Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2021:0166-1
HistoryJan 26, 2021 - 12:00 a.m.

Security update for chromium (important)

2021-01-2600:00:00
lists.opensuse.org
16

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

An update that fixes 26 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium was updated to 88.0.4324.96 boo#1181137

  • CVE-2021-21117: Insufficient policy enforcement in Cryptohome
  • CVE-2021-21118: Insufficient data validation in V8
  • CVE-2021-21119: Use after free in Media
  • CVE-2021-21120: Use after free in WebSQL
  • CVE-2021-21121: Use after free in Omnibox
  • CVE-2021-21122: Use after free in Blink
  • CVE-2021-21123: Insufficient data validation in File System API
  • CVE-2021-21124: Potential user after free in Speech Recognizer
  • CVE-2021-21125: Insufficient policy enforcement in File System API
  • CVE-2020-16044: Use after free in WebRTC
  • CVE-2021-21126: Insufficient policy enforcement in extensions
  • CVE-2021-21127: Insufficient policy enforcement in extensions
  • CVE-2021-21128: Heap buffer overflow in Blink
  • CVE-2021-21129: Insufficient policy enforcement in File System API
  • CVE-2021-21130: Insufficient policy enforcement in File System API
  • CVE-2021-21131: Insufficient policy enforcement in File System API
  • CVE-2021-21132: Inappropriate implementation in DevTools
  • CVE-2021-21133: Insufficient policy enforcement in Downloads
  • CVE-2021-21134: Incorrect security UI in Page Info
  • CVE-2021-21135: Inappropriate implementation in Performance API
  • CVE-2021-21136: Insufficient policy enforcement in WebView
  • CVE-2021-21137: Inappropriate implementation in DevTools
  • CVE-2021-21138: Use after free in DevTools
  • CVE-2021-21139: Inappropriate implementation in iframe sandbox
  • CVE-2021-21140: Uninitialized Use in USB
  • CVE-2021-21141: Insufficient policy enforcement in File System API

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.1:

    zypper in -t patch openSUSE-2021-166=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.1x86_64< - openSUSE Leap 15.1 (x86_64):- openSUSE Leap 15.1 (x86_64):.x86_64.rpm

Related

suse 5
nessus 14
fedora 2
kaspersky 3
freebsd 1
openvas 10
archlinux 2
chrome 1
gentoo 1
osv 2
debian 2
mageia 2
veracode 22
mscve 20
alpinelinux 12
debiancve 22
cve 23
prion 22
ubuntucve 23
redhatcve 3
oraclelinux 2
attackerkb 1
centos 1
redhat 3
suse
suse
Security update for chromium (important)
2021-01-29 00:00:00
Security update for chromium (important)
2021-01-27 00:00:00
Security update for chromium (important)
2021-01-27 00:00:00
nessus
nessus
Fedora 32 : chromium (2021-b7cc24375b)
2021-02-01 00:00:00
Google Chrome < 88.0.4324.96 Multiple Vulnerabilities
2021-01-19 00:00:00
Microsoft Edge (Chromium) < 88.0.705.50 Multiple Vulnerabilities
2021-01-26 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: chromium-88.0.4324.96-1.fc32
2021-01-31 01:10:19
[SECURITY] Fedora 33 Update: chromium-88.0.4324.96-1.fc33
2021-01-24 01:30:29
kaspersky
kaspersky
KLA12178 Multiple vulnerabilities in Opera
2021-02-03 00:00:00
KLA12048 Multiple vulnerabilities in Google Chrome
2021-01-19 00:00:00
KLA12049 Multiple vulnerabilities in Microsoft Browsers
2021-01-21 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-01-19 00:00:00
openvas
openvas
openSUSE: Security Advisory for chromium (openSUSE-SU-2021:0173-1)
2021-04-16 00:00:00
Google Chrome Security Updates (stable-channel-update-for-desktop_19-2021-01) - Mac OS X
2021-01-20 00:00:00
Google Chrome Security Updates (stable-channel-update-for-desktop_19-2021-01) - Windows
2021-01-20 00:00:00
archlinux
archlinux
[ASA-202102-5] opera: multiple issues
2021-02-06 00:00:00
[ASA-202102-4] vivaldi: multiple issues
2021-02-06 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-01-19 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2021-01-22 00:00:00
osv
osv
chromium - security update
2021-02-07 00:00:00
firefox vulnerability
2021-01-08 01:40:57
debian
debian
[SECURITY] [DSA 4846-1] chromium security update
2021-02-07 19:07:28
[SECURITY] [DSA 4846-1] chromium security update
2021-02-07 19:07:28
mageia
mageia
Updated qtwebengine5 packages fix security vulnerabilities
2021-08-15 11:38:04
Updated thunderbird packages fix a security vulnerability
2021-01-14 18:13:25
veracode
veracode
Denial Of Service (DoS)
2021-01-22 21:32:18
Sandbox Restrictions Bypass
2021-01-22 21:31:44
Insufficient Policy Enforcement
2021-01-22 21:31:55
mscve
mscve
Chromium CVE-2021-21130: Insufficient policy enforcement in File System API
2021-01-21 08:00:00
Chromium CVE-2021-21119: Use after free in Media
2021-01-21 08:00:00
Chromium CVE-2021-21132: Inappropriate implementation in DevTools
2021-01-21 08:00:00
alpinelinux
alpinelinux
CVE-2021-21138
2021-02-09 14:15:00
CVE-2021-21132
2021-02-09 14:15:00
CVE-2021-21119
2021-02-09 14:15:00
debiancve
debiancve
CVE-2021-21138
2021-02-09 14:15:00
CVE-2021-21128
2021-02-09 14:15:00
CVE-2021-21117
2021-02-09 14:15:00
cve
cve
CVE-2021-21139
2021-02-09 14:15:00
CVE-2021-21130
2021-02-09 14:15:00
CVE-2021-21118
2021-02-09 14:15:00
prion
prion
Design/Logic Flaw
2021-02-09 14:15:00
Design/Logic Flaw
2021-02-09 14:15:00
Privilege escalation
2021-02-09 14:15:00
ubuntucve
ubuntucve
CVE-2021-21133
2021-02-09 00:00:00
CVE-2021-21119
2021-02-09 00:00:00
CVE-2021-21138
2021-02-09 00:00:00
redhatcve
redhatcve
CVE-2021-21135
2022-05-20 23:17:46
CVE-2021-21131
2022-05-20 22:45:08
CVE-2020-16044
2021-01-07 00:05:04
oraclelinux
oraclelinux
firefox security update
2021-01-11 00:00:00
thunderbird security update
2021-01-13 00:00:00
attackerkb
attackerkb
CVE-2020-16044
2021-02-09 00:00:00
centos
centos
thunderbird security update
2021-01-15 20:31:45
redhat
redhat
(RHSA-2021:0089) Critical: thunderbird security update
2021-01-13 10:23:19
(RHSA-2021:0088) Critical: thunderbird security update
2021-01-13 10:23:07
(RHSA-2021:0052) Critical: firefox security update
2021-01-11 09:35:29

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for OPENSUSE-SU-2021:0166-1
suse5nessus14fedora2kaspersky3freebsd1openvas10archlinux2chrome1gentoo1osv2debian2mageia2veracode22mscve20alpinelinux12debiancve22cve23prion22ubuntucve23redhatcve3oraclelinux2attackerkb1centos1redhat3