Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4858-1:7131E
HistoryFeb 20, 2021 - 2:29 a.m.

[SECURITY] [DSA 4858-1] chromium security update

2021-02-2002:29:52
lists.debian.org
112
chromium
cve-2021-21148
buffer overflow
stack overflow
use-after-free
media handling
gpu process
tab strip
web sockets
debian
security advisory

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.011

Percentile

84.8%

JSON

Debian Security Advisory DSA-4858-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
February 19, 2021 https://www.debian.org/security/faq

Package : chromium
CVE ID : CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151
CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155
CVE-2021-21156 CVE-2021-21157

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2021-21148

Mattias Buelens discovered a buffer overflow issue in the v8 javascript
library.

CVE-2021-21149

Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer
implementation.

CVE-2021-21150

Woojin Oh discovered a use-after-free issue in the file downloader.

CVE-2021-21151

Khalil Zhani discovered a use-after-free issue in the payments system.

CVE-2021-21152

A buffer overflow was discovered in media handling.

CVE-2021-21153

Jan Ruge discovered a stack overflow issue in the GPU process.

CVE-2021-21154

Abdulrahman Alqabandi discovered a buffer overflow issue in the Tab Strip
implementation.

CVE-2021-21155

Khalil Zhani discovered a buffer overflow issue in the Tab Strip
implementation.

CVE-2021-21156

Sergei Glazunov discovered a buffer overflow issue in the v8 javascript
library.

CVE-2021-21157

A use-after-free issue was discovered in the Web Sockets implementation.

For the stable distribution (buster), these problems have been fixed in
version 88.0.4324.182-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10armhfchromium-common-dbgsym< 88.0.4324.182-1~deb10u1chromium-common-dbgsym_88.0.4324.182-1~deb10u1_armhf.deb
Debian10arm64chromium-driver< 88.0.4324.182-1~deb10u1chromium-driver_88.0.4324.182-1~deb10u1_arm64.deb
Debian10amd64chromium-shell< 88.0.4324.182-1~deb10u1chromium-shell_88.0.4324.182-1~deb10u1_amd64.deb
Debian10arm64chromium< 88.0.4324.182-1~deb10u1chromium_88.0.4324.182-1~deb10u1_arm64.deb
Debian10i386chromium-driver< 88.0.4324.182-1~deb10u1chromium-driver_88.0.4324.182-1~deb10u1_i386.deb
Debian10i386chromium-common< 88.0.4324.182-1~deb10u1chromium-common_88.0.4324.182-1~deb10u1_i386.deb
Debian10i386chromium-shell< 88.0.4324.182-1~deb10u1chromium-shell_88.0.4324.182-1~deb10u1_i386.deb
Debian10armhfchromium< 88.0.4324.182-1~deb10u1chromium_88.0.4324.182-1~deb10u1_armhf.deb
Debian10amd64chromium-driver-dbgsym< 88.0.4324.182-1~deb10u1chromium-driver-dbgsym_88.0.4324.182-1~deb10u1_amd64.deb
Debian10amd64chromium-sandbox< 88.0.4324.182-1~deb10u1chromium-sandbox_88.0.4324.182-1~deb10u1_amd64.deb
Rows per page:
1-10 of 421

Related

nessus 18
chrome 2
openvas 16
suse 8
osv 5
archlinux 3
kaspersky 6
fedora 4
freebsd 2
ubuntucve 10
debiancve 10
mscve 10
cvelist 10
veracode 10
alpinelinux 7
cve 10
nvd 10
prion 10
redhatcve 1
checkpoint_advisories 1
attackerkb 2
malwarebytes 2
cisa_kev 1
mageia 1
thn 11
threatpost 4
krebs 1
gentoo 1
securelist 1
googleprojectzero 1
rapid7blog 1
qualysblog 2
nessus
nessus
Debian DSA-4858-1 : chromium - security update
2021-02-22 00:00:00
openSUSE Security Update : opera (openSUSE-2021-413)
2021-04-20 00:00:00
Google Chrome < 88.0.4324.182 Multiple Vulnerabilities
2021-02-16 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-02-16 00:00:00
Stable Channel Update for Desktop
2021-02-04 00:00:00
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop_16-2021-02) - Windows
2021-02-23 00:00:00
Debian: Security Advisory (DSA-4858-1)
2021-02-21 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_16-2021-02) - Mac OS X
2021-02-23 00:00:00
suse
suse
Security update for opera (important)
2021-03-16 00:00:00
Security update for opera (important)
2021-02-15 00:00:00
Security update for chromium (important)
2021-02-11 00:00:00
osv
osv
chromium - security update
2021-02-19 00:00:00
CVE-2021-21148
2021-02-09 16:15:12
nodejs14-14.17.5-1.2 on GA media
2024-06-15 00:00:00
archlinux
archlinux
[ASA-202103-8] opera: arbitrary code execution
2021-03-13 00:00:00
[ASA-202102-6] chromium: multiple issues
2021-02-06 00:00:00
[ASA-202102-4] vivaldi: multiple issues
2021-02-06 00:00:00
kaspersky
kaspersky
KLA12089 Multiple vulnerabilities in Google Chrome
2021-02-16 00:00:00
KLA12093 Multiple vulnerabilities in Microsoft Browser
2021-02-17 00:00:00
KLA12180 Multiple vulnerabilities in Opera
2021-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: chromium-88.0.4324.182-1.fc33
2021-02-28 17:27:09
[SECURITY] Fedora 32 Update: chromium-89.0.4389.82-1.fc32
2021-03-20 01:15:37
[SECURITY] Fedora 33 Update: chromium-88.0.4324.150-1.fc33
2021-02-10 01:20:58
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-02-16 00:00:00
chromium -- heap buffer overflow in V8
2021-02-04 00:00:00
ubuntucve
ubuntucve
CVE-2021-21156
2021-02-22 00:00:00
CVE-2021-21149
2021-02-22 00:00:00
CVE-2021-21154
2021-02-22 00:00:00
debiancve
debiancve
CVE-2021-21156
2021-02-22 22:15:12
CVE-2021-21150
2021-02-22 22:15:12
CVE-2021-21154
2021-02-22 22:15:12
mscve
mscve
Chromium: CVE-2021-21150 Use after free in Downloads
2021-02-17 23:31:00
Chromium CVE-2021-21155: Heap buffer overflow in Tab Strip
2021-02-17 23:44:12
Chromium: CVE-2021-21154 Heap buffer overflow in Tab Strip
2021-02-17 23:40:38
cvelist
cvelist
CVE-2021-21153
2021-02-22 21:20:35
CVE-2021-21155
2021-02-22 21:20:36
CVE-2021-21156
2021-02-22 21:20:37
veracode
veracode
Remote Code Execution (RCE)
2021-02-19 01:24:36
Arbitrary Code Execution
2021-02-19 01:24:35
Denial Of Service (DoS)
2021-02-19 01:24:40
alpinelinux
alpinelinux
CVE-2021-21150
2021-02-22 22:15:12
CVE-2021-21153
2021-02-22 22:15:12
CVE-2021-21156
2021-02-22 22:15:12
cve
cve
CVE-2021-21150
2021-02-22 22:15:12
CVE-2021-21153
2021-02-22 22:15:12
CVE-2021-21152
2021-02-22 22:15:12
nvd
nvd
CVE-2021-21152
2021-02-22 22:15:12
CVE-2021-21155
2021-02-22 22:15:12
CVE-2021-21154
2021-02-22 22:15:12
prion
prion
Heap overflow
2021-02-22 22:15:00
Heap overflow
2021-02-22 22:15:00
Stack overflow
2021-02-22 22:15:00
redhatcve
redhatcve
CVE-2021-21152
2022-05-20 23:00:17
checkpoint_advisories
checkpoint_advisories
Google Chrome Buffer Overflow (CVE-2021-21153)
2021-05-31 00:00:00
attackerkb
attackerkb
CVE-2021-21148
2021-02-09 00:00:00
CVE-2021-21193
2021-03-16 00:00:00
malwarebytes
malwarebytes
Update now! Chrome patches zero-day that was exploited in the wild
2021-02-05 12:14:04
Update now! Google Chrome fixes two in-the-wild zero-days
2021-09-14 16:28:47
cisa_kev
cisa_kev
Google Chromium V8 Heap Buffer Overflow Vulnerability
2021-11-03 00:00:00
mageia
mageia
Updated qtwebengine5 packages fix security vulnerabilities
2021-08-15 11:38:04
thn
thn
New Chrome Browser 0-day Under Active Attack—Update Immediately!
2021-02-05 07:40:00
New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!
2021-03-03 06:03:00
Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild
2021-03-13 03:16:00
threatpost
threatpost
Google Chrome Zero-Day Afflicts Windows, Mac Users
2021-02-05 15:47:55
Google Chrome Bug Actively Exploited as Zero-Day
2022-03-30 16:14:30
Pair of Google Chrome Zero-Day Bugs Actively Exploited
2021-09-14 15:03:41
krebs
krebs
Microsoft Patch Tuesday, February 2021 Edition
2021-02-09 22:37:19
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2021-04-30 00:00:00
securelist
securelist
IT threat evolution Q1 2021. Non-mobile statistics
2021-05-31 10:00:05
googleprojectzero
googleprojectzero
The More You Know, The More You Know You Don’t Know
2022-04-19 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - February 2021
2021-02-09 23:51:27
qualysblog
qualysblog
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.011

Percentile

84.8%

JSON
Related for DEBIAN:DSA-4858-1:7131E
nessus18chrome2openvas16suse8osv5archlinux3kaspersky6fedora4freebsd2ubuntucve10debiancve10mscve10cvelist10veracode10alpinelinux7cve10nvd10prion10redhatcve1checkpoint_advisories1attackerkb2malwarebytes2cisa_kev1mageia1thn11threatpost4krebs1gentoo1securelist1googleprojectzero1rapid7blog1qualysblog2