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-37981 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Skia\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37982 (arbitrary code execution)\n\nA use after free security issue has been found in the Incognito\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37984 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the PDFium\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37985 (arbitrary code execution)\n\nA use after free security issue has been found in the V8 component of\nthe Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37986 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Settings\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37987 (arbitrary code execution)\n\nA use after free security issue has been found in the Network APIs\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37988 (arbitrary code execution)\n\nA use after free security issue has been found in the Profiles\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37989 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nBlink component of the Chromium browser engine before version\n95.0.4638.54.\n\n- CVE-2021-37990 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nWebView component of the Chromium browser engine before version\n95.0.4638.54.\n\n- CVE-2021-37991 (arbitrary code execution)\n\nA race security issue has been found in the V8 component of the\nChromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37992 (information disclosure)\n\nAn out of bounds read security issue has been found in the WebAudio\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37993 (arbitrary code execution)\n\nA use after free security issue has been found in the PDF Accessibility\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37994 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\niFrame Sandbox component of the Chromium browser engine before version\n95.0.4638.54.\n\n- CVE-2021-37995 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nWebApp Installer component of the Chromium browser engine before\nversion 95.0.4638.54.\n\n- CVE-2021-37996 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the Downloads component of the Chromium browser engine before\nversion 95.0.4638.54.\n\n- CVE-2021-37998 (arbitrary code execution)\n\nA use after free security issue has been found in the Garbage\nCollection component of the Chromium browser engine before version\n95.0.4638.69.\n\n- CVE-2021-38000 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the Intents component of the Chromium browser engine before\nversion 95.0.4638.69. Google is aware that an exploit for\nCVE-2021-38000 exists in the wild.\n\n- CVE-2021-38001 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 95.0.4638.69.\n\n- CVE-2021-38003 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the V8\ncomponent of the Chromium browser engine before version 95.0.4638.69.\nGoogle is aware that an exploit for CVE-2021-38003 exists in the wild.\n\n- CVE-2021-38004 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nAutofill component of the Chromium browser engine before version\n95.0.4638.69.\n\n- CVE-2021-38005 (arbitrary code execution)\n\nA use after free security issue has been found in the loader component\nof the Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38006 (arbitrary code execution)\n\nA use after free security issue has been found in the storage\nfoundation component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38007 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38008 (arbitrary code execution)\n\nA use after free security issue has been found in the media component\nof the Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38009 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\ncache component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38010 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nservice workers component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38011 (arbitrary code execution)\n\nA use after free security issue has been found in the storage\nfoundation component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38012 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38013 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the fingerprint\nrecognition component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38014 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Swiftshader\ncomponent of the Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38015 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\ninput component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38016 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nbackground fetch component of the Chromium browser engine before\nversion 96.0.4664.45.\n\n- CVE-2021-38017 (sandbox escape)\n\nAn insufficient policy enforcement security issue has been found in the\niframe sandbox component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38018 (content spoofing)\n\nAn inappropriate implementation security issue has been found in the\nnavigation component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38019 (same-origin policy bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nCORS component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38020 (information disclosure)\n\nAn insufficient policy enforcement security issue has been found in the\ncontacts picker component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38021 (information disclosure)\n\nAn inappropriate implementation security issue has been found in the\nreferrer component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38022 (denial of service)\n\nAn inappropriate implementation security issue has been found in the\nWebAuthentication component of the Chromium browser engine before\nversion 96.0.4664.45.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code, disclose sensitive\ninformation, spoof content, bypass security restrictions or crash the\nbrowser through crafted web content. Google is aware that exploits for\ntwo of the security issues exist in the wild.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/update-three-4-3/\nhttps://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/\nhttps://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html\nhttps://crbug.com/1246631\nhttps://crbug.com/1248661\nhttps://crbug.com/1253399\nhttps://crbug.com/1241860\nhttps://crbug.com/1242404\nhttps://crbug.com/1206928\nhttps://crbug.com/1228248\nhttps://crbug.com/1233067\nhttps://crbug.com/1247395\nhttps://crbug.com/1250660\nhttps://crbug.com/1253746\nhttps://crbug.com/1255332\nhttps://crbug.com/1100761\nhttps://crbug.com/1242315\nhttps://crbug.com/1243020\nhttps://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\nhttps://crbug.com/1259587\nhttps://crbug.com/1249962\nhttps://crbug.com/1260577\nhttps://crbug.com/1263462\nhttps://crbug.com/1227170\nhttps://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\nhttps://crbug.com/1241091\nhttps://crbug.com/1240593\nhttps://crbug.com/1254189\nhttps://crbug.com/1263620\nhttps://crbug.com/1260649\nhttps://crbug.com/1264477\nhttps://crbug.com/1268274\nhttps://crbug.com/1262791\nhttps://crbug.com/1242392\nhttps://crbug.com/1248567\nhttps://crbug.com/957553\nhttps://crbug.com/1244289\nhttps://crbug.com/1256822\nhttps://crbug.com/1197889\nhttps://crbug.com/1251179\nhttps://crbug.com/1259694\nhttps://crbug.com/1233375\nhttps://crbug.com/1248862\nhttps://security.archlinux.org/CVE-2021-37981\nhttps://security.archlinux.org/CVE-2021-37982\nhttps://security.archlinux.org/CVE-2021-37984\nhttps://security.archlinux.org/CVE-2021-37985\nhttps://security.archlinux.org/CVE-2021-37986\nhttps://security.archlinux.org/CVE-2021-37987\nhttps://security.archlinux.org/CVE-2021-37988\nhttps://security.archlinux.org/CVE-2021-37989\nhttps://security.archlinux.org/CVE-2021-37990\nhttps://security.archlinux.org/CVE-2021-37991\nhttps://security.archlinux.org/CVE-2021-37992\nhttps://security.archlinux.org/CVE-2021-37993\nhttps://security.archlinux.org/CVE-2021-37994\nhttps://security.archlinux.org/CVE-2021-37995\nhttps://security.archlinux.org/CVE-2021-37996\nhttps://security.archlinux.org/CVE-2021-37998\nhttps://security.archlinux.org/CVE-2021-38000\nhttps://security.archlinux.org/CVE-2021-38001\nhttps://security.archlinux.org/CVE-2021-38003\nhttps://security.archlinux.org/CVE-2021-38004\nhttps://security.archlinux.org/CVE-2021-38005\nhttps://security.archlinux.org/CVE-2021-38006\nhttps://security.archlinux.org/CVE-2021-38007\nhttps://security.archlinux.org/CVE-2021-38008\nhttps://security.archlinux.org/CVE-2021-38009\nhttps://security.archlinux.org/CVE-2021-38010\nhttps://security.archlinux.org/CVE-2021-38011\nhttps://security.archlinux.org/CVE-2021-38012\nhttps://security.archlinux.org/CVE-2021-38013\nhttps://security.archlinux.org/CVE-2021-38014\nhttps://security.archlinux.org/CVE-2021-38015\nhttps://security.archlinux.org/CVE-2021-38016\nhttps://security.archlinux.org/CVE-2021-38017\nhttps://security.archlinux.org/CVE-2021-38018\nhttps://security.archlinux.org/CVE-2021-38019\nhttps://security.archlinux.org/CVE-2021-38020\nhttps://security.archlinux.org/CVE-2021-38021\nhttps://security.archlinux.org/CVE-2021-38022", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-12-03T00:00:00", "type": "archlinux", "title": "[ASA-202112-1] vivaldi: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37998", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38003", "CVE-2021-38004", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022"], "modified": "2021-12-03T00:00:00", "id": "ASA-202112-1", "href": "https://security.archlinux.org/ASA-202112-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:09", "description": "Arch Linux Security Advisory ASA-202107-74\n==========================================\n\nSeverity: High\nDate : 2021-07-28\nCVE-ID : CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568\nCVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573\nCVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30578\nCVE-2021-30579 CVE-2021-30581 CVE-2021-30582 CVE-2021-30584\nCVE-2021-30585 CVE-2021-30588 CVE-2021-30589\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2202\n\nSummary\n=======\n\nThe package vivaldi before version 4.1.2369.11-1 is vulnerable to\nmultiple issues including access restriction bypass, arbitrary code\nexecution, content spoofing, incorrect calculation, information\ndisclosure and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 4.1.2369.11-1.\n\n# pacman -Syu \"vivaldi>=4.1.2369.11-1\"\n\nThe problems have been fixed upstream in version 4.1.2369.11.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30565 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Tab Groups\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30566 (arbitrary code execution)\n\nA stack buffer overflow security issue has been found in the Printing\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30567 (arbitrary code execution)\n\nA use after free security issue has been found in the DevTools\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30568 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the WebGL\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30569 (arbitrary code execution)\n\nA use after free security issue has been found in the sqlite component\nof the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30571 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nDevTools component of the Chromium browser engine before version\n92.0.4515.107.\n\n- CVE-2021-30572 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30573 (arbitrary code execution)\n\nA use after free security issue has been found in the GPU component of\nthe Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30574 (arbitrary code execution)\n\nA use after free security issue has been found in the protocol handling\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30575 (information disclosure)\n\nAn out of bounds read security issue has been found in the Autofill\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30576 (arbitrary code execution)\n\nA use after free security issue has been found in the DevTools\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30578 (arbitrary code execution)\n\nAn uninitialized use security issue has been found in the Media\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30579 (arbitrary code execution)\n\nA use after free security issue has been found in the UI framework\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30581 (arbitrary code execution)\n\nA use after free security issue has been found in the DevTools\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30582 (incorrect calculation)\n\nAn inappropriate implementation security issue has been found in the\nAnimation component of the Chromium browser engine before version\n92.0.4515.107.\n\n- CVE-2021-30584 (content spoofing)\n\nAn incorrect security UI security issue has been found in the Downloads\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30585 (arbitrary code execution)\n\nA use after free security issue has been found in the sensor handling\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30588 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30589 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the Sharing component of the Chromium browser engine before\nversion 92.0.4515.107.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code or spoof content through\na crafted web page.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/minor-update-6-for-desktop-4-0/\nhttps://vivaldi.com/blog/desktop/vivaldi-4-1-rc-1-desktop/\nhttps://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html\nhttps://crbug.com/1210985\nhttps://crbug.com/1202661\nhttps://crbug.com/1211326\nhttps://crbug.com/1219886\nhttps://crbug.com/1218707\nhttps://crbug.com/1101897\nhttps://crbug.com/1214234\nhttps://crbug.com/1216822\nhttps://crbug.com/1227315\nhttps://crbug.com/1213313\nhttps://crbug.com/1194896\nhttps://crbug.com/1201074\nhttps://crbug.com/1207277\nhttps://crbug.com/1194431\nhttps://crbug.com/1205981\nhttps://crbug.com/1213350\nhttps://crbug.com/1023503\nhttps://crbug.com/1195650\nhttps://crbug.com/1180510\nhttps://security.archlinux.org/CVE-2021-30565\nhttps://security.archlinux.org/CVE-2021-30566\nhttps://security.archlinux.org/CVE-2021-30567\nhttps://security.archlinux.org/CVE-2021-30568\nhttps://security.archlinux.org/CVE-2021-30569\nhttps://security.archlinux.org/CVE-2021-30571\nhttps://security.archlinux.org/CVE-2021-30572\nhttps://security.archlinux.org/CVE-2021-30573\nhttps://security.archlinux.org/CVE-2021-30574\nhttps://security.archlinux.org/CVE-2021-30575\nhttps://security.archlinux.org/CVE-2021-30576\nhttps://security.archlinux.org/CVE-2021-30578\nhttps://security.archlinux.org/CVE-2021-30579\nhttps://security.archlinux.org/CVE-2021-30581\nhttps://security.archlinux.org/CVE-2021-30582\nhttps://security.archlinux.org/CVE-2021-30584\nhttps://security.archlinux.org/CVE-2021-30585\nhttps://security.archlinux.org/CVE-2021-30588\nhttps://security.archlinux.org/CVE-2021-30589", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-07-28T00:00:00", "type": "archlinux", "title": "[ASA-202107-74] vivaldi: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2021-07-28T00:00:00", "id": "ASA-202107-74", "href": "https://security.archlinux.org/ASA-202107-74", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:10", "description": "Arch Linux Security Advisory ASA-202107-47\n==========================================\n\nSeverity: High\nDate : 2021-07-21\nCVE-ID : CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568\nCVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573\nCVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30578\nCVE-2021-30579 CVE-2021-30581 CVE-2021-30582 CVE-2021-30584\nCVE-2021-30585 CVE-2021-30588 CVE-2021-30589\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2200\n\nSummary\n=======\n\nThe package chromium before version 92.0.4515.107-1 is vulnerable to\nmultiple issues including access restriction bypass, arbitrary code\nexecution, content spoofing, incorrect calculation, information\ndisclosure and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 92.0.4515.107-1.\n\n# pacman -Syu \"chromium>=92.0.4515.107-1\"\n\nThe problems have been fixed upstream in version 92.0.4515.107.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30565 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Tab Groups\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30566 (arbitrary code execution)\n\nA stack buffer overflow security issue has been found in the Printing\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30567 (arbitrary code execution)\n\nA use after free security issue has been found in the DevTools\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30568 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the WebGL\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30569 (arbitrary code execution)\n\nA use after free security issue has been found in the sqlite component\nof the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30571 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nDevTools component of the Chromium browser engine before version\n92.0.4515.107.\n\n- CVE-2021-30572 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30573 (arbitrary code execution)\n\nA use after free security issue has been found in the GPU component of\nthe Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30574 (arbitrary code execution)\n\nA use after free security issue has been found in the protocol handling\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30575 (information disclosure)\n\nAn out of bounds read security issue has been found in the Autofill\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30576 (arbitrary code execution)\n\nA use after free security issue has been found in the DevTools\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30578 (arbitrary code execution)\n\nAn uninitialized use security issue has been found in the Media\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30579 (arbitrary code execution)\n\nA use after free security issue has been found in the UI framework\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30581 (arbitrary code execution)\n\nA use after free security issue has been found in the DevTools\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30582 (incorrect calculation)\n\nAn inappropriate implementation security issue has been found in the\nAnimation component of the Chromium browser engine before version\n92.0.4515.107.\n\n- CVE-2021-30584 (content spoofing)\n\nAn incorrect security UI security issue has been found in the Downloads\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30585 (arbitrary code execution)\n\nA use after free security issue has been found in the sensor handling\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30588 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30589 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the Sharing component of the Chromium browser engine before\nversion 92.0.4515.107.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code or spoof content through\na crafted web page.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html\nhttps://crbug.com/1210985\nhttps://crbug.com/1202661\nhttps://crbug.com/1211326\nhttps://crbug.com/1219886\nhttps://crbug.com/1218707\nhttps://crbug.com/1101897\nhttps://crbug.com/1214234\nhttps://crbug.com/1216822\nhttps://crbug.com/1227315\nhttps://crbug.com/1213313\nhttps://crbug.com/1194896\nhttps://crbug.com/1201074\nhttps://crbug.com/1207277\nhttps://crbug.com/1194431\nhttps://crbug.com/1205981\nhttps://crbug.com/1213350\nhttps://crbug.com/1023503\nhttps://crbug.com/1195650\nhttps://crbug.com/1180510\nhttps://security.archlinux.org/CVE-2021-30565\nhttps://security.archlinux.org/CVE-2021-30566\nhttps://security.archlinux.org/CVE-2021-30567\nhttps://security.archlinux.org/CVE-2021-30568\nhttps://security.archlinux.org/CVE-2021-30569\nhttps://security.archlinux.org/CVE-2021-30571\nhttps://security.archlinux.org/CVE-2021-30572\nhttps://security.archlinux.org/CVE-2021-30573\nhttps://security.archlinux.org/CVE-2021-30574\nhttps://security.archlinux.org/CVE-2021-30575\nhttps://security.archlinux.org/CVE-2021-30576\nhttps://security.archlinux.org/CVE-2021-30578\nhttps://security.archlinux.org/CVE-2021-30579\nhttps://security.archlinux.org/CVE-2021-30581\nhttps://security.archlinux.org/CVE-2021-30582\nhttps://security.archlinux.org/CVE-2021-30584\nhttps://security.archlinux.org/CVE-2021-30585\nhttps://security.archlinux.org/CVE-2021-30588\nhttps://security.archlinux.org/CVE-2021-30589", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-07-21T00:00:00", "type": "archlinux", "title": "[ASA-202107-47] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2021-07-21T00:00:00", "id": "ASA-202107-47", "href": "https://security.archlinux.org/ASA-202107-47", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:09", "description": "Arch Linux Security Advisory ASA-202108-5\n=========================================\n\nSeverity: High\nDate : 2021-08-10\nCVE-ID : CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568\nCVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573\nCVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30578\nCVE-2021-30579 CVE-2021-30581 CVE-2021-30582 CVE-2021-30584\nCVE-2021-30585 CVE-2021-30588 CVE-2021-30589\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2203\n\nSummary\n=======\n\nThe package opera before version 78.0.4093.112-1 is vulnerable to\nmultiple issues including access restriction bypass, arbitrary code\nexecution, content spoofing, incorrect calculation, information\ndisclosure and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 78.0.4093.112-1.\n\n# pacman -Syu \"opera>=78.0.4093.112-1\"\n\nThe problems have been fixed upstream in version 78.0.4093.112.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30565 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Tab Groups\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30566 (arbitrary code execution)\n\nA stack buffer overflow security issue has been found in the Printing\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30567 (arbitrary code execution)\n\nA use after free security issue has been found in the DevTools\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30568 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the WebGL\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30569 (arbitrary code execution)\n\nA use after free security issue has been found in the sqlite component\nof the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30571 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nDevTools component of the Chromium browser engine before version\n92.0.4515.107.\n\n- CVE-2021-30572 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30573 (arbitrary code execution)\n\nA use after free security issue has been found in the GPU component of\nthe Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30574 (arbitrary code execution)\n\nA use after free security issue has been found in the protocol handling\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30575 (information disclosure)\n\nAn out of bounds read security issue has been found in the Autofill\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30576 (arbitrary code execution)\n\nA use after free security issue has been found in the DevTools\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30578 (arbitrary code execution)\n\nAn uninitialized use security issue has been found in the Media\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30579 (arbitrary code execution)\n\nA use after free security issue has been found in the UI framework\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30581 (arbitrary code execution)\n\nA use after free security issue has been found in the DevTools\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30582 (incorrect calculation)\n\nAn inappropriate implementation security issue has been found in the\nAnimation component of the Chromium browser engine before version\n92.0.4515.107.\n\n- CVE-2021-30584 (content spoofing)\n\nAn incorrect security UI security issue has been found in the Downloads\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30585 (arbitrary code execution)\n\nA use after free security issue has been found in the sensor handling\ncomponent of the Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30588 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 92.0.4515.107.\n\n- CVE-2021-30589 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the Sharing component of the Chromium browser engine before\nversion 92.0.4515.107.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code or spoof content through\na crafted web page.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-77/\nhttps://blogs.opera.com/desktop/changelog-for-78/\nhttps://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html\nhttps://crbug.com/1210985\nhttps://crbug.com/1202661\nhttps://crbug.com/1211326\nhttps://crbug.com/1219886\nhttps://crbug.com/1218707\nhttps://crbug.com/1101897\nhttps://crbug.com/1214234\nhttps://crbug.com/1216822\nhttps://crbug.com/1227315\nhttps://crbug.com/1213313\nhttps://crbug.com/1194896\nhttps://crbug.com/1201074\nhttps://crbug.com/1207277\nhttps://crbug.com/1194431\nhttps://crbug.com/1205981\nhttps://crbug.com/1213350\nhttps://crbug.com/1023503\nhttps://crbug.com/1195650\nhttps://crbug.com/1180510\nhttps://security.archlinux.org/CVE-2021-30565\nhttps://security.archlinux.org/CVE-2021-30566\nhttps://security.archlinux.org/CVE-2021-30567\nhttps://security.archlinux.org/CVE-2021-30568\nhttps://security.archlinux.org/CVE-2021-30569\nhttps://security.archlinux.org/CVE-2021-30571\nhttps://security.archlinux.org/CVE-2021-30572\nhttps://security.archlinux.org/CVE-2021-30573\nhttps://security.archlinux.org/CVE-2021-30574\nhttps://security.archlinux.org/CVE-2021-30575\nhttps://security.archlinux.org/CVE-2021-30576\nhttps://security.archlinux.org/CVE-2021-30578\nhttps://security.archlinux.org/CVE-2021-30579\nhttps://security.archlinux.org/CVE-2021-30581\nhttps://security.archlinux.org/CVE-2021-30582\nhttps://security.archlinux.org/CVE-2021-30584\nhttps://security.archlinux.org/CVE-2021-30585\nhttps://security.archlinux.org/CVE-2021-30588\nhttps://security.archlinux.org/CVE-2021-30589", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-08-10T00:00:00", "type": "archlinux", "title": "[ASA-202108-5] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2021-08-10T00:00:00", "id": "ASA-202108-5", "href": "https://security.archlinux.org/ASA-202108-5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:20:51", "description": "Arch Linux Security Advisory ASA-202111-9\n=========================================\n\nSeverity: High\nDate : 2021-11-18\nCVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008\nCVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012\nCVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016\nCVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020\nCVE-2021-38021 CVE-2021-38022\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2560\n\nSummary\n=======\n\nThe package chromium before version 96.0.4664.45-1 is vulnerable to\nmultiple issues including arbitrary code execution, access restriction\nbypass, content spoofing, information disclosure, same-origin policy\nbypass, sandbox escape and denial of service.\n\nResolution\n==========\n\nUpgrade to 96.0.4664.45-1.\n\n# pacman -Syu \"chromium>=96.0.4664.45-1\"\n\nThe problems have been fixed upstream in version 96.0.4664.45.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-38005 (arbitrary code execution)\n\nA use after free security issue has been found in the loader component\nof the Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38006 (arbitrary code execution)\n\nA use after free security issue has been found in the storage\nfoundation component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38007 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38008 (arbitrary code execution)\n\nA use after free security issue has been found in the media component\nof the Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38009 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\ncache component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38010 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nservice workers component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38011 (arbitrary code execution)\n\nA use after free security issue has been found in the storage\nfoundation component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38012 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38013 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the fingerprint\nrecognition component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38014 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Swiftshader\ncomponent of the Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38015 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\ninput component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38016 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nbackground fetch component of the Chromium browser engine before\nversion 96.0.4664.45.\n\n- CVE-2021-38017 (sandbox escape)\n\nAn insufficient policy enforcement security issue has been found in the\niframe sandbox component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38018 (content spoofing)\n\nAn inappropriate implementation security issue has been found in the\nnavigation component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38019 (same-origin policy bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nCORS component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38020 (information disclosure)\n\nAn insufficient policy enforcement security issue has been found in the\ncontacts picker component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38021 (information disclosure)\n\nAn inappropriate implementation security issue has been found in the\nreferrer component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38022 (denial of service)\n\nAn inappropriate implementation security issue has been found in the\nWebAuthentication component of the Chromium browser engine before\nversion 96.0.4664.45.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code, spoof content, bypass\nsecurity restrictions or crash the browser through crafted web content.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\nhttps://crbug.com/1241091\nhttps://crbug.com/1240593\nhttps://crbug.com/1254189\nhttps://crbug.com/1263620\nhttps://crbug.com/1260649\nhttps://crbug.com/1264477\nhttps://crbug.com/1268274\nhttps://crbug.com/1262791\nhttps://crbug.com/1242392\nhttps://crbug.com/1248567\nhttps://crbug.com/957553\nhttps://crbug.com/1244289\nhttps://crbug.com/1256822\nhttps://crbug.com/1197889\nhttps://crbug.com/1251179\nhttps://crbug.com/1259694\nhttps://crbug.com/1233375\nhttps://crbug.com/1248862\nhttps://security.archlinux.org/CVE-2021-38005\nhttps://security.archlinux.org/CVE-2021-38006\nhttps://security.archlinux.org/CVE-2021-38007\nhttps://security.archlinux.org/CVE-2021-38008\nhttps://security.archlinux.org/CVE-2021-38009\nhttps://security.archlinux.org/CVE-2021-38010\nhttps://security.archlinux.org/CVE-2021-38011\nhttps://security.archlinux.org/CVE-2021-38012\nhttps://security.archlinux.org/CVE-2021-38013\nhttps://security.archlinux.org/CVE-2021-38014\nhttps://security.archlinux.org/CVE-2021-38015\nhttps://security.archlinux.org/CVE-2021-38016\nhttps://security.archlinux.org/CVE-2021-38017\nhttps://security.archlinux.org/CVE-2021-38018\nhttps://security.archlinux.org/CVE-2021-38019\nhttps://security.archlinux.org/CVE-2021-38020\nhttps://security.archlinux.org/CVE-2021-38021\nhttps://security.archlinux.org/CVE-2021-38022", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-11-18T00:00:00", "type": "archlinux", "title": "[ASA-202111-9] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022"], "modified": "2021-11-18T00:00:00", "id": "ASA-202111-9", "href": "https://security.archlinux.org/ASA-202111-9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:20:51", "description": "Arch Linux Security Advisory ASA-202112-2\n=========================================\n\nSeverity: High\nDate : 2021-12-03\nCVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008\nCVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012\nCVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016\nCVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020\nCVE-2021-38021 CVE-2021-38022\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2563\n\nSummary\n=======\n\nThe package opera before version 82.0.4227.23-1 is vulnerable to\nmultiple issues including arbitrary code execution, access restriction\nbypass, content spoofing, information disclosure, same-origin policy\nbypass, sandbox escape and denial of service.\n\nResolution\n==========\n\nUpgrade to 82.0.4227.23-1.\n\n# pacman -Syu \"opera>=82.0.4227.23-1\"\n\nThe problems have been fixed upstream in version 82.0.4227.23.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-38005 (arbitrary code execution)\n\nA use after free security issue has been found in the loader component\nof the Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38006 (arbitrary code execution)\n\nA use after free security issue has been found in the storage\nfoundation component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38007 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38008 (arbitrary code execution)\n\nA use after free security issue has been found in the media component\nof the Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38009 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\ncache component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38010 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nservice workers component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38011 (arbitrary code execution)\n\nA use after free security issue has been found in the storage\nfoundation component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38012 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38013 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the fingerprint\nrecognition component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38014 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Swiftshader\ncomponent of the Chromium browser engine before version 96.0.4664.45.\n\n- CVE-2021-38015 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\ninput component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38016 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nbackground fetch component of the Chromium browser engine before\nversion 96.0.4664.45.\n\n- CVE-2021-38017 (sandbox escape)\n\nAn insufficient policy enforcement security issue has been found in the\niframe sandbox component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38018 (content spoofing)\n\nAn inappropriate implementation security issue has been found in the\nnavigation component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38019 (same-origin policy bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nCORS component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38020 (information disclosure)\n\nAn insufficient policy enforcement security issue has been found in the\ncontacts picker component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38021 (information disclosure)\n\nAn inappropriate implementation security issue has been found in the\nreferrer component of the Chromium browser engine before version\n96.0.4664.45.\n\n- CVE-2021-38022 (denial of service)\n\nAn inappropriate implementation security issue has been found in the\nWebAuthentication component of the Chromium browser engine before\nversion 96.0.4664.45.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code, spoof content, bypass\nsecurity restrictions or crash the browser through crafted web content.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-81/\nhttps://blogs.opera.com/desktop/changelog-for-82/\nhttps://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\nhttps://crbug.com/1241091\nhttps://crbug.com/1240593\nhttps://crbug.com/1254189\nhttps://crbug.com/1263620\nhttps://crbug.com/1260649\nhttps://crbug.com/1264477\nhttps://crbug.com/1268274\nhttps://crbug.com/1262791\nhttps://crbug.com/1242392\nhttps://crbug.com/1248567\nhttps://crbug.com/957553\nhttps://crbug.com/1244289\nhttps://crbug.com/1256822\nhttps://crbug.com/1197889\nhttps://crbug.com/1251179\nhttps://crbug.com/1259694\nhttps://crbug.com/1233375\nhttps://crbug.com/1248862\nhttps://security.archlinux.org/CVE-2021-38005\nhttps://security.archlinux.org/CVE-2021-38006\nhttps://security.archlinux.org/CVE-2021-38007\nhttps://security.archlinux.org/CVE-2021-38008\nhttps://security.archlinux.org/CVE-2021-38009\nhttps://security.archlinux.org/CVE-2021-38010\nhttps://security.archlinux.org/CVE-2021-38011\nhttps://security.archlinux.org/CVE-2021-38012\nhttps://security.archlinux.org/CVE-2021-38013\nhttps://security.archlinux.org/CVE-2021-38014\nhttps://security.archlinux.org/CVE-2021-38015\nhttps://security.archlinux.org/CVE-2021-38016\nhttps://security.archlinux.org/CVE-2021-38017\nhttps://security.archlinux.org/CVE-2021-38018\nhttps://security.archlinux.org/CVE-2021-38019\nhttps://security.archlinux.org/CVE-2021-38020\nhttps://security.archlinux.org/CVE-2021-38021\nhttps://security.archlinux.org/CVE-2021-38022", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-12-03T00:00:00", "type": "archlinux", "title": "[ASA-202112-2] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022"], "modified": "2021-12-03T00:00:00", "id": "ASA-202112-2", "href": "https://security.archlinux.org/ASA-202112-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:20:53", "description": "Arch Linux Security Advisory ASA-202110-2\n=========================================\n\nSeverity: High\nDate : 2021-10-21\nCVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984\nCVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988\nCVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992\nCVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2474\n\nSummary\n=======\n\nThe package chromium before version 95.0.4638.54-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 95.0.4638.54-1.\n\n# pacman -Syu \"chromium>=95.0.4638.54-1\"\n\nThe problems have been fixed upstream in version 95.0.4638.54.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-37981 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Skia\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37982 (arbitrary code execution)\n\nA use after free security issue has been found in the Incognito\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37983 (arbitrary code execution)\n\nA use after free security issue has been found in the Dev Tools\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37984 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the PDFium\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37985 (arbitrary code execution)\n\nA use after free security issue has been found in the V8 component of\nthe Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37986 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Settings\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37987 (arbitrary code execution)\n\nA use after free security issue has been found in the Network APIs\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37988 (arbitrary code execution)\n\nA use after free security issue has been found in the Profiles\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37989 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nBlink component of the Chromium browser engine before version\n95.0.4638.54.\n\n- CVE-2021-37990 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nWebView component of the Chromium browser engine before version\n95.0.4638.54.\n\n- CVE-2021-37991 (arbitrary code execution)\n\nA race security issue has been found in the V8 component of the\nChromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37992 (information disclosure)\n\nAn out of bounds read security issue has been found in the WebAudio\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37993 (arbitrary code execution)\n\nA use after free security issue has been found in the PDF Accessibility\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37994 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\niFrame Sandbox component of the Chromium browser engine before version\n95.0.4638.54.\n\n- CVE-2021-37995 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nWebApp Installer component of the Chromium browser engine before\nversion 95.0.4638.54.\n\n- CVE-2021-37996 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the Downloads component of the Chromium browser engine before\nversion 95.0.4638.54.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code or disclose sensitive\ninformation through crafted web content.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html\nhttps://crbug.com/1246631\nhttps://crbug.com/1248661\nhttps://crbug.com/1249810\nhttps://crbug.com/1253399\nhttps://crbug.com/1241860\nhttps://crbug.com/1242404\nhttps://crbug.com/1206928\nhttps://crbug.com/1228248\nhttps://crbug.com/1233067\nhttps://crbug.com/1247395\nhttps://crbug.com/1250660\nhttps://crbug.com/1253746\nhttps://crbug.com/1255332\nhttps://crbug.com/1100761\nhttps://crbug.com/1242315\nhttps://crbug.com/1243020\nhttps://security.archlinux.org/CVE-2021-37981\nhttps://security.archlinux.org/CVE-2021-37982\nhttps://security.archlinux.org/CVE-2021-37983\nhttps://security.archlinux.org/CVE-2021-37984\nhttps://security.archlinux.org/CVE-2021-37985\nhttps://security.archlinux.org/CVE-2021-37986\nhttps://security.archlinux.org/CVE-2021-37987\nhttps://security.archlinux.org/CVE-2021-37988\nhttps://security.archlinux.org/CVE-2021-37989\nhttps://security.archlinux.org/CVE-2021-37990\nhttps://security.archlinux.org/CVE-2021-37991\nhttps://security.archlinux.org/CVE-2021-37992\nhttps://security.archlinux.org/CVE-2021-37993\nhttps://security.archlinux.org/CVE-2021-37994\nhttps://security.archlinux.org/CVE-2021-37995\nhttps://security.archlinux.org/CVE-2021-37996", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-21T00:00:00", "type": "archlinux", "title": "[ASA-202110-2] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2021-10-21T00:00:00", "id": "ASA-202110-2", "href": "https://security.archlinux.org/ASA-202110-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:20:52", "description": "Arch Linux Security Advisory ASA-202111-4\n=========================================\n\nSeverity: High\nDate : 2021-11-05\nCVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984\nCVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988\nCVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992\nCVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2468\n\nSummary\n=======\n\nThe package opera before version 81.0.4196.31-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 81.0.4196.31-1.\n\n# pacman -Syu \"opera>=81.0.4196.31-1\"\n\nThe problems have been fixed upstream in version 81.0.4196.31.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-37981 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Skia\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37982 (arbitrary code execution)\n\nA use after free security issue has been found in the Incognito\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37983 (arbitrary code execution)\n\nA use after free security issue has been found in the Dev Tools\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37984 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the PDFium\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37985 (arbitrary code execution)\n\nA use after free security issue has been found in the V8 component of\nthe Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37986 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Settings\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37987 (arbitrary code execution)\n\nA use after free security issue has been found in the Network APIs\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37988 (arbitrary code execution)\n\nA use after free security issue has been found in the Profiles\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37989 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nBlink component of the Chromium browser engine before version\n95.0.4638.54.\n\n- CVE-2021-37990 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nWebView component of the Chromium browser engine before version\n95.0.4638.54.\n\n- CVE-2021-37991 (arbitrary code execution)\n\nA race security issue has been found in the V8 component of the\nChromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37992 (information disclosure)\n\nAn out of bounds read security issue has been found in the WebAudio\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37993 (arbitrary code execution)\n\nA use after free security issue has been found in the PDF Accessibility\ncomponent of the Chromium browser engine before version 95.0.4638.54.\n\n- CVE-2021-37994 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\niFrame Sandbox component of the Chromium browser engine before version\n95.0.4638.54.\n\n- CVE-2021-37995 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nWebApp Installer component of the Chromium browser engine before\nversion 95.0.4638.54.\n\n- CVE-2021-37996 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the Downloads component of the Chromium browser engine before\nversion 95.0.4638.54.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code or disclose sensitive\ninformation through crafted web content.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-80/\nhttps://blogs.opera.com/desktop/changelog-for-81/\nhttps://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html\nhttps://crbug.com/1246631\nhttps://crbug.com/1248661\nhttps://crbug.com/1249810\nhttps://crbug.com/1253399\nhttps://crbug.com/1241860\nhttps://crbug.com/1242404\nhttps://crbug.com/1206928\nhttps://crbug.com/1228248\nhttps://crbug.com/1233067\nhttps://crbug.com/1247395\nhttps://crbug.com/1250660\nhttps://crbug.com/1253746\nhttps://crbug.com/1255332\nhttps://crbug.com/1100761\nhttps://crbug.com/1242315\nhttps://crbug.com/1243020\nhttps://security.archlinux.org/CVE-2021-37981\nhttps://security.archlinux.org/CVE-2021-37982\nhttps://security.archlinux.org/CVE-2021-37983\nhttps://security.archlinux.org/CVE-2021-37984\nhttps://security.archlinux.org/CVE-2021-37985\nhttps://security.archlinux.org/CVE-2021-37986\nhttps://security.archlinux.org/CVE-2021-37987\nhttps://security.archlinux.org/CVE-2021-37988\nhttps://security.archlinux.org/CVE-2021-37989\nhttps://security.archlinux.org/CVE-2021-37990\nhttps://security.archlinux.org/CVE-2021-37991\nhttps://security.archlinux.org/CVE-2021-37992\nhttps://security.archlinux.org/CVE-2021-37993\nhttps://security.archlinux.org/CVE-2021-37994\nhttps://security.archlinux.org/CVE-2021-37995\nhttps://security.archlinux.org/CVE-2021-37996", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-11-05T00:00:00", "type": "archlinux", "title": "[ASA-202111-4] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2021-11-05T00:00:00", "id": "ASA-202111-4", "href": "https://security.archlinux.org/ASA-202111-4", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:20:53", "description": "Arch Linux Security Advisory ASA-202110-7\n=========================================\n\nSeverity: High\nDate : 2021-10-29\nCVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000\nCVE-2021-38001 CVE-2021-38002 CVE-2021-38003\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2504\n\nSummary\n=======\n\nThe package chromium before version 95.0.4638.69-1 is vulnerable to\nmultiple issues including arbitrary code execution and insufficient\nvalidation.\n\nResolution\n==========\n\nUpgrade to 95.0.4638.69-1.\n\n# pacman -Syu \"chromium>=95.0.4638.69-1\"\n\nThe problems have been fixed upstream in version 95.0.4638.69.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-37997 (arbitrary code execution)\n\nA use after free security issue has been found in the Sign-In component\nof the Chromium browser engine before version 95.0.4638.69.\n\n- CVE-2021-37998 (arbitrary code execution)\n\nA use after free security issue has been found in the Garbage\nCollection component of the Chromium browser engine before version\n95.0.4638.69.\n\n- CVE-2021-37999 (insufficient validation)\n\nAn insufficient data validation security issue has been found in the\nNew Tab Page component of the Chromium browser engine before version\n95.0.4638.69.\n\n- CVE-2021-38000 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the Intents component of the Chromium browser engine before\nversion 95.0.4638.69. Google is aware that an exploit for\nCVE-2021-38000 exists in the wild.\n\n- CVE-2021-38001 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 95.0.4638.69.\n\n- CVE-2021-38002 (arbitrary code execution)\n\nA use after free security issue has been found in the Web Transport\ncomponent of the Chromium browser engine before version 95.0.4638.69.\n\n- CVE-2021-38003 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the V8\ncomponent of the Chromium browser engine before version 95.0.4638.69.\nGoogle is aware that an exploit for CVE-2021-38003 exists in the wild.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through crafted web\ncontent. Google is aware that exploits for two of the security issues\nexist in the wild.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\nhttps://crbug.com/1259864\nhttps://crbug.com/1259587\nhttps://crbug.com/1251541\nhttps://crbug.com/1249962\nhttps://crbug.com/1260577\nhttps://crbug.com/1260940\nhttps://crbug.com/1263462\nhttps://security.archlinux.org/CVE-2021-37997\nhttps://security.archlinux.org/CVE-2021-37998\nhttps://security.archlinux.org/CVE-2021-37999\nhttps://security.archlinux.org/CVE-2021-38000\nhttps://security.archlinux.org/CVE-2021-38001\nhttps://security.archlinux.org/CVE-2021-38002\nhttps://security.archlinux.org/CVE-2021-38003", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-29T00:00:00", "type": "archlinux", "title": "[ASA-202110-7] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003"], "modified": "2021-10-29T00:00:00", "id": "ASA-202110-7", "href": "https://security.archlinux.org/ASA-202110-7", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:00:39", "description": "Arch Linux Security Advisory ASA-202109-6\n=========================================\n\nSeverity: High\nDate : 2021-09-14\nCVE-ID : CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628\nCVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632\nCVE-2021-30633\nPackage : chromium\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2379\n\nSummary\n=======\n\nThe package chromium before version 93.0.4577.82-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 93.0.4577.82-1.\n\n# pacman -Syu \"chromium>=93.0.4577.82-1\"\n\nThe problems have been fixed upstream in version 93.0.4577.82.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30625 (arbitrary code execution)\n\nA use after free security issue has been found in the Selection API\ncomponent of the Chromium browser engine before version 93.0.4577.82.\n\n- CVE-2021-30626 (arbitrary code execution)\n\nAn out of bounds memory access security issue has been found in the\nANGLE component of the Chromium browser engine before version\n93.0.4577.82.\n\n- CVE-2021-30627 (arbitrary code execution)\n\nA type confusion security issue has been found in the Blink layout\ncomponent of the Chromium browser engine before version 93.0.4577.82.\n\n- CVE-2021-30628 (arbitrary code execution)\n\nA stack buffer overflow security issue has been found in the ANGLE\ncomponent of the Chromium browser engine before version 93.0.4577.82.\n\n- CVE-2021-30629 (arbitrary code execution)\n\nA use after free security issue has been found in the Permissions\ncomponent of the Chromium browser engine before version 93.0.4577.82.\n\n- CVE-2021-30630 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the\nBlink component of the Chromium browser engine before version\n93.0.4577.82.\n\n- CVE-2021-30631 (arbitrary code execution)\n\nA type confusion security issue has been found in the Blink layout\ncomponent of the Chromium browser engine before version 93.0.4577.82.\n\n- CVE-2021-30632 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the V8\ncomponent of the Chromium browser engine before version 93.0.4577.82.\nGoogle is aware that exploits for this issue exist in the wild.\n\n- CVE-2021-30633 (arbitrary code execution)\n\nA use after free security issue has been found in the Indexed DB API\ncomponent of the Chromium browser engine before version 93.0.4577.82.\nGoogle is aware that exploits for this issue exist in the wild.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through crafted web\ncontent.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html\nhttps://crbug.com/1237533\nhttps://crbug.com/1241036\nhttps://crbug.com/1245786\nhttps://crbug.com/1241123\nhttps://crbug.com/1243646\nhttps://crbug.com/1244568\nhttps://crbug.com/1246932\nhttps://crbug.com/1247763\nhttps://crbug.com/1247766\nhttps://security.archlinux.org/CVE-2021-30625\nhttps://security.archlinux.org/CVE-2021-30626\nhttps://security.archlinux.org/CVE-2021-30627\nhttps://security.archlinux.org/CVE-2021-30628\nhttps://security.archlinux.org/CVE-2021-30629\nhttps://security.archlinux.org/CVE-2021-30630\nhttps://security.archlinux.org/CVE-2021-30631\nhttps://security.archlinux.org/CVE-2021-30632\nhttps://security.archlinux.org/CVE-2021-30633", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-14T00:00:00", "type": "archlinux", "title": "[ASA-202109-6] chromium: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-14T00:00:00", "id": "ASA-202109-6", "href": "https://security.archlinux.org/ASA-202109-6", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:09", "description": "Arch Linux Security Advisory ASA-202108-6\n=========================================\n\nSeverity: High\nDate : 2021-08-10\nCVE-ID : CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593\nCVE-2021-30594 CVE-2021-30596 CVE-2021-30597\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2247\n\nSummary\n=======\n\nThe package vivaldi before version 4.1.2369.15-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure and content spoofing.\n\nResolution\n==========\n\nUpgrade to 4.1.2369.15-1.\n\n# pacman -Syu \"vivaldi>=4.1.2369.15-1\"\n\nThe problems have been fixed upstream in version 4.1.2369.15.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30590 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Bookmarks\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30591 (arbitrary code execution)\n\nA use after free security issue has been found in the File System API\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30592 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Tab Groups\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30593 (information disclosure)\n\nAn out of bounds read security issue has been found in the Tab Strip\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30594 (arbitrary code execution)\n\nA use after free security issue has been found in the Page Info UI\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30596 (content spoofing)\n\nAn incorrect security UI security issue has been found in the\nNavigation component of the Chromium browser engine before version\n92.0.4515.131.\n\n- CVE-2021-30597 (arbitrary code execution)\n\nA use after free security issue has been found in the Browser UI\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code, disclose sensitive\ninformation, or spoof content through crafted web pages.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/vivaldi-4-1-rc-1-desktop/\nhttps://vivaldi.com/blog/desktop/minor-update-desktop-4-1/\nhttps://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html\nhttps://crbug.com/1227777\nhttps://crbug.com/1229298\nhttps://crbug.com/1209469\nhttps://crbug.com/1209616\nhttps://crbug.com/1218468\nhttps://crbug.com/1214481\nhttps://crbug.com/1232617\nhttps://security.archlinux.org/CVE-2021-30590\nhttps://security.archlinux.org/CVE-2021-30591\nhttps://security.archlinux.org/CVE-2021-30592\nhttps://security.archlinux.org/CVE-2021-30593\nhttps://security.archlinux.org/CVE-2021-30594\nhttps://security.archlinux.org/CVE-2021-30596\nhttps://security.archlinux.org/CVE-2021-30597", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "archlinux", "title": "[ASA-202108-6] vivaldi: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2021-08-10T00:00:00", "id": "ASA-202108-6", "href": "https://security.archlinux.org/ASA-202108-6", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:12", "description": "Arch Linux Security Advisory ASA-202108-4\n=========================================\n\nSeverity: High\nDate : 2021-08-03\nCVE-ID : CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593\nCVE-2021-30594 CVE-2021-30596 CVE-2021-30597\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2246\n\nSummary\n=======\n\nThe package chromium before version 92.0.4515.131-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure and content spoofing.\n\nResolution\n==========\n\nUpgrade to 92.0.4515.131-1.\n\n# pacman -Syu \"chromium>=92.0.4515.131-1\"\n\nThe problems have been fixed upstream in version 92.0.4515.131.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30590 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Bookmarks\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30591 (arbitrary code execution)\n\nA use after free security issue has been found in the File System API\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30592 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Tab Groups\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30593 (information disclosure)\n\nAn out of bounds read security issue has been found in the Tab Strip\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30594 (arbitrary code execution)\n\nA use after free security issue has been found in the Page Info UI\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\n- CVE-2021-30596 (content spoofing)\n\nAn incorrect security UI security issue has been found in the\nNavigation component of the Chromium browser engine before version\n92.0.4515.131.\n\n- CVE-2021-30597 (arbitrary code execution)\n\nA use after free security issue has been found in the Browser UI\ncomponent of the Chromium browser engine before version 92.0.4515.131.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code, disclose sensitive\ninformation, or spoof content through crafted web pages.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html\nhttps://crbug.com/1227777\nhttps://crbug.com/1229298\nhttps://crbug.com/1209469\nhttps://crbug.com/1209616\nhttps://crbug.com/1218468\nhttps://crbug.com/1214481\nhttps://crbug.com/1232617\nhttps://security.archlinux.org/CVE-2021-30590\nhttps://security.archlinux.org/CVE-2021-30591\nhttps://security.archlinux.org/CVE-2021-30592\nhttps://security.archlinux.org/CVE-2021-30593\nhttps://security.archlinux.org/CVE-2021-30594\nhttps://security.archlinux.org/CVE-2021-30596\nhttps://security.archlinux.org/CVE-2021-30597", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-03T00:00:00", "type": "archlinux", "title": "[ASA-202108-4] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2021-08-03T00:00:00", "id": "ASA-202108-4", "href": "https://security.archlinux.org/ASA-202108-4", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:20:51", "description": "Arch Linux Security Advisory ASA-202111-8\n=========================================\n\nSeverity: High\nDate : 2021-11-18\nCVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000\nCVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2525\n\nSummary\n=======\n\nThe package opera before version 81.0.4196.54-1 is vulnerable to\nmultiple issues including arbitrary code execution, insufficient\nvalidation and access restriction bypass.\n\nResolution\n==========\n\nUpgrade to 81.0.4196.54-1.\n\n# pacman -Syu \"opera>=81.0.4196.54-1\"\n\nThe problems have been fixed upstream in version 81.0.4196.54.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-37997 (arbitrary code execution)\n\nA use after free security issue has been found in the Sign-In component\nof the Chromium browser engine before version 95.0.4638.69.\n\n- CVE-2021-37998 (arbitrary code execution)\n\nA use after free security issue has been found in the Garbage\nCollection component of the Chromium browser engine before version\n95.0.4638.69.\n\n- CVE-2021-37999 (insufficient validation)\n\nAn insufficient data validation security issue has been found in the\nNew Tab Page component of the Chromium browser engine before version\n95.0.4638.69.\n\n- CVE-2021-38000 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the Intents component of the Chromium browser engine before\nversion 95.0.4638.69. Google is aware that an exploit for\nCVE-2021-38000 exists in the wild.\n\n- CVE-2021-38001 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser engine before version 95.0.4638.69.\n\n- CVE-2021-38002 (arbitrary code execution)\n\nA use after free security issue has been found in the Web Transport\ncomponent of the Chromium browser engine before version 95.0.4638.69.\n\n- CVE-2021-38003 (arbitrary code execution)\n\nAn inappropriate implementation security issue has been found in the V8\ncomponent of the Chromium browser engine before version 95.0.4638.69.\nGoogle is aware that an exploit for CVE-2021-38003 exists in the wild.\n\n- CVE-2021-38004 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nAutofill component of the Chromium browser engine before version\n95.0.4638.69.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through crafted web\ncontent. Google is aware that exploits for two of the security issues\nexist in the wild.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-81/\nhttps://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\nhttps://crbug.com/1259864\nhttps://crbug.com/1259587\nhttps://crbug.com/1251541\nhttps://crbug.com/1249962\nhttps://crbug.com/1260577\nhttps://crbug.com/1260940\nhttps://crbug.com/1263462\nhttps://crbug.com/1227170\nhttps://security.archlinux.org/CVE-2021-37997\nhttps://security.archlinux.org/CVE-2021-37998\nhttps://security.archlinux.org/CVE-2021-37999\nhttps://security.archlinux.org/CVE-2021-38000\nhttps://security.archlinux.org/CVE-2021-38001\nhttps://security.archlinux.org/CVE-2021-38002\nhttps://security.archlinux.org/CVE-2021-38003\nhttps://security.archlinux.org/CVE-2021-38004", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-11-18T00:00:00", "type": "archlinux", "title": "[ASA-202111-8] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38004"], "modified": "2021-11-18T00:00:00", "id": "ASA-202111-8", "href": "https://security.archlinux.org/ASA-202111-8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:20:52", "description": "Arch Linux Security Advisory ASA-202110-8\n=========================================\n\nSeverity: High\nDate : 2021-10-29\nCVE-ID : CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2444\n\nSummary\n=======\n\nThe package opera before version 80.0.4170.63-1 is vulnerable to\nmultiple issues including arbitrary code execution and sandbox escape.\n\nResolution\n==========\n\nUpgrade to 80.0.4170.63-1.\n\n# pacman -Syu \"opera>=80.0.4170.63-1\"\n\nThe problems have been fixed upstream in version 80.0.4170.63.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-37977 (arbitrary code execution)\n\nA use after free security issue has been found in the Garbage\nCollection component of the Chromium browser engine before version\n94.0.4606.81.\n\n- CVE-2021-37978 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Blink\ncomponent of the Chromium browser engine before version 94.0.4606.81.\n\n- CVE-2021-37979 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the WebRTC\ncomponent of the Chromium browser engine before version 94.0.4606.81.\n\n- CVE-2021-37980 (sandbox escape)\n\nAn inappropriate implementation security issue has been found in the\nSandbox component of the Chromium browser engine before version\n94.0.4606.81.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code or disclose sensitive\ninformation through crafted web content.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-80/\nhttps://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html\nhttps://crbug.com/1252878\nhttps://crbug.com/1236318\nhttps://crbug.com/1247260\nhttps://crbug.com/1254631\nhttps://security.archlinux.org/CVE-2021-37977\nhttps://security.archlinux.org/CVE-2021-37978\nhttps://security.archlinux.org/CVE-2021-37979\nhttps://security.archlinux.org/CVE-2021-37980", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-29T00:00:00", "type": "archlinux", "title": "[ASA-202110-8] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-10-29T00:00:00", "id": "ASA-202110-8", "href": "https://security.archlinux.org/ASA-202110-8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:40:10", "description": "An update that fixes 27 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 92.0.4515.131 (boo#1189006)\n\n * CVE-2021-30590: Heap buffer overflow in Bookmarks\n * CVE-2021-30591: Use after free in File System API\n * CVE-2021-30592: Out of bounds write in Tab Groups\n * CVE-2021-30593: Out of bounds read in Tab Strip\n * CVE-2021-30594: Use after free in Page Info UI\n * CVE-2021-30596: Incorrect security UI in Navigation\n * CVE-2021-30597: Use after free in Browser UI\n\n Chromium 92.0.4515.107 (boo#1188590)\n\n * CVE-2021-30565: Out of bounds write in Tab Groups\n * CVE-2021-30566: Stack buffer overflow in Printing\n * CVE-2021-30567: Use after free in DevTools\n * CVE-2021-30568: Heap buffer overflow in WebGL\n * CVE-2021-30569: Use after free in sqlite\n * CVE-2021-30571: Insufficient policy enforcement in DevTools\n * CVE-2021-30572: Use after free in Autofill\n * CVE-2021-30573: Use after free in GPU\n * CVE-2021-30574: Use after free in protocol handling\n * CVE-2021-30575: Out of bounds read in Autofill\n * CVE-2021-30576: Use after free in DevTools\n * CVE-2021-30577: Insufficient policy enforcement in Installer\n * CVE-2021-30578: Uninitialized Use in Media\n * CVE-2021-30579: Use after free in UI framework\n * CVE-2021-30581: Use after free in DevTools\n * CVE-2021-30582: Inappropriate implementation in Animation\n * CVE-2021-30584: Incorrect security UI in Downloads\n * CVE-2021-30585: Use after free in sensor handling\n * CVE-2021-30588: Type Confusion in V8\n * CVE-2021-30589: Insufficient validation of untrusted input in Sharing\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1131=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-08-10T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2021-08-10T00:00:00", "id": "OPENSUSE-SU-2021:1131-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QMTT3WQIVTBT7PZKT6YDJXEYNVRRJDO2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T21:00:55", "description": "An update that fixes 27 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 92.0.4515.131 (boo#1189006)\n\n * CVE-2021-30590: Heap buffer overflow in Bookmarks\n * CVE-2021-30591: Use after free in File System API\n * CVE-2021-30592: Out of bounds write in Tab Groups\n * CVE-2021-30593: Out of bounds read in Tab Strip\n * CVE-2021-30594: Use after free in Page Info UI\n * CVE-2021-30596: Incorrect security UI in Navigation\n * CVE-2021-30597: Use after free in Browser UI\n\n Chromium 92.0.4515.107 (boo#1188590)\n\n * CVE-2021-30565: Out of bounds write in Tab Groups\n * CVE-2021-30566: Stack buffer overflow in Printing\n * CVE-2021-30567: Use after free in DevTools\n * CVE-2021-30568: Heap buffer overflow in WebGL\n * CVE-2021-30569: Use after free in sqlite\n * CVE-2021-30571: Insufficient policy enforcement in DevTools\n * CVE-2021-30572: Use after free in Autofill\n * CVE-2021-30573: Use after free in GPU\n * CVE-2021-30574: Use after free in protocol handling\n * CVE-2021-30575: Out of bounds read in Autofill\n * CVE-2021-30576: Use after free in DevTools\n * CVE-2021-30577: Insufficient policy enforcement in Installer\n * CVE-2021-30578: Uninitialized Use in Media\n * CVE-2021-30579: Use after free in UI framework\n * CVE-2021-30581: Use after free in DevTools\n * CVE-2021-30582: Inappropriate implementation in Animation\n * CVE-2021-30584: Incorrect security UI in Downloads\n * CVE-2021-30585: Use after free in sensor handling\n * CVE-2021-30588: Type Confusion in V8\n * CVE-2021-30589: Insufficient validation of untrusted input in Sharing\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1144=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-08-11T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2021-08-11T00:00:00", "id": "OPENSUSE-SU-2021:1144-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T02:11:47", "description": "An update that fixes 28 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 93.0.4577.63 (boo#1190096):\n\n * CVE-2021-30606: Use after free in Blink\n * CVE-2021-30607: Use after free in Permissions\n * CVE-2021-30608: Use after free in Web Share\n * CVE-2021-30609: Use after free in Sign-In\n * CVE-2021-30610: Use after free in Extensions API\n * CVE-2021-30611: Use after free in WebRTC\n * CVE-2021-30612: Use after free in WebRTC\n * CVE-2021-30613: Use after free in Base internals\n * CVE-2021-30614: Heap buffer overflow in TabStrip\n * CVE-2021-30615: Cross-origin data leak in Navigation\n * CVE-2021-30616: Use after free in Media\n * CVE-2021-30617: Policy bypass in Blink\n * CVE-2021-30618: Inappropriate implementation in DevTools\n * CVE-2021-30619: UI Spoofing in Autofill\n * CVE-2021-30620: Insufficient policy enforcement in Blink\n * CVE-2021-30621: UI Spoofing in Autofill\n * CVE-2021-30622: Use after free in WebApp Installs\n * CVE-2021-30623: Use after free in Bookmarks\n * CVE-2021-30624: Use after free in Autofill\n\n Chromium 93.0.4577.82 (boo#1190476):\n\n * CVE-2021-30625: Use after free in Selection API\n * CVE-2021-30626: Out of bounds memory access in ANGLE\n * CVE-2021-30627: Type Confusion in Blink layout\n * CVE-2021-30628: Stack buffer overflow in ANGLE\n * CVE-2021-30629: Use after free in Permissions\n * CVE-2021-30630: Inappropriate implementation in Blink\n * CVE-2021-30631: Type Confusion in Blink layout\n * CVE-2021-30632: Out of bounds write in V8\n * CVE-2021-30633: Use after free in Indexed DB API\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1300=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-22T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-22T00:00:00", "id": "OPENSUSE-SU-2021:1300-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AFYTQFVWKBYVVXUN3DISYCDXS27AWFTC/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T19:34:29", "description": "An update that fixes 19 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to version 79.0.4143.22\n\n - CHR-8550 Update chromium on desktop-stable-93-4143 to 93.0.4577.58\n - CHR-8557 Update chromium on desktop-stable-93-4143 to 93.0.4577.63\n - DNA-94641 [Linux] Proprietary media codecs not working in snap builds\n - DNA-95076 [Linux] Page crash with media content\n - DNA-95084 [Mac] Cannot quit through menu with snapshot editor open\n - DNA-95138 Add setting to synchronize Pinboards\n - DNA-95157 Crash at -[OperaCrApplication sendEvent:]\n - DNA-95204 Opera 79 translations\n - DNA-95240 The pinboard thumbnail cannot be generated anymore\n - DNA-95278 Existing Pinboards might be missing\n - DNA-95292 Enable #bookmarks-trash-cleaner on all streams\n - DNA-95293 Enable #easy-files-downloads-folder on all streams\n - DNA-95383 Promote O79 to stable\n\n - Complete Opera 79.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-79/\n\n - The update to chromium 93.0.4577.58 fixes following issues:\n CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609,\n CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613,\n CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617,\n CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621,\n CVE-2021-30622, CVE-2021-30623, CVE-2021-30624\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-1310=1\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-1310=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-25T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-09-25T00:00:00", "id": "OPENSUSE-SU-2021:1310-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZDRKVDFEPABXRR653626WGJRZWK5HZ7Y/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T08:10:05", "description": "An update that fixes 28 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 93.0.4577.63 (boo#1190096):\n\n * CVE-2021-30606: Use after free in Blink\n * CVE-2021-30607: Use after free in Permissions\n * CVE-2021-30608: Use after free in Web Share\n * CVE-2021-30609: Use after free in Sign-In\n * CVE-2021-30610: Use after free in Extensions API\n * CVE-2021-30611: Use after free in WebRTC\n * CVE-2021-30612: Use after free in WebRTC\n * CVE-2021-30613: Use after free in Base internals\n * CVE-2021-30614: Heap buffer overflow in TabStrip\n * CVE-2021-30615: Cross-origin data leak in Navigation\n * CVE-2021-30616: Use after free in Media\n * CVE-2021-30617: Policy bypass in Blink\n * CVE-2021-30618: Inappropriate implementation in DevTools\n * CVE-2021-30619: UI Spoofing in Autofill\n * CVE-2021-30620: Insufficient policy enforcement in Blink\n * CVE-2021-30621: UI Spoofing in Autofill\n * CVE-2021-30622: Use after free in WebApp Installs\n * CVE-2021-30623: Use after free in Bookmarks\n * CVE-2021-30624: Use after free in Autofill\n\n Chromium 93.0.4577.82 (boo#1190476):\n\n * CVE-2021-30625: Use after free in Selection API\n * CVE-2021-30626: Out of bounds memory access in ANGLE\n * CVE-2021-30627: Type Confusion in Blink layout\n * CVE-2021-30628: Stack buffer overflow in ANGLE\n * CVE-2021-30629: Use after free in Permissions\n * CVE-2021-30630: Inappropriate implementation in Blink\n * CVE-2021-30631: Type Confusion in Blink layout\n * CVE-2021-30632: Out of bounds write in V8\n * CVE-2021-30633: Use after free in Indexed DB API\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1303=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-23T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-23T00:00:00", "id": "OPENSUSE-SU-2021:1303-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XKFA6UOYGKCDBHHUW6MA56YT5KIDLCNF/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:56", "description": "An update that fixes 16 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to version 81.0.4196.31\n - DNA-95733 Implement the \ufffd\ufffd\ufffdManage\ufffd\ufffd\ufffd menu in card details view\n - DNA-95736 Update UI for paused card\n - DNA-95791 Crash at base::operator<\n - DNA-95794 Sometimes the sidebar UI fails to load\n - DNA-95812 Retrieve cards info when showing autofill\n - DNA-96035 Cannot create virtual card on Sandbox environment\n - DNA-96147 \ufffd\ufffd\ufffdBuy\ufffd\ufffd\ufffd button does not work\n - DNA-96168 Update contributors list\n - DNA-96211 Enable #fast-tab-tooltip on all streams\n - DNA-96231 Promote O81 to stable\n - Complete Opera 80.1 changelog at:\n\n https://blogs.opera.com/desktop/changelog-for-81/\n\n Update to version 81.0.4196.27\n\n - CHR-8623 Update chromium on desktop-stable-95-4196 to 95.0.4638.54\n - DNA-92384 Better segmenting of hint users\n - DNA-95523 Allow sorting in multi-card view\n - DNA-95659 Flow of Lastcard on first login\n - DNA-95735 Implement the button that reveals full card details\n - DNA-95747 Better way to handle expired funding card\n - DNA-95949 [Mac Retina] Clicking active tab should scroll to the top\n - DNA-95993 Update icon used for Yat in address bar dropdown\n - DNA-96021 Cleared download item view is never deleted\n - DNA-96036 Occupation field in 'Account \ufffd\ufffd\ufffd Edit' is shown twice\n - DNA-96127 Upgrade plan button does nothing\n - DNA-96138 \"Add Card\" button does not change to \"Upgrade Plan\" after\n adding card\n - The update to chromium 95.0.4638.54 fixes following issues:\n CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984,\n CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-2021-37988,\n CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-37992,\n CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996\n\n Update to version 80.0.4170.72\n\n - DNA-95522 Change card view to show all types of cards\n - DNA-95523 Allow sorting in multi-card view\n - DNA-95524 Allow searching for cards by name\n - DNA-95658 Allow user to add a card\n - DNA-95659 Flow of Lastcard on first login\n - DNA-95660 Implement editing card details\n - DNA-95699 Add card details view\n - DNA-95733 Implement the \ufffd\ufffd\ufffdManage\ufffd\ufffd\ufffd menu in card details view\n - DNA-95735 Implement the button that reveals full card details\n - DNA-95736 Update UI for paused card\n - DNA-95747 Better way to handle expired funding card\n - DNA-95794 Sometimes the sidebar UI fails to load\n - DNA-95812 Retrieve cards info when showing autofill\n - DNA-96036 Occupation field in \ufffd\ufffd\ufffdAccount \ufffd\ufffd\ufffd Edit\ufffd\ufffd\ufffd is shown twice\n - DNA-96127 Upgrade plan button does nothing\n - DNA-96138 \ufffd\ufffd\ufffdAdd Card\ufffd\ufffd\ufffd button does not change to \ufffd\ufffd\ufffdUpgrade Plan\ufffd\ufffd\ufffd\n after adding card\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-1488=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-11-19T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2021-11-19T00:00:00", "id": "OPENSUSE-SU-2021:1488-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2KPG5DWW4SNUCP3CCQ2LC7L3RKCFTIAA/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:59", "description": "An update that fixes 16 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 95.0.4638.54 (boo#1191844):\n\n * CVE-2021-37981: Heap buffer overflow in Skia\n * CVE-2021-37982: Use after free in Incognito\n * CVE-2021-37983: Use after free in Dev Tools\n * CVE-2021-37984: Heap buffer overflow in PDFium\n * CVE-2021-37985: Use after free in V8\n * CVE-2021-37986: Heap buffer overflow in Settings\n * CVE-2021-37987: Use after free in Network APIs\n * CVE-2021-37988: Use after free in Profiles\n * CVE-2021-37989: Inappropriate implementation in Blink\n * CVE-2021-37990: Inappropriate implementation in WebView\n * CVE-2021-37991: Race in V8\n * CVE-2021-37992: Out of bounds read in WebAudio\n * CVE-2021-37993: Use after free in PDF Accessibility\n * CVE-2021-37996: Insufficient validation of untrusted input in Downloads\n * CVE-2021-37994: Inappropriate implementation in iFrame Sandbox\n * CVE-2021-37995: Inappropriate implementation in WebApp Installer\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1396=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-30T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2021-10-30T00:00:00", "id": "OPENSUSE-SU-2021:1396-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JYLHMZTJJPI73VMWKC3ARZ4PIBXUS3VM/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:59", "description": "An update that fixes 16 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 95.0.4638.54 (boo#1191844):\n\n * CVE-2021-37981: Heap buffer overflow in Skia\n * CVE-2021-37982: Use after free in Incognito\n * CVE-2021-37983: Use after free in Dev Tools\n * CVE-2021-37984: Heap buffer overflow in PDFium\n * CVE-2021-37985: Use after free in V8\n * CVE-2021-37986: Heap buffer overflow in Settings\n * CVE-2021-37987: Use after free in Network APIs\n * CVE-2021-37988: Use after free in Profiles\n * CVE-2021-37989: Inappropriate implementation in Blink\n * CVE-2021-37990: Inappropriate implementation in WebView\n * CVE-2021-37991: Race in V8\n * CVE-2021-37992: Out of bounds read in WebAudio\n * CVE-2021-37993: Use after free in PDF Accessibility\n * CVE-2021-37996: Insufficient validation of untrusted input in Downloads\n * CVE-2021-37994: Inappropriate implementation in iFrame Sandbox\n * CVE-2021-37995: Inappropriate implementation in WebApp Installer\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1392=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-26T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2021-10-26T00:00:00", "id": "OPENSUSE-SU-2021:1392-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PA4QP5O5NS7MLCPJRQA74564MFVWF24/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:56", "description": "An update that fixes 16 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 81.0.4196.31:\n\n - DNA-95733 Implement the \ufffd\ufffd\ufffdManage\ufffd\ufffd\ufffd menu in card details view\n - DNA-95736 Update UI for paused card\n - DNA-95791 Crash at base::operator<\n - DNA-95794 Sometimes the sidebar UI fails to load\n - DNA-95812 Retrieve cards info when showing autofill\n - DNA-96035 Cannot create virtual card on Sandbox environment\n - DNA-96147 \ufffd\ufffd\ufffdBuy\ufffd\ufffd\ufffd button does not work\n - DNA-96168 Update contributors list\n - DNA-96211 Enable #fast-tab-tooltip on all streams\n - DNA-96231 Promote O81 to stable\n - Complete Opera 80.1 changelog at:\n https://blogs.opera.com/desktop/changelog-for-81/\n\n Update to version 81.0.4196.27\n\n - CHR-8623 Update chromium on desktop-stable-95-4196 to 95.0.4638.54\n - DNA-92384 Better segmenting of hint users\n - DNA-95523 Allow sorting in multi-card view\n - DNA-95659 Flow of Lastcard on first login\n - DNA-95735 Implement the button that reveals full card details\n - DNA-95747 Better way to handle expired funding card\n - DNA-95949 [Mac Retina] Clicking active tab should scroll to the top\n - DNA-95993 Update icon used for Yat in address bar dropdown\n - DNA-96021 Cleared download item view is never deleted\n - DNA-96036 Occupation field in 'Account \ufffd\ufffd\ufffd Edit' is shown twice\n - DNA-96127 Upgrade plan button does nothing\n - DNA-96138 \"Add Card\" button does not change to \"Upgrade Plan\" after\n adding card\n - The update to chromium 95.0.4638.54 fixes following issues:\n CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984,\n CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-2021-37988,\n CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-37992,\n CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996\n\n Update to version 80.0.4170.72\n\n - DNA-95522 Change card view to show all types of cards\n - DNA-95523 Allow sorting in multi-card view\n - DNA-95524 Allow searching for cards by name\n - DNA-95658 Allow user to add a card\n - DNA-95659 Flow of Lastcard on first login\n - DNA-95660 Implement editing card details\n - DNA-95699 Add card details view\n - DNA-95733 Implement the \ufffd\ufffd\ufffdManage\ufffd\ufffd\ufffd menu in card details view\n - DNA-95735 Implement the button that reveals full card details\n - DNA-95736 Update UI for paused card\n - DNA-95747 Better way to handle expired funding card\n - DNA-95794 Sometimes the sidebar UI fails to load\n - DNA-95812 Retrieve cards info when showing autofill\n - DNA-96036 Occupation field in \ufffd\ufffd\ufffdAccount \ufffd\ufffd\ufffd Edit\ufffd\ufffd\ufffd is shown twice\n - DNA-96127 Upgrade plan button does nothing\n - DNA-96138 \ufffd\ufffd\ufffdAdd Card\ufffd\ufffd\ufffd button does not change to \ufffd\ufffd\ufffdUpgrade Plan\ufffd\ufffd\ufffd\n after adding card\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-1489=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-11-19T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2021-11-19T00:00:00", "id": "OPENSUSE-SU-2021:1489-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSJTYYACW4ZIYYE5GRTELXFUOV6TOKYT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T10:39:22", "description": "An update that fixes 18 vulnerabilities is now available.\n\nDescription:\n\n This update for nodejs-electron fixes the following issues:\n\n - Fix webpack-4 with OpenSSL 3.0\n\n Update to version 16.0.9\n\n * https://github.com/electron/electron/releases/tag/v16.0.9\n\n Update to version 16.0.8\n\n * https://github.com/electron/electron/releases/tag/v16.0.8\n\n - Add devel package with node headers (e.g. for node-gyp)\n\n - Update to version 16.0.7\n\n * https://github.com/electron/electron/releases/tag/v16.0.7\n\n - Update to version 15.3.3\n\n * https://github.com/electron/electron/releases/tag/v15.3.3\n\n - Update to version 13.6.3\n https://github.com/electron/electron/releases/tag/v13.6.3\n\n - Update to version 13.6.2\n https://github.com/electron/electron/releases/tag/v13.6.2\n - Fix for CVE-2021-37998\n - Fix for CVE-2021-38001\n - Fix for CVE-2021-38002\n - Fix for CVE-2021-38003\n\n - Do not build with H264\n\n - Update to version 13.6.1\n https://github.com/electron/electron/releases/tag/v13.6.1\n - Fix for CVE-2021-37981\n - Fix for CVE-2021-37984\n - Fix for CVE-2021-37987\n - Fix for CVE-2021-37989\n - Fix for CVE-2021-37992\n - Fix for CVE-2021-37996\n\n - Update to version 13.5.1\n https://github.com/electron/electron/releases/tag/v13.5.1\n\n - Update to version 13.5.0\n https://github.com/electron/electron/releases/tag/v13.5.0\n - Fix for CVE-2021-30627\n - Fix for CVE-2021-30631\n - Fix for CVE-2021-30632\n - Fix for CVE-2021-30625\n - Fix for CVE-2021-30626\n - Fix for CVE-2021-30628\n - Fix for CVE-2021-30630\n - Fix for CVE-2021-30633\n\n - Version 13.4.0\n\n - Update to version 13.1.8\n * https://github.com/electron/electron/releases/tag/v13.1.8\n\n - Update to version 13.1.7\n * https://github.com/electron/electron/releases/tag/v13.1.7\n\n - Update to version 13.1.6\n * https://github.com/electron/electron/releases/tag/v13.1.6\n * https://github.com/electron/electron/releases/tag/v13.1.5\n\n - Update to version 13.1.4\n * https://github.com/electron/electron/releases/tag/v13.1.4\n * https://github.com/electron/electron/releases/tag/v13.1.3\n\n - Build with vaapi support\n\n - Install missing vk_swiftshader_icd.json\n\n - Update to version 13.1.2\n * https://github.com/electron/electron/releases/tag/v13.1.2\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-70=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-03-03T00:00:00", "type": "suse", "title": "Security update for nodejs-electron (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37981", "CVE-2021-37984", "CVE-2021-37987", "CVE-2021-37989", "CVE-2021-37992", "CVE-2021-37996", "CVE-2021-37998", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003"], "modified": "2022-03-03T00:00:00", "id": "OPENSUSE-SU-2022:0070-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G2JZKFAH5MWINMQLTSYZ2GQCLX5UGIGE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:48", "description": "An update that fixes 22 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 97.0.4692.99 (boo#1194919):\n\n * CVE-2022-0289: Use after free in Safe browsing\n * CVE-2022-0290: Use after free in Site isolation\n * CVE-2022-0291: Inappropriate implementation in Storage\n * CVE-2022-0292: Inappropriate implementation in Fenced Frames\n * CVE-2022-0293: Use after free in Web packaging\n * CVE-2022-0294: Inappropriate implementation in Push messaging\n * CVE-2022-0295: Use after free in Omnibox\n * CVE-2022-0296: Use after free in Printing\n * CVE-2022-0297: Use after free in Vulkan\n * CVE-2022-0298: Use after free in Scheduling\n * CVE-2022-0300: Use after free in Text Input Method Editor\n * CVE-2022-0301: Heap buffer overflow in DevTools\n * CVE-2022-0302: Use after free in Omnibox\n * CVE-2022-0303: Race in GPU Watchdog\n * CVE-2022-0304: Use after free in Bookmarks\n * CVE-2022-0305: Inappropriate implementation in Service Worker API\n * CVE-2022-0306: Heap buffer overflow in PDFium\n * CVE-2022-0307: Use after free in Optimization Guide\n * CVE-2022-0308: Use after free in Data Transfer\n * CVE-2022-0309: Inappropriate implementation in Autofill\n * CVE-2022-0310: Heap buffer overflow in Task Manager\n * CVE-2022-0311: Heap buffer overflow in Task Manager\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-19=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-24T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "modified": "2022-01-24T00:00:00", "id": "OPENSUSE-SU-2022:0019-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WXZCTLOB2POU23DZG3IW6R4QQB3Q2FON/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:59", "description": "An update that fixes 21 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 94.0.4606.54 (boo#1190765):\n\n * CVE-2021-37956: Use after free in Offline use\n * CVE-2021-37957: Use after free in WebGPU\n * CVE-2021-37958: Inappropriate implementation in Navigation\n * CVE-2021-37959: Use after free in Task Manager\n * CVE-2021-37960: Inappropriate implementation in Blink graphics\n * CVE-2021-37961: Use after free in Tab Strip\n * CVE-2021-37962: Use after free in Performance Manager\n * CVE-2021-37963: Side-channel information leakage in DevTools\n * CVE-2021-37964: Inappropriate implementation in ChromeOS Networking\n * CVE-2021-37965: Inappropriate implementation in Background Fetch API\n * CVE-2021-37966: Inappropriate implementation in Compositing\n * CVE-2021-37967: Inappropriate implementation in Background Fetch API\n * CVE-2021-37968: Inappropriate implementation in Background Fetch API\n * CVE-2021-37969: Inappropriate implementation in Google Updater\n * CVE-2021-37970: Use after free in File System API\n * CVE-2021-37971: Incorrect security UI in Web Browser UI\n * CVE-2021-37972: Out of bounds read in libjpeg-turbo\n\n Chromium 94.0.4606.61 (boo#1191166):\n\n * CVE-2021-37973: Use after free in Portals\n\n Chromium 94.0.4606.71 (boo#1191204):\n\n * CVE-2021-37974 : Use after free in Safe Browsing\n * CVE-2021-37975 : Use after free in V8\n * CVE-2021-37976 : Information leak in core\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1339=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-11T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976"], "modified": "2021-10-11T00:00:00", "id": "OPENSUSE-SU-2021:1339-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GDJ2M5H37726GXT3YZBJRSXV3JYGN7CL/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:59", "description": "An update that fixes 25 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 94.0.4606.81 (boo#1191463):\n\n * CVE-2021-37977: Use after free in Garbage Collection\n * CVE-2021-37978: Heap buffer overflow in Blink\n * CVE-2021-37979: Heap buffer overflow in WebRTC\n * CVE-2021-37980: Inappropriate implementation in Sandbox\n\n Chromium 94.0.4606.54 (boo#1190765):\n\n * CVE-2021-37956: Use after free in Offline use\n * CVE-2021-37957: Use after free in WebGPU\n * CVE-2021-37958: Inappropriate implementation in Navigation\n * CVE-2021-37959: Use after free in Task Manager\n * CVE-2021-37960: Inappropriate implementation in Blink graphics\n * CVE-2021-37961: Use after free in Tab Strip\n * CVE-2021-37962: Use after free in Performance Manager\n * CVE-2021-37963: Side-channel information leakage in DevTools\n * CVE-2021-37964: Inappropriate implementation in ChromeOS Networking\n * CVE-2021-37965: Inappropriate implementation in Background Fetch API\n * CVE-2021-37966: Inappropriate implementation in Compositing\n * CVE-2021-37967: Inappropriate implementation in Background Fetch API\n * CVE-2021-37968: Inappropriate implementation in Background Fetch API\n * CVE-2021-37969: Inappropriate implementation in Google Updater\n * CVE-2021-37970: Use after free in File System API\n * CVE-2021-37971: Incorrect security UI in Web Browser UI\n * CVE-2021-37972: Out of bounds read in libjpeg-turbo\n\n Chromium 94.0.4606.61 (boo#1191166):\n\n * CVE-2021-37973: Use after free in Portals\n\n Chromium 94.0.4606.71 (boo#1191204):\n\n * CVE-2021-37974 : Use after free in Safe Browsing\n * CVE-2021-37975 : Use after free in V8\n * CVE-2021-37976 : Information leak in core\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1350=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-12T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-10-12T00:00:00", "id": "OPENSUSE-SU-2021:1350-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:48", "description": "An update that fixes 24 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 97.0.4692.71 (boo#1194331):\n\n * CVE-2022-0096: Use after free in Storage\n * CVE-2022-0097: Inappropriate implementation in DevTools\n * CVE-2022-0098: Use after free in Screen Capture\n * CVE-2022-0099: Use after free in Sign-in\n * CVE-2022-0100: Heap buffer overflow in Media streams API\n * CVE-2022-0101: Heap buffer overflow in Bookmarks\n * CVE-2022-0102: Type Confusion in V8\n * CVE-2022-0103: Use after free in SwiftShader\n * CVE-2022-0104: Heap buffer overflow in ANGLE\n * CVE-2022-0105: Use after free in PDF\n * CVE-2022-0106: Use after free in Autofill\n * CVE-2022-0107: Use after free in File Manager API\n * CVE-2022-0108: Inappropriate implementation in Navigation\n * CVE-2022-0109: Inappropriate implementation in Autofill\n * CVE-2022-0110: Incorrect security UI in Autofill\n * CVE-2022-0111: Inappropriate implementation in Navigation\n * CVE-2022-0112: Incorrect security UI in Browser UI\n * CVE-2022-0113: Inappropriate implementation in Blink\n * CVE-2022-0114: Out of bounds memory access in Web Serial\n * CVE-2022-0115: Uninitialized Use in File API\n * CVE-2022-0116: Inappropriate implementation in Compositing\n * CVE-2022-0117: Policy bypass in Service Workers\n * CVE-2022-0118: Inappropriate implementation in WebShare\n * CVE-2022-0120: Inappropriate implementation in Passwords\n\n - Revert wayland fixes because it doesn't handle GPU correctly\n (boo#1194182)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-14=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-17T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120"], "modified": "2022-01-17T00:00:00", "id": "OPENSUSE-SU-2022:0014-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XW7HD7EA7DNOWMGKDOA6BCE6FBFET4WB/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:45", "description": "An update that fixes 93 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to 83.0.4254.27\n\n - CHR-8737 Update chromium on desktop-stable-97-4254 to 97.0.4692.99\n - DNA-96336 [Mac] Translate new network installer slogan\n - DNA-96678 Add battery level monitoring capability to powerSavePrivate\n - DNA-96939 Crash at\n opera::ExternalVideoService::MarkAsManuallyClosed()\n - DNA-97276 Enable #static-tab-audio-indicator on all streams\n\n - The update to chromium 97.0.4692.99 fixes following issues:\n CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292,\n CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296,\n CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301,\n CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306,\n CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310, CVE-2022-0311\n\n Update to 83.0.4254.19\n\n - DNA-96079 Turn on #automatic-video-popout on developer\n - DNA-97070 Opera 83 translations\n - DNA-97119 [LastCard] Stop showing used burner cards\n - DNA-97131 Enable automatic-video-popout on all streams from O84 on\n - DNA-97257 Crash at views::ImageButton::SetMinimumImageSize(gfx::Size\n const&)\n - DNA-97259 Promote O83 to stable\n\n - Complete Opera 83.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-83/\n\n - Update to 83.0.4254.16\n\n - DNA-96968 Fix alignment of the 'Advanced' button in Settings\n\n - Update to 83.0.4254.14\n\n - CHR-8701 Update chromium on desktop-stable-97-4254 to 97.0.4692.45\n - CHR-8713 Update chromium on desktop-stable-97-4254 to 97.0.4692.56\n - CHR-8723 Update chromium on desktop-stable-97-4254 to 97.0.4692.71\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96822 Tab close resize behavior change\n - DNA-96861 Create Loomi Options menu\n - DNA-96904 Support Win11 snap layout popup\n - DNA-96951 Tab close animation broken\n - DNA-96991 Tab X button doesn\ufffd\ufffd\ufffdt work correctly\n - DNA-97027 Incorrect tab size after tab close\n - The update to chromium 97.0.4692.71 fixes following issues:\n CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099,\n CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103,\n CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106,\n CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110,\n CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113,\n CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117,\n CVE-2022-0118, CVE-2022-0120\n\n - Update to version 82.0.4227.58\n\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96890 Settings default browser not working for current user on\n Windows 7\n\n - Update to version 82.0.4227.43\n\n - CHR-8705 Update chromium on desktop-stable-96-4227 to 96.0.4664.110\n - DNA-93284 Unstable\n obj/opera/desktop/common/installer_rc_generated/installer.res\n - DNA-95908 Interstitial/internal pages shown as NOT SECURE after\n visiting http site\n - DNA-96404 Opera doesn\ufffd\ufffd\ufffdt show on main screen when second screen is\n abruptly disconnected\n\n - The update to chromium 96.0.4664.110 fixes following issues:\n CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102\n\n - Update to version 82.0.4227.33\n\n - CHR-8689 Update chromium on desktop-stable-96-4227 to 96.0.4664.93\n - DNA-96559 Tooltip popup looks bad in dark theme\n - DNA-96570 [Player] Tidal logging in via PLAY doesn\ufffd\ufffd\ufffdt work\n - DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks\n - DNA-96649 Update Meme button\n - DNA-96676 Add Icon in the Sidebar Setup\n - DNA-96677 Add default URL\n - The update to chromium 96.0.4664.93 fixes following issues:\n CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054,\n CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057,\n CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062,\n CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066,\n CVE-2021-4067, CVE-2021-4068\n\n - Update to version 82.0.4227.23\n\n - DNA-95632 With new au-logic UUID is set with delay and may be not set\n for pb-builds (when closing fast)\n - DNA-96349 Laggy tooltip animation\n - DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap version\n for Opera 82\n - DNA-96493 Create 'small' enticement in credit card autofill\n - DNA-96533 Opera 82 translations\n - DNA-96535 Make the URL configurable\n - DNA-96553 Add switch to whitelist test pages\n - DNA-96557 Links not opened from panel\n - DNA-96558 AdBlock bloks some trackers inside the panel\n - DNA-96568 [Player] Tidal in sidebar Player opens wrong site when\n logging in\n - DNA-96659 Siteprefs not applied after network service crash\n - DNA-96593 Promote O82 to stable\n\n - Complete Opera 82.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-82/\n\n - Update to version 82.0.4227.13\n\n - CHR-8668 Update chromium on desktop-stable-96-4227 to 96.0.4664.45\n - DNA-76987 [Mac] Update desktop EULA with geolocation split\n - DNA-93388 Problem with symlinks on windows when creating file list\n - DNA-95734 Discarded Recently Closed items get revived after restart\n - DNA-96134 \"Your profile has been updated\" does not disappear\n - DNA-96190 Opera freezes when trying to drag expanded bookmark folder\n with nested subfolders\n - DNA-96223 Easy Files not working in Full Screen\n - DNA-96274 Checkout autofill shouldn't show used burner card\n - DNA-96275 Change the notification message for pausing multi-use cards\n - DNA-96295 \"Video pop out\" setting doesn't sync\n - DNA-96316 Highlight text wrong colour on dark mode\n - DNA-96326 Wrong translation Private Mode > Turkish\n - DNA-96351 macOS window controls are missing in full screen\n - DNA-96440 Update video URL\n - DNA-96448 add option to pin extension via rich hints\n - DNA-96453 Register user-chosen option on client-side, read on hint side\n - DNA-96454 Choosing an option from the settings menu should close the\n popup\n - DNA-96484 Enable AB test for a new autoupdater logic (for 50%)\n - DNA-96500 Add \"don't show me again\" prefs to allowed whitelist\n - DNA-96538 Inline audiocomplete for www.mediaexpert.pl incorrectly\n suggested\n - The update to chromium 96.0.4664.45 fixes following issues:\n CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008,\n CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012,\n CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016,\n CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021,\n CVE-2021-38022\n\n\n - Update to version 81.0.4196.54\n\n - CHR-8644 Update chromium on desktop-stable-95-4196 to 95.0.4638.69\n - DNA-95773 ExtensionWebRequestApiTest crashes on mac\n - DNA-96062 Opera 81 translations\n - DNA-96134 \ufffd\ufffd\ufffdYour profile has been updated\ufffd\ufffd\ufffd does not disappear\n - DNA-96274 Checkout autofill shouldn\ufffd\ufffd\ufffdt show used burner card\n - DNA-96275 Change the notification message for pausing multi-use cards\n - DNA-96440 Update video URL\n\n - The update to chromium 95.0.4638.69 fixes following issues:\n CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980,\n CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004\n\n - Update to version 81.0.4196.37\n\n - DNA-96008 Crash at\n content::WebContentsImpl::OpenURL(content::OpenURLParams const&)\n - DNA-96032 Closing the videoconference pop-up force leaving the meeting\n - DNA-96092 Crash at void\n opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result)\n - DNA-96142 [Yat] Emoji icon cut off in URL for Yat\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-47=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-02-21T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37980", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38004", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "modified": "2022-02-21T00:00:00", "id": "OPENSUSE-SU-2022:0047-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JVEGWNKSSGZPVVLVJKNT5ZEY54Z5RLV4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:04", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to version 78.0.4093.184\n\n - CHR-8533 Update chromium on desktop-stable-92-4093 to 92.0.4515.159\n - DNA-93472 Reattaching to other browsers\n - DNA-93741 Multiple hint slots\n - DNA-93742 Allow displaying unobtrusive external hints\n - DNA-93744 Add slots in toolbar action view\n - DNA-94230 Improve text contrast for Speed Dials\n - DNA-94724 [Mac] Add macOS dark theme wallpaper with easy setup\n - DNA-94786 Crash at base::SupportsUserData:: SetUserData(void const*,\n std::__1::unique_ptr)\n - DNA-94807 Allow scripts access opera version and product info\n - DNA-94862 Continue on shopping Amazon doesn\ufffd\ufffd\ufffdt work correct\n - DNA-94870 Add an addonsPrivate function to install with permissions\n dialog first\n - DNA-95064 Revert DNA-93714 on stable\n - The update to chromium 92.0.4515.159 fixes following issues:\n CVE-2021-30598, CVE-2021-30599, CVE-2021-30600, CVE-2021-30601,\n CVE-2021-30602, CVE-2021-30603, CVE-2021-30604\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-1221=1\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-1221=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-03T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604"], "modified": "2021-09-03T00:00:00", "id": "OPENSUSE-SU-2021:1221-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AONJYVX4FYNEW6Z2RBON633JUD667L7M/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T19:34:23", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 95.0.4638.69 (boo#1192184):\n\n * CVE-2021-37997: Use after free in Sign-In\n * CVE-2021-37998: Use after free in Garbage Collection\n * CVE-2021-37999: Insufficient data validation in New Tab Page\n * CVE-2021-38000: Insufficient validation of untrusted input in Intents\n * CVE-2021-38001: Type Confusion in V8\n * CVE-2021-38002: Use after free in Web Transport\n * CVE-2021-38003: Inappropriate implementation in V8\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1462=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1462=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-11-08T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003"], "modified": "2021-11-08T00:00:00", "id": "OPENSUSE-SU-2021:1462-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LILU2Q77SAPFWPTS2P4ZOLY6WZ3NJCJN/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T21:00:55", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 92.0.4515.159 (boo#1189490):\n\n * CVE-2021-30598: Type Confusion in V8\n * CVE-2021-30599: Type Confusion in V8\n * CVE-2021-30600: Use after free in Printing\n * CVE-2021-30601: Use after free in Extensions API\n * CVE-2021-30602: Use after free in WebRTC\n * CVE-2021-30603: Race in WebAudio\n * CVE-2021-30604: Use after free in ANGLE\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1172=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-21T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604"], "modified": "2021-08-21T00:00:00", "id": "OPENSUSE-SU-2021:1172-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A6WKS2BLZ2TY63ZSCC2NAODDOSDSPKTN/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:10", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 92.0.4515.159 (boo#1189490):\n\n * CVE-2021-30598: Type Confusion in V8\n * CVE-2021-30599: Type Confusion in V8\n * CVE-2021-30600: Use after free in Printing\n * CVE-2021-30601: Use after free in Extensions API\n * CVE-2021-30602: Use after free in WebRTC\n * CVE-2021-30603: Race in WebAudio\n * CVE-2021-30604: Use after free in ANGLE\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1180=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-23T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604"], "modified": "2021-08-23T00:00:00", "id": "OPENSUSE-SU-2021:1180-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLKBL5CUVIWVYXUEMSQDAWNVPLFIWUZE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:59", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to version 79.0.4143.50\n\n - CHR-8571 Update chromium on desktop-stable-93-4143 to 93.0.4577.82\n - DNA-94104 ContinueShoppingOnEbayBrowserTest.ShouldDisplayOffers\n TilesStartingWithMostActiveOnes fails\n - DNA-94894 [Rich Hint] Agent API permissions\n - DNA-94989 Wrong color and appearance of subpages in the settings\n - DNA-95241 \ufffd\ufffd\ufffdSwitch to tab\ufffd\ufffd\ufffd button is visible only on hover\n - DNA-95286 Add unit tests to pinboard sync related logic in browser\n - DNA-95372 [Mac retina screen] Snapshot doesnt capture cropped area\n - DNA-95526 Some webstore extensions are not verified properly\n - The update to chromium 93.0.4577.82 fixes following issues:\n CVE-2021-30625, CVE-2021-30626, CVE-2021-30627, CVE-2021-30628,\n CVE-2021-30629, CVE-2021-30630, CVE-2021-30631, CVE-2021-30632,\n CVE-2021-30633\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-1330=1\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-1330=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-04T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-10-04T00:00:00", "id": "OPENSUSE-SU-2021:1330-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/32OSJUOT5EKYB352W3UZ3NLUB6N4FXCT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T21:00:55", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to version 78.0.4093.147\n\n - CHR-8251 Update chromium on desktop-stable-92-4093 to 92.0.4515.131\n - DNA-93036 Opera not starting after closing window. Processes still\n working.\n - DNA-94516 Add \ufffd\ufffd\ufffdDetach tab\ufffd\ufffd\ufffd entry to tab menu\n - DNA-94584 [Mac] Sidebar setup not closed after press \ufffd\ufffd\ufffdAdd\n extensions\ufffd\ufffd\ufffd button\n - DNA-94761 Crash when trying to record \ufffd\ufffd\ufffdChrome developer\ufffd\ufffd\ufffd trace\n - DNA-94790 Crash at opera::VideoConferenceTabDetachController::\n OnBrowserAboutToStartClosing(Browser*)\n - The update to chromium 92.0.4515.131 fixes following issues:\n CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593,\n CVE-2021-30594, CVE-2021-30596, CVE-2021-30597\n\n Update to version 78.0.4093.112\n\n - DNA-94466 Implement sorting Pinboards in overview\n - DNA-94582 Add access to APIs for showing pinboard icon in sidebar\n - DNA-94603 Suspicious pinboards events\n - DNA-94625 Disable opr.pinboardPrivate.getThumbnail() for local files\n - DNA-94640 Promote O78 to stable\n - DNA-94661 Missing translations for some languages\n - Complete Opera 78.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-78/\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-1209=1\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-1209=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-30T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2021-08-30T00:00:00", "id": "OPENSUSE-SU-2021:1209-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6VAM7DBKPG7SO56B3HM7RJ5NXFLCFPWT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T17:58:07", "description": "An update that fixes 241 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to 85.0.4341.28\n\n - CHR-8816 Update chromium on desktop-stable-99-4341 to 99.0.4844.84\n - DNA-98092 Crash at views::MenuItemView::GetMenuController()\n - DNA-98278 Translations for O85\n - DNA-98320 [Mac] Unable to delete recent search entries\n - DNA-98614 Show recent searches for non-BABE users\n - DNA-98615 Allow removal of recent searches\n - DNA-98616 Add recent searches to \ufffd\ufffd\ufffdold\ufffd\ufffd\ufffd BABE\n - DNA-98617 Make it possible to disable ad-blocker per-country\n - DNA-98651 Remove Instagram and Facebook Messenger in Russia\n - DNA-98653 Add flag #recent-searches\n - DNA-98696 smoketest\n PageInfoHistoryDataSourceTest.FormatTimestampString failing\n - DNA-98703 Port Chromium issue 1309225 to Opera Stable\n\n - The update to chromium 99.0.4844.84 fixes following issues: CVE-2022-1096\n - Changes in 85.0.4341.18\n\n - CHR-8789 Update chromium on desktop-stable-99-4341 to 99.0.4844.51\n - DNA-98059 [Linux] Crash at\n opera::FreedomSettingsImpl::IsBypassForDotlessDomainsEnabled\n - DNA-98349 [Linux] Crash at bluez::BluezDBusManager::Get()\n - DNA-98126 System crash dialog shown on macOS <= 10.15\n - DNA-98331 [Snap] Meme generator cropping / resizing broken\n - DNA-98394 Audio tab indicator set to \"muted\" on videoconferencing sites\n - DNA-98481 Report errors in opauto_collector\n - The update to chromium 99.0.4844.51 fixes following issues:\n CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792,\n CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796,\n CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800,\n CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804,\n CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809\n\n - Changes in 85.0.4341.13\n\n - DNA-94119 Upgrade curl to 7.81.0\n - DNA-97849 [Mac monterey] System shortcut interfere with Opera\ufffd\ufffd\ufffds\n `ToggleSearchInOpenTabs` shortcut\n - DNA-98204 Automatic popout happens when video is paused\n - DNA-98231 Shortcuts are blocked by displayed tab tooltip when\n triggered quickly after tooltip appears\n - DNA-98321 Add thinlto-cache warnings to suppression list\n - DNA-98395 Promote O85 to stable\n\n - Complete Opera 85.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-85/\n\n - Update to 84.0.4316.42\n\n - DNA-94119 Upgrade curl to 7.81.0\n - DNA-98092 Crash at views::MenuItemView::GetMenuController()\n - DNA-98204 Automatic popout happens when video is paused\n - DNA-98231 Shortcuts are blocked by displayed tab tooltip when\n triggered quickly after tooltip appears\n\n - Update to 84.0.4316.31\n - CHR-8772 Update chromium on desktop-stable-98-4316 to 98.0.4758.109\n - DNA-97573 [Win][Lin]\ufffd\ufffd\ufffdClose tab\ufffd\ufffd\ufffd button is not displayed on tabs\n playing media when many tabs are open\n - DNA-97729 cancelling the process uploading custom Wallpaper crashes\n the browser\n - DNA-97871 Google meet tab\ufffd\ufffd\ufffds icons don\ufffd\ufffd\ufffdt fit on pinned tab\n - DNA-97872 Tab is being unpinned when video conferencing button is\n clicked\n - DNA-98039 Dark theme top sites have black background\n - DNA-98117 Clicking current tab information should hide tooltip\n\n - Update to 84.0.4316.21\n - CHR-8762 Update chromium on desktop-stable-98-4316 to 98.0.4758.102\n - DNA-97333 \ufffd\ufffd\ufffdAdd a site\ufffd\ufffd\ufffd label on start page tile barely visible\n - DNA-97691 Opera 84 translations\n - DNA-97767 Wrong string in FR\n - DNA-97855 Crash at ScopedProfileKeepAlive::~ScopedProfileKeepAlive()\n - DNA-97982 Enable #snap-upstream-implementation on all streams\n - The update to chromium 98.0.4758.102 fixes following issues:\n CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606,\n CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610\n\n - Update to 84.0.4316.14\n - CHR-8753 Update chromium on desktop-stable-98-4316 to 98.0.4758.82\n - DNA-97177 Battery saver \ufffd\ufffd\ufffd the icon looks bad for DPI!=100%\n - DNA-97614 automatic video pop-out for most popular websites\n broadcasting Winter Olympic Games 2022\n - DNA-97804 Promote O84 to stable\n - The update to chromium 98.0.4758.82 fixes following issues:\n CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455,\n CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459,\n CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463,\n CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467,\n CVE-2022-0468, CVE-2022-0469, CVE-2022-0470\n - Complete Opera 84.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-84/\n\n - Update to 83.0.4254.54\n - DNA-96581 Fast tab tooltip doesn\ufffd\ufffd\ufffdt always show related sites with\n scrollable tab strip\n - DNA-96608 Cannot drag a tab to create a new window\n - DNA-96657 Do not make tab tooltip hoverable if there\ufffd\ufffd\ufffds no list of\n tabs\n - DNA-97291 Crash at\n opera::flow::FlowSessionImpl::RegisterDevice(base::OnceCallback)\n - DNA-97468 Incorrect number of restored tabs when video-popout is\n detached\n - DNA-97476 Add retry to stapling during signing\n - DNA-97609 Failing MetricsReporterTest.TimeSpent* smoketests\n\n - Update to 83.0.4254.27\n - CHR-8737 Update chromium on desktop-stable-97-4254 to 97.0.4692.99\n - DNA-96336 [Mac] Translate new network installer slogan\n - DNA-96678 Add battery level monitoring capability to powerSavePrivate\n - DNA-96939 Crash at\n opera::ExternalVideoService::MarkAsManuallyClosed()\n - DNA-97276 Enable #static-tab-audio-indicator on all streams\n - The update to chromium 97.0.4692.99 fixes following issues:\n CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292,\n CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296,\n CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301,\n CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306,\n CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310, CVE-2022-0311\n\n - Update to 83.0.4254.19\n - DNA-96079 Turn on #automatic-video-popout on developer\n - DNA-97070 Opera 83 translations\n - DNA-97119 [LastCard] Stop showing used burner cards\n - DNA-97131 Enable automatic-video-popout on all streams from O84 on\n - DNA-97257 Crash at views::ImageButton::SetMinimumImageSize(gfx::Size\n const&)\n - DNA-97259 Promote O83 to stable\n - Complete Opera 83.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-83/\n - Update to 83.0.4254.16\n - DNA-96968 Fix alignment of the 'Advanced' button in Settings\n - Update to 83.0.4254.14\n - CHR-8701 Update chromium on desktop-stable-97-4254 to 97.0.4692.45\n - CHR-8713 Update chromium on desktop-stable-97-4254 to 97.0.4692.56\n - CHR-8723 Update chromium on desktop-stable-97-4254 to 97.0.4692.71\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96822 Tab close resize behavior change\n - DNA-96861 Create Loomi Options menu\n - DNA-96904 Support Win11 snap layout popup\n - DNA-96951 Tab close animation broken\n - DNA-96991 Tab X button doesn\ufffd\ufffd\ufffdt work correctly\n - DNA-97027 Incorrect tab size after tab close\n - The update to chromium 97.0.4692.71 fixes following issues:\n CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099,\n CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103,\n CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106,\n CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110,\n CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113,\n CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117,\n CVE-2022-0118, CVE-2022-0120\n\n - Update to version 82.0.4227.58\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96890 Settings default browser not working for current user on\n Windows 7\n\n - Update to version 82.0.4227.43\n - CHR-8705 Update chromium on desktop-stable-96-4227 to 96.0.4664.110\n - DNA-93284 Unstable\n obj/opera/desktop/common/installer_rc_generated/installer.res\n - DNA-95908 Interstitial/internal pages shown as NOT SECURE after\n visiting http site\n - DNA-96404 Opera doesn\ufffd\ufffd\ufffdt show on main screen when second screen is\n abruptly disconnected\n - The update to chromium 96.0.4664.110 fixes following issues:\n CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102\n\n - Update to version 82.0.4227.33\n - CHR-8689 Update chromium on desktop-stable-96-4227 to 96.0.4664.93\n - DNA-96559 Tooltip popup looks bad in dark theme\n - DNA-96570 [Player] Tidal logging in via PLAY doesn\ufffd\ufffd\ufffdt work\n - DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks\n - DNA-96649 Update Meme button\n - DNA-96676 Add Icon in the Sidebar Setup\n - DNA-96677 Add default URL\n - The update to chromium 96.0.4664.93 fixes following issues:\n CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054,\n CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057,\n CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062,\n CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066,\n CVE-2021-4067, CVE-2021-4068\n\n - Update to version 82.0.4227.23\n - DNA-95632 With new au-logic UUID is set with delay and may be not set\n for pb-builds (when closing fast)\n - DNA-96349 Laggy tooltip animation\n - DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap version\n for Opera 82\n - DNA-96493 Create 'small' enticement in credit card autofill\n - DNA-96533 Opera 82 translations\n - DNA-96535 Make the URL configurable\n - DNA-96553 Add switch to whitelist test pages\n - DNA-96557 Links not opened from panel\n - DNA-96558 AdBlock bloks some trackers inside the panel\n - DNA-96568 [Player] Tidal in sidebar Player opens wrong site when\n logging in\n - DNA-96659 Siteprefs not applied after network service crash\n - DNA-96593 Promote O82 to stable\n - Complete Opera 82.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-82/\n - Update to version 82.0.4227.13\n - CHR-8668 Update chromium on desktop-stable-96-4227 to 96.0.4664.45\n - DNA-76987 [Mac] Update desktop EULA with geolocation split\n - DNA-93388 Problem with symlinks on windows when creating file list\n - DNA-95734 Discarded Recently Closed items get revived after restart\n - DNA-96134 \"Your profile has been updated\" does not disappear\n - DNA-96190 Opera freezes when trying to drag expanded bookmark folder\n with nested subfolders\n - DNA-96223 Easy Files not working in Full Screen\n - DNA-96274 Checkout autofill shouldn't show used burner card\n - DNA-96275 Change the notification message for pausing multi-use cards\n - DNA-96295 \"Video pop out\" setting doesn't sync\n - DNA-96316 Highlight text wrong colour on dark mode\n - DNA-96326 Wrong translation Private Mode > Turkish\n - DNA-96351 macOS window controls are missing in full screen\n - DNA-96440 Update video URL\n - DNA-96448 add option to pin extension via rich hints\n - DNA-96453 Register user-chosen option on client-side, read on hint side\n - DNA-96454 Choosing an option from the settings menu should close the\n popup\n - DNA-96484 Enable AB test for a new autoupdater logic (for 50%)\n - DNA-96500 Add \"don't show me again\" prefs to allowed whitelist\n - DNA-96538 Inline audiocomplete for www.mediaexpert.pl incorrectly\n suggested\n - The update to chromium 96.0.4664.45 fixes following issues:\n CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008,\n CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012,\n CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016,\n CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021,\n CVE-2021-38022\n\n\n - Update to version 81.0.4196.54\n - CHR-8644 Update chromium on desktop-stable-95-4196 to 95.0.4638.69\n - DNA-95773 ExtensionWebRequestApiTest crashes on mac\n - DNA-96062 Opera 81 translations\n - DNA-96134 \ufffd\ufffd\ufffdYour profile has been updated\ufffd\ufffd\ufffd does not disappear\n - DNA-96274 Checkout autofill shouldn\ufffd\ufffd\ufffdt show used burner card\n - DNA-96275 Change the notification message for pausing multi-use cards\n - DNA-96440 Update video URL\n - The update to chromium 95.0.4638.69 fixes following issues:\n CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980,\n CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004\n - Update to version 81.0.4196.37\n - DNA-96008 Crash at\n content::WebContentsImpl::OpenURL(content::OpenURLParams const&)\n - DNA-96032 Closing the videoconference pop-up force leaving the meeting\n - DNA-96092 Crash at void\n opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result)\n - DNA-96142 [Yat] Emoji icon cut off in URL for Yat\n\n - Update to version 81.0.4196.31\n - DNA-95733 Implement the \ufffd\ufffd\ufffdManage\ufffd\ufffd\ufffd menu in card details view\n - DNA-95736 Update UI for paused card\n - DNA-95791 Crash at base::operator<\n - DNA-95794 Sometimes the sidebar UI fails to load\n - DNA-95812 Retrieve cards info when showing autofill\n - DNA-96035 Cannot create virtual card on Sandbox environment\n - DNA-96147 \ufffd\ufffd\ufffdBuy\ufffd\ufffd\ufffd button does not work\n - DNA-96168 Update contributors list\n - DNA-96211 Enable #fast-tab-tooltip on all streams\n - DNA-96231 Promote O81 to stable\n - Complete Opera 80.1 changelog at:\n https://blogs.opera.com/desktop/changelog-for-81/\n - Update to version 81.0.4196.27\n - CHR-8623 Update chromium on desktop-stable-95-4196 to 95.0.4638.54\n - DNA-92384 Better segmenting of hint users\n - DNA-95523 Allow sorting in multi-card view\n - DNA-95659 Flow of Lastcard on first login\n - DNA-95735 Implement the button that reveals full card details\n - DNA-95747 Better way to handle expired funding card\n - DNA-95949 [Mac Retina] Clicking active tab should scroll to the top\n - DNA-95993 Update icon used for Yat in address bar dropdown\n - DNA-96021 Cleared download item view is never deleted\n - DNA-96036 Occupation field in 'Account \ufffd\ufffd\ufffd Edit' is shown twice\n - DNA-96127 Upgrade plan button does nothing\n - DNA-96138 \"Add Card\" button does not change to \"Upgrade Plan\" after\n adding card\n - The update to chromium 95.0.4638.54 fixes following issues:\n CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984,\n CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-2021-37988,\n CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-37992,\n CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996\n\n - Update to version 80.0.4170.72\n - DNA-95522 Change card view to show all types of cards\n - DNA-95523 Allow sorting in multi-card view\n - DNA-95524 Allow searching for cards by name\n - DNA-95658 Allow user to add a card\n - DNA-95659 Flow of Lastcard on first login\n - DNA-95660 Implement editing card details\n - DNA-95699 Add card details view\n - DNA-95733 Implement the \ufffd\ufffd\ufffdManage\ufffd\ufffd\ufffd menu in card details view\n - DNA-95735 Implement the button that reveals full card details\n - DNA-95736 Update UI for paused card\n - DNA-95747 Better way to handle expired funding card\n - DNA-95794 Sometimes the sidebar UI fails to load\n - DNA-95812 Retrieve cards info when showing autofill\n - DNA-96036 Occupation field in \ufffd\ufffd\ufffdAccount \ufffd\ufffd\ufffd Edit\ufffd\ufffd\ufffd is shown twice\n - DNA-96127 Upgrade plan button does nothing\n - DNA-96138 \ufffd\ufffd\ufffdAdd Card\ufffd\ufffd\ufffd button does not change to \ufffd\ufffd\ufffdUpgrade Plan\ufffd\ufffd\ufffd\n after adding card\n\n - Update to version 80.0.4170.63\n - CHR-8612 Update chromium on desktop-stable-94-4170 to 94.0.4606.81\n - DNA-95434 Crash at opera::ThemesService::UpdateCurrentTheme()\n - The update to chromium 94.0.4606.81 fixes following issues:\n CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980\n\n - Update to version 80.0.4170.40\n - CHR-8598 Update chromium on desktop-stable-94-4170 to 94.0.4606.71\n - DNA-95221 Emoji button stuck in address bar\n - DNA-95325 Make y.at navigations to be reported with page_views events\n - DNA-95327 Add \ufffd\ufffd\ufffdEmojis\ufffd\ufffd\ufffd context menu option in address bar field\n - DNA-95339 Add YAT emoji url suggestion to search\ufffd\ufffd dialog\n - DNA-95416 Remove emoji button from address bar\n - DNA-95439 Enable #yat-emoji-addresses on developer stream\n - DNA-95441 [Mac big sur] Emoji are not shown in address bar url\n - DNA-95514 Crash at resource_coordinator::TabLifecycleUnitSource\n ::TabLifecycleUnit::OnLifecycleUnitStateChanged(mojom::\n LifecycleUnitState, mojom::LifecycleUnitStateChangeReason)\n - DNA-95746 Enable #reader-mode everywhere\n - DNA-95865 Numbers are recognized as emojis\n - DNA-95866 Change Yat text in selection popup\n - DNA-95867 Show that buttons are clickable in selection popup\n - The update to chromium 94.0.4606.71 fixes following issues:\n CVE-2021-37974, CVE-2021-37975, CVE-2021-37976\n\n - Update to version 80.0.4170.16\n - CHR-8590 Update chromium on desktop-stable-94-4170 to 94.0.4606.61\n - DNA-95347 Make InstallerStep::Run async\n - DNA-95420 First suggestion in address field is often not highlighted\n - DNA-95613 Browser closing itself after closing SD/first tab and last\n opened tab\n - DNA-95725 Promote O80 to stable\n - DNA-95781 Import fixes for CVE-2021-37975, CVE-2021-37976 and\n CVE-2021-37974 to desktop-stable-94-4170\n - Complete Opera 80.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-80/\n - Drop Provides/Obsoletes for opera-gtk and opera-kde4\n opera-gtk and opera-kde4 were last used in openSUSE 13.1\n - Drop post/postun for desktop_database_post and icon_theme_cache_post\n because were last used before\n openSUSE 15.0\n\n - Update to version 79.0.4143.72\n - DNA-94933 Add emoji panel to address bar\n - DNA-95210 Add emoji YAT address bar suggestions\n - DNA-95221 Emoji button stuck in address bar\n - DNA-95325 Make y.at navigations to be reported with page_views events\n - DNA-95327 Add \ufffd\ufffd\ufffdEmojis\ufffd\ufffd\ufffd context menu option in address bar field\n - DNA-95339 Add YAT emoji url suggestion to search\ufffd\ufffd dialog\n - DNA-95364 Add browser feature flag\n - DNA-95416 Remove emoji button from address bar\n - DNA-95439 Enable #yat-emoji-addresses on developer stream\n - DNA-95441 [Mac big sur] Emoji are not shown in address bar url\n - DNA-95445 Crash when removing unsynced pinboard bookmark with sync\n enabled\n - DNA-95512 Allow to show title and timer for simple banners\n - DNA-95516 Wrong label in settings for themes\n - DNA-95679 Temporarily disable AB test for a new autoupdater logic\n\n - Update to version 79.0.4143.50\n - CHR-8571 Update chromium on desktop-stable-93-4143 to 93.0.4577.82\n - DNA-94104 ContinueShoppingOnEbayBrowserTest.ShouldDisplayOffers\n TilesStartingWithMostActiveOnes fails\n - DNA-94894 [Rich Hint] Agent API permissions\n - DNA-94989 Wrong color and appearance of subpages in the settings\n - DNA-95241 \ufffd\ufffd\ufffdSwitch to tab\ufffd\ufffd\ufffd button is visible only on hover\n - DNA-95286 Add unit tests to pinboard sync related logic in browser\n - DNA-95372 [Mac retina screen] Snapshot doesnt capture cropped area\n - DNA-95526 Some webstore extensions are not verified properly\n - The update to chromium 93.0.4577.82 fixes following issues:\n CVE-2021-30625, CVE-2021-30626, CVE-2021-30627, CVE-2021-30628,\n CVE-2021-30629, CVE-2021-30630, CVE-2021-30631, CVE-2021-30632,\n CVE-2021-30633\n\n - Update to version 79.0.4143.22\n - CHR-8550 Update chromium on desktop-stable-93-4143 to 93.0.4577.58\n - CHR-8557 Update chromium on desktop-stable-93-4143 to 93.0.4577.63\n - DNA-94641 [Linux] Proprietary media codecs not working in snap builds\n - DNA-95076 [Linux] Page crash with media content\n - DNA-95084 [Mac] Cannot quit through menu with snapshot editor open\n - DNA-95138 Add setting to synchronize Pinboards\n - DNA-95157 Crash at -[OperaCrApplication sendEvent:]\n - DNA-95204 Opera 79 translations\n - DNA-95240 The pinboard thumbnail cannot be generated anymore\n - DNA-95278 Existing Pinboards might be missing\n - DNA-95292 Enable #bookmarks-trash-cleaner on all streams\n - DNA-95293 Enable #easy-files-downloads-folder on all streams\n - DNA-95383 Promote O79 to stable\n - Complete Opera 79.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-79/\n - The update to chromium 93.0.4577.58 fixes following issues:\n CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609,\n CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613,\n CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617,\n CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621,\n CVE-2021-30622, CVE-2021-30623, CVE-2021-30624\n\n - Update to version 78.0.4093.184\n - CHR-8533 Update chromium on desktop-stable-92-4093 to 92.0.4515.159\n - DNA-93472 Reattaching to other browsers\n - DNA-93741 Multiple hint slots\n - DNA-93742 Allow displaying unobtrusive external hints\n - DNA-93744 Add slots in toolbar action view\n - DNA-94230 Improve text contrast for Speed Dials\n - DNA-94724 [Mac] Add macOS dark theme wallpaper with easy setup\n - DNA-94786 Crash at base::SupportsUserData:: SetUserData(void const*,\n std::__1::unique_ptr)\n - DNA-94807 Allow scripts access opera version and product info\n - DNA-94862 Continue on shopping Amazon doesn\ufffd\ufffd\ufffdt work correct\n - DNA-94870 Add an addonsPrivate function to install with permissions\n dialog first\n - DNA-95064 Revert DNA-93714 on stable\n - The update to chromium 92.0.4515.159 fixes following issues:\n CVE-2021-30598, CVE-2021-30599, CVE-2021-30600, CVE-2021-30601,\n CVE-2021-30602, CVE-2021-30603, CVE-2021-30604\n\n\n - Update to version 78.0.4093.147\n - CHR-8251 Update chromium on desktop-stable-92-4093 to 92.0.4515.131\n - DNA-93036 Opera not starting after closing window. Processes still\n working.\n - DNA-94516 Add \ufffd\ufffd\ufffdDetach tab\ufffd\ufffd\ufffd entry to tab menu\n - DNA-94584 [Mac] Sidebar setup not closed after press \ufffd\ufffd\ufffdAdd\n extensions\ufffd\ufffd\ufffd button\n - DNA-94761 Crash when trying to record \ufffd\ufffd\ufffdChrome developer\ufffd\ufffd\ufffd trace\n - DNA-94790 Crash at opera::VideoConferenceTabDetachController::\n OnBrowserAboutToStartClosing(Browser*)\n - The update to chromium 92.0.4515.131 fixes following issues:\n CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593,\n CVE-2021-30594, CVE-2021-30596, CVE-2021-30597\n\n - Update to version 78.0.4093.112\n - DNA-94466 Implement sorting Pinboards in overview\n - DNA-94582 Add access to APIs for showing pinboard icon in sidebar\n - DNA-94603 Suspicious pinboards events\n - DNA-94625 Disable opr.pinboardPrivate.getThumbnail() for local files\n - DNA-94640 Promote O78 to stable\n - DNA-94661 Missing translations for some languages\n - Complete Opera 78.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-78/\n\n - Update to version 77.0.4054.277\n - CHR-8502 Update chromium on desktop-stable-91-4054 to 91.0.4472.164\n - DNA-94291 Video conference popout doesnt remember its size after\n resizing\n - DNA-94399 Incorrect icon for wp.pl in address bar dropdown\n - DNA-94462 Low quality of default wallpaper on windows\n - The update to chromium 91.0.4472.164 fixes following issues:\n CVE-2021-30541, CVE-2021-30560, CVE-2021-30561, CVE-2021-30562,\n CVE-2021-30563, CVE-2021-30564\n\n - Update to version 77.0.4054.254\n - DNA-92344 Windows 10 Implementation\n - DNA-92486 Replace \ufffd\ufffd\ufffd icon with \ufffd\ufffd\ufffdsettings\ufffd\ufffd\ufffd icon\n - DNA-92487 Close individual item\n - DNA-92496 Create separate entry in settings for BABE\n - DNA-93275 Implement cycles size according to design\n - DNA-93280 The system theme has only half a checkmark\n - DNA-93728 Whatsapp notification is not refreshed\n - DNA-94047 Remove pinboard WebUI integration\n - DNA-94118 Write test for ThumbnailTabHelper changes in DNA-94100\n - DNA-94120 Fix Welcome popup layout\n - DNA-94140 Crash at base::TaskRunner ::PostTask(base::Location const&,\n base::OnceCallback)\n - DNA-94205 Consider setting pinboard display URL in\n address_field_helper.cc\n - DNA-94211 Easy Files don\ufffd\ufffd\ufffdt show thumbnails\n - DNA-94309 Pinboards URLs don\ufffd\ufffd\ufffdt get lighter color treatment\n - DNA-94318 Wrong \ufffd\ufffd\ufffdTransparency\ufffd\ufffd\ufffd word translation in Swedish\n - DNA-94321 AB test: google suggestions on top \ufffd\ufffd\ufffd bigger test\n - DNA-94341 Make pinboard popup testable on web page\n - DNA-94381 Disabling Pinboards doesn\ufffd\ufffd\ufffdt remove item from menu / sidebar\n - DNA-94392 Add u2f-devices interface to snap packages\n - DNA-94461 Enable #system-theme on all streams\n\n - Update to version 77.0.4054.203\n - CHR-8475 Update chromium on desktop-stable-91-4054 to 91.0.4472.124\n - DNA-93523 Crash at extensions::TabHelper::WebContentsDestroyed()\n - DNA-93917 Upload snap to edge while preparing repository package\n - DNA-94157 Crash at gfx::ICCProfile::operator=(gfx::ICCProfile const&)\n - DNA-94159 Crash at\n opera::auth::AuthAccountServiceImpl::GetAuthAccount()\n - DNA-94161 [Add tabs]Unexpected symbols instead of Workspace name\n - DNA-94241 Implement better process killing for timeout\n - DNA-94248 Allow retry on tests that timed-out\n - DNA-94251 heap-use-after-free in VideoConference\n - DNA-94315 Crash at class std::__1::basic_string ui::ResourceBundle::\n LoadLocaleResources(const class std::__1::basic_string& const, bool)\n - DNA-94357 Fix issue in scripts\n\n - Update to version 77.0.4054.172\n - DNA-93078 Do not display \ufffd\ufffd\ufffdshare tab\ufffd\ufffd\ufffd sliding toolbar on detached\n tab\n - DNA-93358 The red underline extends beyond the Google meets conference\n tab outline\n - DNA-93404 Crash in test when destroying BABE\ufffd\ufffd\ufffds webcontents\n - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers\n - DNA-93661 Add opauto test to cover new shortcut from DNA-93637\n - DNA-93867 Use version from package instead of repository\n - DNA-93993 Pinboard translations from Master\n - DNA-94099 Increase new-autoupdater-logic AB test to cover 50% of new\n installations\n - DNA-94100 Thumbnail doesn\ufffd\ufffd\ufffdt update\n - DNA-94178 Automatic popout should not happen after manually closing a\n popout\n\n - Update to version 77.0.4054.146\n - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114\n - DNA-92171 Create active linkdiscovery service\n - DNA-92388 Fix and unskip\n WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible\n - DNA-93101 Tabs are being snoozed when tab snoozing is disabled\n - DNA-93386 Update pinboard view when item changes\n - DNA-93448 Make browser ready for Developer release\n - DNA-93491 Fix failing tests after enabling #pinboard flag\n - DNA-93498 Add additional music services\n - DNA-93503 Blank popup on clicking toolbar icon with popup open\n - DNA-93561 Do not allow zoom different from 100% in Pinboard popup\n - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers\n - DNA-93644 Create route for `import open tabs` to `pinboard`\n - DNA-93664 Adapt popup to design\n - DNA-93702 Turn on flags on developer\n - DNA-93737 [Pinboard] Remove Mock API\n - DNA-93745 Unable to open the popup after opening it several times\n - DNA-93776 Popup closes and reopens when clicking the toolbar button\n - DNA-93786 DCHECK after opening popup\n - DNA-93802 Crash at views::Widget::GetNativeView() const\n - DNA-93810 Add pinboard icon to sidebar\n - DNA-93825 Add pinboard to Opera menu\n - DNA-93833 [Player] Implement seeking for new services\n - DNA-93845 Do not log output of snapcraft on console\n - DNA-93864 Create feature flag for start page sync banner\n - DNA-93865 Implement start page banner\n - DNA-93867 Use version from package instead of repository\n - DNA-93878 [Player] Crash when current player service becomes\n unavailable when user location changes\n - DNA-93953 \ufffd\ufffd\ufffdSend image to Pinboard\ufffd\ufffd\ufffd has the wrong position in the\n context menu\n - DNA-93987 Disable zooming popup contents like in other popups\n - DNA-93989 Change internal URL to opera://pinboards\n - DNA-93990 Update strings to reflect new standards\n - DNA-93992 Add Pinboards to Opera settings\n - DNA-93993 Pinboard translations from Master\n - DNA-94011 Enable feature flags for Reborn 5 on stable\n - DNA-94019 Add a direct link to settings\n - DNA-94088 Internal pages provoke not saving other pages to the Pinboard\n - DNA-94111 [O77] Sidebar setup does not open\n - DNA-94139 Crash at\n opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget()\n - The update to chromium 91.0.4472.114 fixes following issues:\n CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557\n\n - Update to version 77.0.4054.90\n - CHR-8446 Update chromium on desktop-stable-91-4054 to 91.0.4472.101\n - The update to chromium 91.0.4472.101 fixes following issues:\n CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547,\n CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551,\n CVE-2021-30552, CVE-2021-30553\n - Update to version 77.0.4054.80\n - DNA-93656 Active cards in checkout Auto-fill\n - DNA-93805 Create snap packages in buildsign\n - DNA-93823 archive_opera_snap failures on Linux\n - DNA-93844 Fix AttributeError in package_type.py\n\n\n - Update to version 77.0.4054.64\n - DNA-93159 Implement image(preview) of each created pinboard\n - DNA-93273 \ufffd\ufffd\ufffdSend image to Pinboard\ufffd\ufffd\ufffd doesn\ufffd\ufffd\ufffdt work correct on\n staging server\n - DNA-93277 Add/update opauto tests for the System Theme WP1\n implementation p.1\n - DNA-93286 [BigSur] YT not being reloaded when opened from link\n - DNA-93296 Opera 77 translations\n - DNA-93372 Build new edition for Axel Springer\n - DNA-93376 Write unittests for PinboardImageCollector\n - DNA-93401 [LastCard] Do not change user state if not needed\n - DNA-93409 Animation with hat and glasses is missing in Private mode\n - DNA-93443 API opr.pinboardPrivate.getThumbnail() returns\n old thumbnail image\n - DNA-93509 Add Opera switch for pinboard staging backend and use it for\n tests\n - DNA-93519 [Sidebar] WhatsApp \ufffd\ufffd\ufffdLog out\ufffd\ufffd\ufffd doesn\ufffd\ufffd\ufffdt work\n - DNA-93634 Fix errors in Slovak translations\n - DNA-93724 Some webstore extensions are not verified properly\n - Complete Opera 77.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-77/\n\n - Update to version 76.0.4017.177\n - DNA-92597 Sound controller doesn\ufffd\ufffd\ufffdt work after pressing \ufffd\ufffd\ufffdNext\ufffd\ufffd\ufffd\n button\n - DNA-93405 Import vmp_signer instead of starting new python process\n - DNA-93406 [Mac] Import plist_util instead of calling script in\n _generateAppEntitlements\n - DNA-93442 Make GX Control panel attachable by webdriver\n - DNA-93554 [AdBlock] Find a fix for blocking \ufffd\ufffd\ufffdnew\ufffd\ufffd\ufffd YouTube ads\n - DNA-93587 Pre-refactor solution\n\n - Update to version 76.0.4017.154\n - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212\n - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode\n - DNA-92587 Sync settings: \ufffd\ufffd\ufffdUse old password\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work\n - DNA-92672 Make it possible for agent to inject scripts into startpage\n - DNA-92712 Add SD reload API\n - DNA-93190 The bookmark can\ufffd\ufffd\ufffdt be opened in Workspace 5-6\n - DNA-93247 Reopen last closed tab shortcut opens random tab on new\n window\n - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit\n builds\n - DNA-93313 Add opauto test to cover DNA-93190\n - DNA-93368 Fix an error in Polish translation\n - DNA-93408 [Windows] widevine_cdm_component_installer does not compile\n on desktop-stable-90-4017\n - The update to chromium 90.0.4430.212 fixes following issues:\n CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509,\n CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513,\n CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517,\n CVE-2021-30518, CVE-2021-30519, CVE-2021-30520\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-110=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-04-08T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520", "CVE-2021-30541", "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557", "CVE-2021-30560", "CVE-2021-30561", "CVE-2021-30562", "CVE-2021-30563", "CVE-2021-30564", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38004", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311", "CVE-2022-0452", "CVE-2022-0453", "CVE-2022-0454", "CVE-2022-0455", "CVE-2022-0456", "CVE-2022-0457", "CVE-2022-0458", "CVE-2022-0459", "CVE-2022-0460", "CVE-2022-0461", "CVE-2022-0462", "CVE-2022-0463", "CVE-2022-0464", "CVE-2022-0465", "CVE-2022-0466", "CVE-2022-0467", "CVE-2022-0468", "CVE-2022-0469", "CVE-2022-0470", "CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809", "CVE-2022-1096"], "modified": "2022-04-08T00:00:00", "id": "OPENSUSE-SU-2022:0110-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZOJPFVCOKYO6YUMKBJPTCF74IGAYK5K4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T19:34:23", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to version 80.0.4170.63\n\n - CHR-8612 Update chromium on desktop-stable-94-4170 to 94.0.4606.81\n - DNA-95434 Crash at opera::ThemesService::UpdateCurrentTheme()\n - The update to chromium 94.0.4606.81 fixes following issues:\n CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980\n\n Opera was updated to version 80.0.4170.40\n\n - CHR-8598 Update chromium on desktop-stable-94-4170 to 94.0.4606.71\n - DNA-95221 Emoji button stuck in address bar\n - DNA-95325 Make y.at navigations to be reported with page_views events\n - DNA-95327 Add \ufffd\ufffd\ufffdEmojis\ufffd\ufffd\ufffd context menu option in address bar field\n - DNA-95339 Add YAT emoji url suggestion to search\ufffd\ufffd dialog\n - DNA-95416 Remove emoji button from address bar\n - DNA-95439 Enable #yat-emoji-addresses on developer stream\n - DNA-95441 [Mac big sur] Emoji are not shown in address bar url\n - DNA-95514 Crash at resource_coordinator::TabLifecycleUnitSource\n ::TabLifecycleUnit::OnLifecycleUnitStateChanged(mojom::\n LifecycleUnitState, mojom::LifecycleUnitStateChangeReason)\n - DNA-95746 Enable #reader-mode everywhere\n - DNA-95865 Numbers are recognized as emojis\n - DNA-95866 Change Yat text in selection popup\n - DNA-95867 Show that buttons are clickable in selection popup\n - The update to chromium 94.0.4606.71 fixes following issues:\n CVE-2021-37974, CVE-2021-37975, CVE-2021-37976\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-1433=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-01T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-11-01T00:00:00", "id": "OPENSUSE-SU-2021:1433-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JKY4BZIJEZDOAALSG7OM4W3NORVRUO4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T19:34:23", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to version 80.0.4170.63\n\n - CHR-8612 Update chromium on desktop-stable-94-4170 to 94.0.4606.81\n - DNA-95434 Crash at opera::ThemesService::UpdateCurrentTheme()\n - The update to chromium 94.0.4606.81 fixes following issues:\n CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980\n\n Opera was updated to version 80.0.4170.40\n\n - CHR-8598 Update chromium on desktop-stable-94-4170 to 94.0.4606.71\n - DNA-95221 Emoji button stuck in address bar\n - DNA-95325 Make y.at navigations to be reported with page_views events\n - DNA-95327 Add \ufffd\ufffd\ufffdEmojis\ufffd\ufffd\ufffd context menu option in address bar field\n - DNA-95339 Add YAT emoji url suggestion to search\ufffd\ufffd dialog\n - DNA-95416 Remove emoji button from address bar\n - DNA-95439 Enable #yat-emoji-addresses on developer stream\n - DNA-95441 [Mac big sur] Emoji are not shown in address bar url\n - DNA-95514 Crash at resource_coordinator::TabLifecycleUnitSource\n ::TabLifecycleUnit::OnLifecycleUnitStateChanged(mojom::\n LifecycleUnitState, mojom::LifecycleUnitStateChangeReason)\n - DNA-95746 Enable #reader-mode everywhere\n - DNA-95865 Numbers are recognized as emojis\n - DNA-95866 Change Yat text in selection popup\n - DNA-95867 Show that buttons are clickable in selection popup\n - The update to chromium 94.0.4606.71 fixes following issues:\n CVE-2021-37974, CVE-2021-37975, CVE-2021-37976\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-1434=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-01T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-11-01T00:00:00", "id": "OPENSUSE-SU-2021:1434-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CF6Y247TQDOSNNT7RURWBHGHDS3V4YYD/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:52", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 96.0.4664.110 (boo#1193713):\n\n * CVE-2021-4098: Insufficient data validation in Mojo\n * CVE-2021-4099: Use after free in Swiftshader\n * CVE-2021-4100: Object lifecycle issue in ANGLE\n * CVE-2021-4101: Heap buffer overflow in Swiftshader\n * CVE-2021-4102: Use after free in V8\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1600=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-20T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2021-12-20T00:00:00", "id": "OPENSUSE-SU-2021:1600-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LGS65TJIBHZIF3QKXXU62A2KR5NRUCPQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:52", "description": "An update that fixes 41 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 96.0.4664.110 (boo#1193713):\n\n * CVE-2021-4098: Insufficient data validation in Mojo\n * CVE-2021-4099: Use after free in Swiftshader\n * CVE-2021-4100: Object lifecycle issue in ANGLE\n * CVE-2021-4101: Heap buffer overflow in Swiftshader\n * CVE-2021-4102: Use after free in V8\n\n Lord of the Browsers: The Two Compilers:\n\n * Go back to GCC\n * GCC: LTO removes needed assembly symbols\n * Clang: issues with libstdc++\n\n Chromium 96.0.4664.93 (boo#1193519):\n\n * CVE-2021-4052: Use after free in web apps\n * CVE-2021-4053: Use after free in UI\n * CVE-2021-4079: Out of bounds write in WebRTC\n * CVE-2021-4054: Incorrect security UI in autofill\n * CVE-2021-4078: Type confusion in V8\n * CVE-2021-4055: Heap buffer overflow in extensions\n * CVE-2021-4056: Type Confusion in loader\n * CVE-2021-4057: Use after free in file API\n * CVE-2021-4058: Heap buffer overflow in ANGLE\n * CVE-2021-4059: Insufficient data validation in loader\n * CVE-2021-4061: Type Confusion in V8\n * CVE-2021-4062: Heap buffer overflow in BFCache\n * CVE-2021-4063: Use after free in developer tools\n * CVE-2021-4064: Use after free in screen capture\n * CVE-2021-4065: Use after free in autofill\n * CVE-2021-4066: Integer underflow in ANGLE\n * CVE-2021-4067: Use after free in window manager\n * CVE-2021-4068: Insufficient validation of untrusted input in new tab page\n\n Chromium 96.0.4664.45 (boo#1192734):\n\n * CVE-2021-38007: Type Confusion in V8\n * CVE-2021-38008: Use after free in media\n * CVE-2021-38009: Inappropriate implementation in cache\n * CVE-2021-38006: Use after free in storage foundation\n * CVE-2021-38005: Use after free in loader\n * CVE-2021-38010: Inappropriate implementation in service workers\n * CVE-2021-38011: Use after free in storage foundation\n * CVE-2021-38012: Type Confusion in V8\n * CVE-2021-38013: Heap buffer overflow in fingerprint recognition\n * CVE-2021-38014: Out of bounds write in Swiftshader\n * CVE-2021-38015: Inappropriate implementation in input\n * CVE-2021-38016: Insufficient policy enforcement in background fetch\n * CVE-2021-38017: Insufficient policy enforcement in iframe sandbox\n * CVE-2021-38018: Inappropriate implementation in navigation\n * CVE-2021-38019: Insufficient policy enforcement in CORS\n * CVE-2021-38020: Insufficient policy enforcement in contacts picker\n * CVE-2021-38021: Inappropriate implementation in referrer\n * CVE-2021-38022: Inappropriate implementation in WebAuthentication\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1632=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-12-28T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2021-12-28T00:00:00", "id": "OPENSUSE-SU-2021:1632-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DUJZLITO4GTLR5FP75FBCLDYZMUY2AFI/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T08:09:55", "description": "An update that fixes 36 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Ensure newer libs and LLVM is used on Leap (boo#1192310)\n - Explicitly BuildRequire python3-six.\n\n Chromium 96.0.4664.93 (boo#1193519):\n\n * CVE-2021-4052: Use after free in web apps\n * CVE-2021-4053: Use after free in UI\n * CVE-2021-4079: Out of bounds write in WebRTC\n * CVE-2021-4054: Incorrect security UI in autofill\n * CVE-2021-4078: Type confusion in V8\n * CVE-2021-4055: Heap buffer overflow in extensions\n * CVE-2021-4056: Type Confusion in loader\n * CVE-2021-4057: Use after free in file API\n * CVE-2021-4058: Heap buffer overflow in ANGLE\n * CVE-2021-4059: Insufficient data validation in loader\n * CVE-2021-4061: Type Confusion in V8\n * CVE-2021-4062: Heap buffer overflow in BFCache\n * CVE-2021-4063: Use after free in developer tools\n * CVE-2021-4064: Use after free in screen capture\n * CVE-2021-4065: Use after free in autofill\n * CVE-2021-4066: Integer underflow in ANGLE\n * CVE-2021-4067: Use after free in window manager\n * CVE-2021-4068: Insufficient validation of untrusted input in new tab page\n\n Chromium 96.0.4664.45 (boo#1192734):\n\n * CVE-2021-38007: Type Confusion in V8\n * CVE-2021-38008: Use after free in media\n * CVE-2021-38009: Inappropriate implementation in cache\n * CVE-2021-38006: Use after free in storage foundation\n * CVE-2021-38005: Use after free in loader\n * CVE-2021-38010: Inappropriate implementation in service workers\n * CVE-2021-38011: Use after free in storage foundation\n * CVE-2021-38012: Type Confusion in V8\n * CVE-2021-38013: Heap buffer overflow in fingerprint recognition\n * CVE-2021-38014: Out of bounds write in Swiftshader\n * CVE-2021-38015: Inappropriate implementation in input\n * CVE-2021-38016: Insufficient policy enforcement in background fetch\n * CVE-2021-38017: Insufficient policy enforcement in iframe sandbox\n * CVE-2021-38018: Inappropriate implementation in navigation\n * CVE-2021-38019: Insufficient policy enforcement in CORS\n * CVE-2021-38020: Insufficient policy enforcement in contacts picker\n * CVE-2021-38021: Inappropriate implementation in referrer\n * CVE-2021-38022: Inappropriate implementation in WebAuthentication\n\n Lord of the Browsers: The Two Compilers:\n\n * Go back to GCC Lord of the Browsers: The Two Compilers:\n\n * Go back to GCC\n * GCC: LTO removes needed assembly symbols\n * Clang: issues with libstdc++\n\n * GCC: LTO removes needed assembly symbols\n * Clang: issues with libstdc++\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1582=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-12-14T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079"], "modified": "2021-12-14T00:00:00", "id": "OPENSUSE-SU-2021:1582-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2H3B3VUHNFAXDEK6YLKWJWLKWC4NOIPM/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T12:08:56", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to version 80.0.4170.16\n\n Fixes:\n\n - CHR-8590 Update chromium on desktop-stable-94-4170 to 94.0.4606.61\n - DNA-95347 Make InstallerStep::Run async\n - DNA-95420 First suggestion in address field is often not highlighted\n - DNA-95613 Browser closing itself after closing SD/first tab and last\n opened tab\n - DNA-95725 Promote O80 to stable\n - DNA-95781 Import fixes for CVE-2021-37975, CVE-2021-37976 and\n CVE-2021-37974 to desktop-stable-94-4170\n\n - Complete Opera 80.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-80/\n - Drop Provides/Obsoletes for opera-gtk and opera-kde4\n opera-gtk and opera-kde4 were last used in openSUSE 13.1\n\n Opera was updated to version 79.0.4143.72\n\n Fixes:\n\n - DNA-94933 Add emoji panel to address bar\n - DNA-95210 Add emoji YAT address bar suggestions\n - DNA-95221 Emoji button stuck in address bar\n - DNA-95325 Make y.at navigations to be reported with page_views events\n - DNA-95327 Add \ufffd\ufffd\ufffdEmojis\ufffd\ufffd\ufffd context menu option in address bar field\n - DNA-95339 Add YAT emoji url suggestion to search\ufffd\ufffd dialog\n - DNA-95364 Add browser feature flag\n - DNA-95416 Remove emoji button from address bar\n - DNA-95439 Enable #yat-emoji-addresses on developer stream\n - DNA-95441 [Mac big sur] Emoji are not shown in address bar url\n - DNA-95445 Crash when removing unsynced pinboard bookmark with sync\n enabled\n - DNA-95512 Allow to show title and timer for simple banners\n - DNA-95516 Wrong label in settings for themes\n - DNA-95679 Temporarily disable AB test for a new autoupdater logic\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-1358=1\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-1358=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-15T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976"], "modified": "2021-10-15T00:00:00", "id": "OPENSUSE-SU-2021:1358-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JAX3Q57Z6FBAZI5TMEFWFYPK5JXVPRKE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-19T15:13:08", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1131-1 advisory.\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks. (CVE-2021-30590)\n\n - Use after free in File System API. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip. (CVE-2021-30593)\n\n - Use after free in Page Info UI. (CVE-2021-30594)\n\n - Incorrect security UI in Navigation. (CVE-2021-30596)\n\n - Use after free in Browser UI. (CVE-2021-30597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-11T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1131-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1131.NASL", "href": "https://www.tenable.com/plugins/nessus/152460", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1131-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152460);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\",\n \"CVE-2021-30590\",\n \"CVE-2021-30591\",\n \"CVE-2021-30592\",\n \"CVE-2021-30593\",\n \"CVE-2021-30594\",\n \"CVE-2021-30596\",\n \"CVE-2021-30597\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0361-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1131-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1131-1 advisory.\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious extension to perform an out of bounds memory write\n via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who\n had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker\n who convinced a user to install a malicious extension to potentially perform a sandbox escape via a\n crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform\n out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a\n remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks. (CVE-2021-30590)\n\n - Use after free in File System API. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip. (CVE-2021-30593)\n\n - Use after free in Page Info UI. (CVE-2021-30594)\n\n - Incorrect security UI in Navigation. (CVE-2021-30596)\n\n - Use after free in Browser UI. (CVE-2021-30597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189006\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QMTT3WQIVTBT7PZKT6YDJXEYNVRRJDO2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f84da44\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30592\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-92.0.4515.131-lp152.2.116.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-92.0.4515.131-lp152.2.116.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:13:34", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1144-1 advisory.\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks. (CVE-2021-30590)\n\n - Use after free in File System API. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip. (CVE-2021-30593)\n\n - Use after free in Page Info UI. (CVE-2021-30594)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-30596)\n\n - Use after free in Browser UI. (CVE-2021-30597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-12T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1144.NASL", "href": "https://www.tenable.com/plugins/nessus/152515", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1144-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152515);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\",\n \"CVE-2021-30590\",\n \"CVE-2021-30591\",\n \"CVE-2021-30592\",\n \"CVE-2021-30593\",\n \"CVE-2021-30594\",\n \"CVE-2021-30596\",\n \"CVE-2021-30597\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0361-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1144-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1144-1 advisory.\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious extension to perform an out of bounds memory write\n via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who\n had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker\n who convinced a user to install a malicious extension to potentially perform a sandbox escape via a\n crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform\n out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a\n remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks. (CVE-2021-30590)\n\n - Use after free in File System API. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip. (CVE-2021-30593)\n\n - Use after free in Page Info UI. (CVE-2021-30594)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-30596)\n\n - Use after free in Browser UI. (CVE-2021-30597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189006\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cbc8be44\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30592\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-92.0.4515.131-bp153.2.19.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-92.0.4515.131-bp153.2.19.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-92.0.4515.131-bp153.2.19.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-92.0.4515.131-bp153.2.19.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:07", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1300-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE. (CVE-2021-30626)\n\n - Type Confusion in Blink layout. (CVE-2021-30627, CVE-2021-30631)\n\n - Stack buffer overflow in ANGLE. (CVE-2021-30628)\n\n - Use after free in Permissions. (CVE-2021-30629)\n\n - Inappropriate implementation in Blink . (CVE-2021-30630)\n\n - Out of bounds write in V8. (CVE-2021-30632)\n\n - Use after free in Indexed DB API. (CVE-2021-30633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-22T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1300-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1300.NASL", "href": "https://www.tenable.com/plugins/nessus/153533", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1300-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153533);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\",\n \"CVE-2021-30625\",\n \"CVE-2021-30626\",\n \"CVE-2021-30627\",\n \"CVE-2021-30628\",\n \"CVE-2021-30629\",\n \"CVE-2021-30630\",\n \"CVE-2021-30631\",\n \"CVE-2021-30632\",\n \"CVE-2021-30633\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0411-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1300-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1300-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE. (CVE-2021-30626)\n\n - Type Confusion in Blink layout. (CVE-2021-30627, CVE-2021-30631)\n\n - Stack buffer overflow in ANGLE. (CVE-2021-30628)\n\n - Use after free in Permissions. (CVE-2021-30629)\n\n - Inappropriate implementation in Blink . (CVE-2021-30630)\n\n - Out of bounds write in V8. (CVE-2021-30632)\n\n - Use after free in Indexed DB API. (CVE-2021-30633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190476\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AFYTQFVWKBYVVXUN3DISYCDXS27AWFTC/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a5c6950d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30633\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-93.0.4577.82-bp153.2.28.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-93.0.4577.82-bp153.2.28.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-93.0.4577.82-bp153.2.28.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-93.0.4577.82-bp153.2.28.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:09", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1310-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-26T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2021:1310-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-10-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1310.NASL", "href": "https://www.tenable.com/plugins/nessus/153669", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1310-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153669);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2021:1310-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1310-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZDRKVDFEPABXRR653626WGJRZWK5HZ7Y/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0265fbbf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30624\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-79.0.4143.22-lp152.2.64.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:57:05", "description": "The version of Google Chrome installed on the remote macOS host is prior to 92.0.4515.107. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_07_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "Google Chrome < 92.0.4515.107 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_92_0_4515_107.NASL", "href": "https://www.tenable.com/plugins/nessus/151832", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151832);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30580\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30583\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30586\",\n \"CVE-2021-30587\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n\n script_name(english:\"Google Chrome < 92.0.4515.107 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 92.0.4515.107. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_07_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b961beb2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1202661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1211326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1218707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1101897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1214234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1216822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1227315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1213313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1207277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1189092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1205981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1179290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1213350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1023503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1180510\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 92.0.4515.107 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'92.0.4515.107', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:56:56", "description": "The version of Google Chrome installed on the remote Windows host is prior to 92.0.4515.107. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_07_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "Google Chrome < 92.0.4515.107 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_92_0_4515_107.NASL", "href": "https://www.tenable.com/plugins/nessus/151831", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151831);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30580\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30583\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30586\",\n \"CVE-2021-30587\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n\n script_name(english:\"Google Chrome < 92.0.4515.107 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 92.0.4515.107. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_07_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b961beb2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1202661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1211326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1218707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1101897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1214234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1216822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1227315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1213313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1207277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1189092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1205981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1179290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1213350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1023503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1180510\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 92.0.4515.107 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'92.0.4515.107', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:12:14", "description": "Chrome Releases reports :\n\nThis release contains 35 security fixes, including :\n\n- ][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups.\nReported by David Erceg on 2021-05-19\n\n- [1202661] High CVE-2021-30566: Stack buffer overflow in Printing.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26\n\n- [1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20\n\n- [1219886] High CVE-2021-30568: Heap buffer overflow in WebGL.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15\n\n- [1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11\n\n- [1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03\n\n- [1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-28\n\n- [1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team - https://securityforeveryone.com on 2021-06-06\n\n- [1227315] High CVE-2021-30574: Use after free in protocol handling.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08\n\n- [1213313] Medium CVE-2021-30575: Out of bounds read in Autofill.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26\n\n- [1194896] Medium CVE-2021-30576: Use after free in DevTools.\nReported by David Erceg on 2021-04-01\n\n- [1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01\n\n- [1201074] Medium CVE-2021-30578: Uninitialized Use in Media.\nReported by Chaoyuan Peng on 2021-04-21\n\n- [1207277] Medium CVE-2021-30579: Use after free in UI framework.\nReported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-10\n\n- [1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17\n\n- [1194431] Medium CVE-2021-30581: Use after free in DevTools.\nReported by David Erceg on 2021-03-31\n\n- [1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu on 2021-05-05\n\n- [1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17\n\n- [1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads.\nReported by @retsew0x01 on 2021-05-26\n\n- [1023503] Medium CVE-2021-30585: Use after free in sensor handling.\nReported by niarci on 2019-11-11\n\n- [1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21\n\n- [1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30\n\n- [1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04\n\n- [1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20", "cvss3": {}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (76487640-ea29-11eb-a686-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_76487640EA2911EBA6863065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/151972", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151972);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30580\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30583\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30586\",\n \"CVE-2021-30587\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (76487640-ea29-11eb-a686-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 35 security fixes, including :\n\n- ][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups.\nReported by David Erceg on 2021-05-19\n\n- [1202661] High CVE-2021-30566: Stack buffer overflow in Printing.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26\n\n- [1211326] High CVE-2021-30567: Use after free in DevTools. Reported\nby DDV_UA on 2021-05-20\n\n- [1219886] High CVE-2021-30568: Heap buffer overflow in WebGL.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15\n\n- [1218707] High CVE-2021-30569: Use after free in sqlite. Reported by\nChris Salls (@salls) of Makai Security on 2021-06-11\n\n- [1101897] High CVE-2021-30571: Insufficient policy enforcement in\nDevTools. Reported by David Erceg on 2020-07-03\n\n- [1214234] High CVE-2021-30572: Use after free in Autofill. Reported\nby Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2021-05-28\n\n- [1216822] High CVE-2021-30573: Use after free in GPU. Reported by\nSecurity For Everyone Team - https://securityforeveryone.com on\n2021-06-06\n\n- [1227315] High CVE-2021-30574: Use after free in protocol handling.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08\n\n- [1213313] Medium CVE-2021-30575: Out of bounds read in Autofill.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26\n\n- [1194896] Medium CVE-2021-30576: Use after free in DevTools.\nReported by David Erceg on 2021-04-01\n\n- [1204811] Medium CVE-2021-30577: Insufficient policy enforcement in\nInstaller. Reported by Jan van der Put (REQON B.V) on 2021-05-01\n\n- [1201074] Medium CVE-2021-30578: Uninitialized Use in Media.\nReported by Chaoyuan Peng on 2021-04-21\n\n- [1207277] Medium CVE-2021-30579: Use after free in UI framework.\nReported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at\nQi'anxin Group on 2021-05-10\n\n- [1189092] Medium CVE-2021-30580: Insufficient policy enforcement in\nAndroid intents. Reported by @retsew0x01 on 2021-03-17\n\n- [1194431] Medium CVE-2021-30581: Use after free in DevTools.\nReported by David Erceg on 2021-03-31\n\n- [1205981] Medium CVE-2021-30582: Inappropriate implementation in\nAnimation. Reported by George Liu on 2021-05-05\n\n- [1179290] Medium CVE-2021-30583: Insufficient policy enforcement in\nimage handling on Windows. Reported by Muneaki Nishimura (nishimunea)\non 2021-02-17\n\n- [1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads.\nReported by @retsew0x01 on 2021-05-26\n\n- [1023503] Medium CVE-2021-30585: Use after free in sensor handling.\nReported by niarci on 2019-11-11\n\n- [1201032] Medium CVE-2021-30586: Use after free in dialog box\nhandling on Windows. Reported by kkomdal with kkwon and neodal on\n2021-04-21\n\n- [1204347] Medium CVE-2021-30587: Inappropriate implementation in\nCompositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft\nBrowser Vulnerability Research on 2021-04-30\n\n- [1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose\nMartinez (tr0y4) from VerSprite Inc. on 2021-04-04\n\n- [1180510] Low CVE-2021-30589: Insufficient validation of untrusted\ninput in Sharing. Reported by Kirtikumar Anandrao Ramchandani\n(@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20\");\n # https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b961beb2\");\n # https://vuxml.freebsd.org/freebsd/76487640-ea29-11eb-a686-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?072c2990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<92.0.4515.107\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:30", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1303-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE. (CVE-2021-30626)\n\n - Type Confusion in Blink layout. (CVE-2021-30627, CVE-2021-30631)\n\n - Stack buffer overflow in ANGLE. (CVE-2021-30628)\n\n - Use after free in Permissions. (CVE-2021-30629)\n\n - Inappropriate implementation in Blink . (CVE-2021-30630)\n\n - Out of bounds write in V8. (CVE-2021-30632)\n\n - Use after free in Indexed DB API. (CVE-2021-30633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-23T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1303-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1303.NASL", "href": "https://www.tenable.com/plugins/nessus/153578", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1303-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153578);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\",\n \"CVE-2021-30625\",\n \"CVE-2021-30626\",\n \"CVE-2021-30627\",\n \"CVE-2021-30628\",\n \"CVE-2021-30629\",\n \"CVE-2021-30630\",\n \"CVE-2021-30631\",\n \"CVE-2021-30632\",\n \"CVE-2021-30633\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0411-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1303-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1303-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE. (CVE-2021-30626)\n\n - Type Confusion in Blink layout. (CVE-2021-30627, CVE-2021-30631)\n\n - Stack buffer overflow in ANGLE. (CVE-2021-30628)\n\n - Use after free in Permissions. (CVE-2021-30629)\n\n - Inappropriate implementation in Blink . (CVE-2021-30630)\n\n - Out of bounds write in V8. (CVE-2021-30632)\n\n - Use after free in Indexed DB API. (CVE-2021-30633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190476\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XKFA6UOYGKCDBHHUW6MA56YT5KIDLCNF/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce02713e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30633\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-93.0.4577.82-lp152.2.125.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-93.0.4577.82-lp152.2.125.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:25", "description": "The version of Google Chrome installed on the remote macOS host is prior to 93.0.4577.63. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop_31 advisory.\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-01T00:00:00", "type": "nessus", "title": "Google Chrome < 93.0.4577.63 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_93_0_4577_63.NASL", "href": "https://www.tenable.com/plugins/nessus/152927", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152927);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n\n script_name(english:\"Google Chrome < 93.0.4577.63 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 93.0.4577.63. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop_31 advisory.\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc7074cc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1235949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1239595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1234284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1209622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1207315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1208614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1231432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1226909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1232279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1235222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1063518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1224419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1223667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1230513\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 93.0.4577.63 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'93.0.4577.63', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:14:38", "description": "Chrome Releases reports :\n\nThis release contains 27 security fixes, including :\n\n- [1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28\n\n- [1235949] High CVE-2021-30607: Use after free in Permissions.\nReported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-03\n\n- [1219870] High CVE-2021-30608: Use after free in Web Share. Reported by Huyna at Viettel Cyber Security on 2021-06-15\n\n- [1239595] High CVE-2021-30609: Use after free in Sign-In. Reported by raven (@raid_akame) on 2021-08-13\n\n- [1200440] High CVE-2021-30610: Use after free in Extensions API.\nReported by Igor Bukanov from Vivaldi on 2021-04-19\n\n- [1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28\n\n- [1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29\n\n- [1209622] Medium CVE-2021-30613: Use after free in Base internals.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16\n\n- [1207315] Medium CVE-2021-30614: Heap buffer overflow in TabStrip.\nReported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10\n\n- [1208614] Medium CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK on 2021-05-12\n\n- [1231432] Medium CVE-2021-30616: Use after free in Media. Reported by Anonymous on 2021-07-21\n\n- [1226909] Medium CVE-2021-30617: Policy bypass in Blink. Reported by NDevTK on 2021-07-07\n\n- [1232279] Medium CVE-2021-30618: Inappropriate implementation in DevTools. Reported by @DanAmodio and @mattaustin from Contrast Security on 2021-07-23\n\n- [1235222] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported by Alesandro Ortiz on 2021-08-02\n\n- [1063518] Medium CVE-2021-30620: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-20\n\n- [1204722] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30\n\n- [1224419] Medium CVE-2021-30622: Use after free in WebApp Installs.\nReported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-06-28\n\n- [1223667] Low CVE-2021-30623: Use after free in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25\n\n- [1230513] Low CVE-2021-30624: Use after free in Autofill. Reported by Wei Yuan of MoyunSec VLab on 2021-07-19", "cvss3": {}, "published": "2021-09-07T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (a7732806-0b2a-11ec-836b-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-09-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A77328060B2A11EC836B3065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/153062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(153062);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/10\");\n\n script_cve_id(\"CVE-2021-30606\", \"CVE-2021-30607\", \"CVE-2021-30608\", \"CVE-2021-30609\", \"CVE-2021-30610\", \"CVE-2021-30611\", \"CVE-2021-30612\", \"CVE-2021-30613\", \"CVE-2021-30614\", \"CVE-2021-30615\", \"CVE-2021-30616\", \"CVE-2021-30617\", \"CVE-2021-30618\", \"CVE-2021-30619\", \"CVE-2021-30620\", \"CVE-2021-30621\", \"CVE-2021-30622\", \"CVE-2021-30623\", \"CVE-2021-30624\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (a7732806-0b2a-11ec-836b-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 27 security fixes, including :\n\n- [1233975] High CVE-2021-30606: Use after free in Blink. Reported by\nNan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab\non 2021-07-28\n\n- [1235949] High CVE-2021-30607: Use after free in Permissions.\nReported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at\nQi'anxin Group on 2021-08-03\n\n- [1219870] High CVE-2021-30608: Use after free in Web Share. Reported\nby Huyna at Viettel Cyber Security on 2021-06-15\n\n- [1239595] High CVE-2021-30609: Use after free in Sign-In. Reported\nby raven (@raid_akame) on 2021-08-13\n\n- [1200440] High CVE-2021-30610: Use after free in Extensions API.\nReported by Igor Bukanov from Vivaldi on 2021-04-19\n\n- [1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported\nby Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha\nLab on 2021-07-28\n\n- [1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported\nby Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha\nLab on 2021-07-29\n\n- [1209622] Medium CVE-2021-30613: Use after free in Base internals.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16\n\n- [1207315] Medium CVE-2021-30614: Heap buffer overflow in TabStrip.\nReported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile\nTelecommunications Corp. Ltd. on 2021-05-10\n\n- [1208614] Medium CVE-2021-30615: Cross-origin data leak in\nNavigation. Reported by NDevTK on 2021-05-12\n\n- [1231432] Medium CVE-2021-30616: Use after free in Media. Reported\nby Anonymous on 2021-07-21\n\n- [1226909] Medium CVE-2021-30617: Policy bypass in Blink. Reported by\nNDevTK on 2021-07-07\n\n- [1232279] Medium CVE-2021-30618: Inappropriate implementation in\nDevTools. Reported by @DanAmodio and @mattaustin from Contrast\nSecurity on 2021-07-23\n\n- [1235222] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported\nby Alesandro Ortiz on 2021-08-02\n\n- [1063518] Medium CVE-2021-30620: Insufficient policy enforcement in\nBlink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\nResearch on 2020-03-20\n\n- [1204722] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported\nby Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on\n2021-04-30\n\n- [1224419] Medium CVE-2021-30622: Use after free in WebApp Installs.\nReported by Jun Kokatsu, Microsoft Browser Vulnerability Research on\n2021-06-28\n\n- [1223667] Low CVE-2021-30623: Use after free in Bookmarks. Reported\nby Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25\n\n- [1230513] Low CVE-2021-30624: Use after free in Autofill. Reported\nby Wei Yuan of MoyunSec VLab on 2021-07-19\"\n );\n # https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc7074cc\"\n );\n # https://vuxml.freebsd.org/freebsd/a7732806-0b2a-11ec-836b-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf35cc60\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30623\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<93.0.4577.63\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:44", "description": "The version of Google Chrome installed on the remote Windows host is prior to 93.0.4577.63. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop_31 advisory.\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-01T00:00:00", "type": "nessus", "title": "Google Chrome < 93.0.4577.63 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_93_0_4577_63.NASL", "href": "https://www.tenable.com/plugins/nessus/152928", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152928);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n\n script_name(english:\"Google Chrome < 93.0.4577.63 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 93.0.4577.63. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop_31 advisory.\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc7074cc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1235949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1239595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1234284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1209622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1207315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1208614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1231432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1226909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1232279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1235222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1063518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1224419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1223667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1230513\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 93.0.4577.63 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'93.0.4577.63', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:59", "description": "The version of Google Chrome installed on the remote macOS host is prior to 96.0.4664.45. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_11_stable-channel-update-for-desktop advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-15T00:00:00", "type": "nessus", "title": "Google Chrome < 96.0.4664.45 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_96_0_4664_45.NASL", "href": "https://www.tenable.com/plugins/nessus/155353", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155353);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-38005\",\n \"CVE-2021-38006\",\n \"CVE-2021-38007\",\n \"CVE-2021-38008\",\n \"CVE-2021-38009\",\n \"CVE-2021-38010\",\n \"CVE-2021-38011\",\n \"CVE-2021-38012\",\n \"CVE-2021-38013\",\n \"CVE-2021-38014\",\n \"CVE-2021-38015\",\n \"CVE-2021-38016\",\n \"CVE-2021-38017\",\n \"CVE-2021-38018\",\n \"CVE-2021-38019\",\n \"CVE-2021-38020\",\n \"CVE-2021-38021\",\n \"CVE-2021-38022\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0555-S\");\n\n script_name(english:\"Google Chrome < 96.0.4664.45 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 96.0.4664.45. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_11_stable-channel-update-for-desktop advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8cf8e77e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1254189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1263620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1260649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1264477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1262791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/957553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1244289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1256822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1259694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 96.0.4664.45 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38017\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'96.0.4664.45', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:59", "description": "The version of Google Chrome installed on the remote Windows host is prior to 96.0.4664.45. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_11_stable-channel-update-for-desktop advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-15T00:00:00", "type": "nessus", "title": "Google Chrome < 96.0.4664.45 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_96_0_4664_45.NASL", "href": "https://www.tenable.com/plugins/nessus/155352", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155352);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-38005\",\n \"CVE-2021-38006\",\n \"CVE-2021-38007\",\n \"CVE-2021-38008\",\n \"CVE-2021-38009\",\n \"CVE-2021-38010\",\n \"CVE-2021-38011\",\n \"CVE-2021-38012\",\n \"CVE-2021-38013\",\n \"CVE-2021-38014\",\n \"CVE-2021-38015\",\n \"CVE-2021-38016\",\n \"CVE-2021-38017\",\n \"CVE-2021-38018\",\n \"CVE-2021-38019\",\n \"CVE-2021-38020\",\n \"CVE-2021-38021\",\n \"CVE-2021-38022\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0555-S\");\n\n script_name(english:\"Google Chrome < 96.0.4664.45 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 96.0.4664.45. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_11_stable-channel-update-for-desktop advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8cf8e77e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1254189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1263620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1260649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1264477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1262791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/957553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1244289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1256822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1259694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 96.0.4664.45 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38017\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'96.0.4664.45', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:30:38", "description": "The version of Google Chrome installed on the remote Windows host is prior to 95.0.4638.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_10_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-19T00:00:00", "type": "nessus", "title": "Google Chrome < 95.0.4638.54 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_95_0_4638_54.NASL", "href": "https://www.tenable.com/plugins/nessus/154238", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154238);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n\n script_name(english:\"Google Chrome < 95.0.4638.54 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 95.0.4638.54. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_10_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0836418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1246631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1249810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1253399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1228248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1247395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1253746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1255332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1243020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1100761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242315\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 95.0.4638.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'95.0.4638.54', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:35:27", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1392-1 advisory.\n\n - : Heap buffer overflow in Skia. (CVE-2021-37981)\n\n - : Use after free in Incognito. (CVE-2021-37982)\n\n - : Use after free in Dev Tools. (CVE-2021-37983)\n\n - : Heap buffer overflow in PDFium. (CVE-2021-37984)\n\n - : Use after free in V8. (CVE-2021-37985)\n\n - : Heap buffer overflow in Settings. (CVE-2021-37986)\n\n - : Use after free in Network APIs. (CVE-2021-37987)\n\n - : Use after free in Profiles. (CVE-2021-37988)\n\n - : Inappropriate implementation in Blink. (CVE-2021-37989)\n\n - : Inappropriate implementation in WebView. (CVE-2021-37990)\n\n - : Race in V8. (CVE-2021-37991)\n\n - : Out of bounds read in WebAudio. (CVE-2021-37992)\n\n - : Use after free in PDF Accessibility. (CVE-2021-37993)\n\n - : Inappropriate implementation in iFrame Sandbox. (CVE-2021-37994)\n\n - : Inappropriate implementation in WebApp Installer. (CVE-2021-37995)\n\n - : Insufficient validation of untrusted input in Downloads. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1392-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/154513", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1392-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154513);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1392-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1392-1 advisory.\n\n - : Heap buffer overflow in Skia. (CVE-2021-37981)\n\n - : Use after free in Incognito. (CVE-2021-37982)\n\n - : Use after free in Dev Tools. (CVE-2021-37983)\n\n - : Heap buffer overflow in PDFium. (CVE-2021-37984)\n\n - : Use after free in V8. (CVE-2021-37985)\n\n - : Heap buffer overflow in Settings. (CVE-2021-37986)\n\n - : Use after free in Network APIs. (CVE-2021-37987)\n\n - : Use after free in Profiles. (CVE-2021-37988)\n\n - : Inappropriate implementation in Blink. (CVE-2021-37989)\n\n - : Inappropriate implementation in WebView. (CVE-2021-37990)\n\n - : Race in V8. (CVE-2021-37991)\n\n - : Out of bounds read in WebAudio. (CVE-2021-37992)\n\n - : Use after free in PDF Accessibility. (CVE-2021-37993)\n\n - : Inappropriate implementation in iFrame Sandbox. (CVE-2021-37994)\n\n - : Inappropriate implementation in WebApp Installer. (CVE-2021-37995)\n\n - : Insufficient validation of untrusted input in Downloads. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191844\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PA4QP5O5NS7MLCPJRQA74564MFVWF24/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?73a3f306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37996\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-95.0.4638.54-bp153.2.37.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-95.0.4638.54-bp153.2.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-95.0.4638.54-bp153.2.37.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-95.0.4638.54-bp153.2.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:33:45", "description": "Chrome Releases reports :\n\nThis release contains 19 security fixes, including :\n\n- [1246631] High CVE-2021-37981: Heap buffer overflow in Skia.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04\n\n- [1248661] High CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-11\n\n- [1249810] High CVE-2021-37983: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15\n\n- [1253399] High CVE-2021-37984: Heap buffer overflow in PDFium.\nReported by Antti Levomaki, Joonas Pihlaja andChristian Jali from Forcepoint on 2021-09-27\n\n- [1241860] High CVE-2021-37985: Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20\n\n- [1242404] Medium CVE-2021-37986: Heap buffer overflow in Settings.\nReported by raven (@raid_akame) on 2021-08-23\n\n- [1206928] Medium CVE-2021-37987: Use after free in Network APIs.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08\n\n- [1228248] Medium CVE-2021-37988: Use after free in Profiles.\nReported by raven (@raid_akame) on 2021-07-12\n\n- [1233067] Medium CVE-2021-37989: Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26\n\n- [1247395] Medium CVE-2021-37990: Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield on 2021-09-07\n\n- [1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel Gross of Google Project Zero on 2021-09-17\n\n- [1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio.\nReported by sunburst@Ant Security Light-Year Lab on 2021-09-28\n\n- [1255332] Medium CVE-2021-37993: Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02\n\n- [1243020] Medium CVE-2021-37996: Insufficient validation of untrusted input in Downloads. Reported by Anonymous on 2021-08-24\n\n- [1100761] Low CVE-2021-37994: Inappropriate implementation in iFrame Sandbox. Reported by David Erceg on 2020-06-30\n\n- [1242315] Low CVE-2021-37995: Inappropriate implementation in WebApp Installer. Reported by Terence Eden on 2021-08-23", "cvss3": {}, "published": "2021-10-21T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (bdaecfad-3117-11ec-b3b0-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_BDAECFAD311711ECB3B03065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/154316", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154316);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (bdaecfad-3117-11ec-b3b0-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 19 security fixes, including :\n\n- [1246631] High CVE-2021-37981: Heap buffer overflow in Skia.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04\n\n- [1248661] High CVE-2021-37982: Use after free in Incognito. Reported\nby Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2021-09-11\n\n- [1249810] High CVE-2021-37983: Use after free in Dev Tools. Reported\nby Zhihua Yao of KunLun Lab on 2021-09-15\n\n- [1253399] High CVE-2021-37984: Heap buffer overflow in PDFium.\nReported by Antti Levomaki, Joonas Pihlaja andChristian Jali from\nForcepoint on 2021-09-27\n\n- [1241860] High CVE-2021-37985: Use after free in V8. Reported by\nYangkang (@dnpushme) of 360 ATA on 2021-08-20\n\n- [1242404] Medium CVE-2021-37986: Heap buffer overflow in Settings.\nReported by raven (@raid_akame) on 2021-08-23\n\n- [1206928] Medium CVE-2021-37987: Use after free in Network APIs.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08\n\n- [1228248] Medium CVE-2021-37988: Use after free in Profiles.\nReported by raven (@raid_akame) on 2021-07-12\n\n- [1233067] Medium CVE-2021-37989: Inappropriate implementation in\nBlink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26\n\n- [1247395] Medium CVE-2021-37990: Inappropriate implementation in\nWebView. Reported by Kareem Selim of CyShield on 2021-09-07\n\n- [1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel\nGross of Google Project Zero on 2021-09-17\n\n- [1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio.\nReported by sunburst@Ant Security Light-Year Lab on 2021-09-28\n\n- [1255332] Medium CVE-2021-37993: Use after free in PDF\nAccessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO\nMobile Telecommunications Corp. Ltd. on 2021-10-02\n\n- [1243020] Medium CVE-2021-37996: Insufficient validation of\nuntrusted input in Downloads. Reported by Anonymous on 2021-08-24\n\n- [1100761] Low CVE-2021-37994: Inappropriate implementation in iFrame\nSandbox. Reported by David Erceg on 2020-06-30\n\n- [1242315] Low CVE-2021-37995: Inappropriate implementation in WebApp\nInstaller. Reported by Terence Eden on 2021-08-23\");\n # https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0836418\");\n # https://vuxml.freebsd.org/freebsd/bdaecfad-3117-11ec-b3b0-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae669e5c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<95.0.4638.54\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:40:40", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1488-1 advisory.\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2021:1488-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1488.NASL", "href": "https://www.tenable.com/plugins/nessus/155652", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1488-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155652);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2021:1488-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1488-1 advisory.\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a\n user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced\n a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote\n attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a\n remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2KPG5DWW4SNUCP3CCQ2LC7L3RKCFTIAA/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a94c608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37996\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-81.0.4196.31-lp152.2.76.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:31:21", "description": "The version of Google Chrome installed on the remote macOS host is prior to 95.0.4638.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_10_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-19T00:00:00", "type": "nessus", "title": "Google Chrome < 95.0.4638.54 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_95_0_4638_54.NASL", "href": "https://www.tenable.com/plugins/nessus/154239", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154239);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n\n script_name(english:\"Google Chrome < 95.0.4638.54 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 95.0.4638.54. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_10_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0836418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1246631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1249810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1253399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1228248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1247395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1253746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1255332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1243020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1100761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242315\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 95.0.4638.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'95.0.4638.54', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:33:32", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1396-1 advisory.\n\n - : Heap buffer overflow in Skia. (CVE-2021-37981)\n\n - : Use after free in Incognito. (CVE-2021-37982)\n\n - : Use after free in Dev Tools. (CVE-2021-37983)\n\n - : Heap buffer overflow in PDFium. (CVE-2021-37984)\n\n - : Use after free in V8. (CVE-2021-37985)\n\n - : Heap buffer overflow in Settings. (CVE-2021-37986)\n\n - : Use after free in Network APIs. (CVE-2021-37987)\n\n - : Use after free in Profiles. (CVE-2021-37988)\n\n - : Inappropriate implementation in Blink. (CVE-2021-37989)\n\n - : Inappropriate implementation in WebView. (CVE-2021-37990)\n\n - : Race in V8. (CVE-2021-37991)\n\n - : Out of bounds read in WebAudio. (CVE-2021-37992)\n\n - : Use after free in PDF Accessibility. (CVE-2021-37993)\n\n - : Inappropriate implementation in iFrame Sandbox. (CVE-2021-37994)\n\n - : Inappropriate implementation in WebApp Installer. (CVE-2021-37995)\n\n - : Insufficient validation of untrusted input in Downloads. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-31T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1396.NASL", "href": "https://www.tenable.com/plugins/nessus/154748", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1396-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154748);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1396-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1396-1 advisory.\n\n - : Heap buffer overflow in Skia. (CVE-2021-37981)\n\n - : Use after free in Incognito. (CVE-2021-37982)\n\n - : Use after free in Dev Tools. (CVE-2021-37983)\n\n - : Heap buffer overflow in PDFium. (CVE-2021-37984)\n\n - : Use after free in V8. (CVE-2021-37985)\n\n - : Heap buffer overflow in Settings. (CVE-2021-37986)\n\n - : Use after free in Network APIs. (CVE-2021-37987)\n\n - : Use after free in Profiles. (CVE-2021-37988)\n\n - : Inappropriate implementation in Blink. (CVE-2021-37989)\n\n - : Inappropriate implementation in WebView. (CVE-2021-37990)\n\n - : Race in V8. (CVE-2021-37991)\n\n - : Out of bounds read in WebAudio. (CVE-2021-37992)\n\n - : Use after free in PDF Accessibility. (CVE-2021-37993)\n\n - : Inappropriate implementation in iFrame Sandbox. (CVE-2021-37994)\n\n - : Inappropriate implementation in WebApp Installer. (CVE-2021-37995)\n\n - : Insufficient validation of untrusted input in Downloads. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191844\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JYLHMZTJJPI73VMWKC3ARZ4PIBXUS3VM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ef07378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37996\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-95.0.4638.54-lp152.2.135.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-95.0.4638.54-lp152.2.135.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];