Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2021:0401-1
HistoryMar 10, 2021 - 12:00 a.m.

Security update for chromium (important)

2021-03-1000:00:00
lists.opensuse.org
33
chromium
security update
heap buffer overflow
use after free
insufficient data validation
object lifecycle issue
out of bounds memory access
incorrect security ui
side-channel information leakage
inappropriate implementation
insufficient policy enforcement
uninitialized use
stack overflow
patch instructions

EPSS

0.038

Percentile

92.0%

JSON

An update that fixes 42 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Update to 89.0.4389.72 (boo#1182358, boo#1182960):

  • CVE-2021-21159: Heap buffer overflow in TabStrip.
  • CVE-2021-21160: Heap buffer overflow in WebAudio.
  • CVE-2021-21161: Heap buffer overflow in TabStrip.
  • CVE-2021-21162: Use after free in WebRTC.
  • CVE-2021-21163: Insufficient data validation in Reader Mode.
  • CVE-2021-21164: Insufficient data validation in Chrome for iOS.
  • CVE-2021-21165: Object lifecycle issue in audio.
  • CVE-2021-21166: Object lifecycle issue in audio.
  • CVE-2021-21167: Use after free in bookmarks.
  • CVE-2021-21168: Insufficient policy enforcement in appcache.
  • CVE-2021-21169: Out of bounds memory access in V8.
  • CVE-2021-21170: Incorrect security UI in Loader.
  • CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
  • CVE-2021-21172: Insufficient policy enforcement in File System API.
  • CVE-2021-21173: Side-channel information leakage in Network Internals.
  • CVE-2021-21174: Inappropriate implementation in Referrer.
  • CVE-2021-21175: Inappropriate implementation in Site isolation.
  • CVE-2021-21176: Inappropriate implementation in full screen mode.
  • CVE-2021-21177: Insufficient policy enforcement in Autofill.
  • CVE-2021-21178: Inappropriate implementation in Compositing.
  • CVE-2021-21179: Use after free in Network Internals.
  • CVE-2021-21180: Use after free in tab search.
  • CVE-2020-27844: Heap buffer overflow in OpenJPEG.
  • CVE-2021-21181: Side-channel information leakage in autofill.
  • CVE-2021-21182: Insufficient policy enforcement in navigations.
  • CVE-2021-21183: Inappropriate implementation in performance APIs.
  • CVE-2021-21184: Inappropriate implementation in performance APIs.
  • CVE-2021-21185: Insufficient policy enforcement in extensions.
  • CVE-2021-21186: Insufficient policy enforcement in QR scanning.
  • CVE-2021-21187: Insufficient data validation in URL formatting.
  • CVE-2021-21188: Use after free in Blink.
  • CVE-2021-21189: Insufficient policy enforcement in payments.
  • CVE-2021-21190: Uninitialized Use in PDFium.
  • CVE-2021-21149: Stack overflow in Data Transfer.
  • CVE-2021-21150: Use after free in Downloads.
  • CVE-2021-21151: Use after free in Payments.
  • CVE-2021-21152: Heap buffer overflow in Media.
  • CVE-2021-21153: Stack overflow in GPU Process.
  • CVE-2021-21154: Heap buffer overflow in Tab Strip.
  • CVE-2021-21155: Heap buffer overflow in Tab Strip.
  • CVE-2021-21156: Heap buffer overflow in V8.
  • CVE-2021-21157: Use after free in Web Sockets.
  • Fixed Sandbox with glibc 2.33 (boo#1182233)
  • Fixed an issue where chromium hangs on opening (boo#1182775).

This update was imported from the openSUSE:Leap:15.2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15-SP2:

    zypper in -t patch openSUSE-2021-401=1

Related

suse 2
nessus 16
openvas 18
fedora 4
chrome 2
kaspersky 5
freebsd 2
mageia 2
archlinux 2
debian 3
osv 2
threatpost 1
malwarebytes 1
gentoo 1
cvelist 13
rapid7blog 1
cve 15
nvd 10
prion 15
mscve 13
alpinelinux 15
debiancve 16
ubuntucve 18
veracode 20
redhatcve 2
suse
suse
Security update for chromium (important)
2021-03-08 00:00:00
Security update for opera (important)
2021-03-16 00:00:00
nessus
nessus
Google Chrome < 89.0.4389.72 Multiple Vulnerabilities
2021-03-02 00:00:00
Google Chrome < 89.0.4389.72 Multiple Vulnerabilities
2021-03-02 00:00:00
openSUSE Security Update : chromium (openSUSE-2021-392)
2021-03-10 00:00:00
openvas
openvas
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Mar 2021)
2021-03-15 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2021:0392-1)
2021-04-16 00:00:00
Fedora: Security Advisory for chromium (FEDORA-2021-c88a96bd4b)
2021-03-20 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: chromium-89.0.4389.82-1.fc32
2021-03-20 01:15:37
[SECURITY] Fedora 34 Update: chromium-89.0.4389.90-3.fc34
2021-04-05 00:18:43
[SECURITY] Fedora 33 Update: chromium-89.0.4389.90-3.fc33
2021-04-01 01:51:39
chrome
chrome
Stable Channel Update for Desktop
2021-03-02 00:00:00
Stable Channel Update for Desktop
2021-02-16 00:00:00
kaspersky
kaspersky
KLA12106 Multiple vulnerabilities in Google Chrome
2021-03-02 00:00:00
KLA12107 Multiple vulnerabilities in Microsoft Browser
2021-03-04 00:00:00
KLA12089 Multiple vulnerabilities in Google Chrome
2021-02-16 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-03-02 00:00:00
chromium -- multiple vulnerabilities
2021-02-16 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2021-03-17 14:01:53
Updated openjpeg2 packages fix security vulnerability
2021-03-03 01:33:06
archlinux
archlinux
[ASA-202103-19] vivaldi: multiple issues
2021-03-25 00:00:00
[ASA-202103-8] opera: arbitrary code execution
2021-03-13 00:00:00
debian
debian
[SECURITY] [DSA 4886-1] chromium security update
2021-04-06 13:38:49
[SECURITY] [DSA 4858-1] chromium security update
2021-02-20 02:29:52
[SECURITY] [DSA 4886-1] chromium security update
2021-04-06 13:38:49
osv
osv
chromium - security update
2021-04-06 00:00:00
chromium - security update
2021-02-19 00:00:00
threatpost
threatpost
Google Patches Actively Exploited Flaw in Chrome Browser
2021-03-03 21:17:14
malwarebytes
malwarebytes
Update now! Chrome fix patches in-the-wild zero-day
2021-03-04 13:24:38
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2021-04-30 00:00:00
cvelist
cvelist
CVE-2021-21187
2021-03-09 17:46:28
CVE-2021-21167
2021-03-09 17:46:14
CVE-2021-21153
2021-02-22 21:20:35
rapid7blog
rapid7blog
Patch Tuesday - March 2021
2021-03-09 22:13:03
cve
cve
CVE-2021-21183
2021-03-09 18:15:17
CVE-2021-21186
2021-03-09 18:15:17
CVE-2021-21175
2021-03-09 18:15:16
nvd
nvd
CVE-2021-21183
2021-03-09 18:15:17
CVE-2021-21172
2021-03-09 18:15:16
CVE-2021-21190
2021-03-09 18:15:17
prion
prion
Design/Logic Flaw
2021-03-09 18:15:00
Design/Logic Flaw
2021-03-09 18:15:00
Design/Logic Flaw
2021-01-05 18:15:00
mscve
mscve
Chromium CVE-2021-21172: Insufficient policy enforcement in File System API
2021-03-04 20:04:06
Chromium: CVE-2021-21150 Use after free in Downloads
2021-02-17 23:31:00
Chromium CVE-2021-21155: Heap buffer overflow in Tab Strip
2021-02-17 23:44:12
alpinelinux
alpinelinux
CVE-2021-21188
2021-03-09 18:15:17
CVE-2021-21175
2021-03-09 18:15:16
CVE-2021-21189
2021-03-09 18:15:17
debiancve
debiancve
CVE-2021-21175
2021-03-09 18:15:16
CVE-2021-21156
2021-02-22 22:15:12
CVE-2021-21150
2021-02-22 22:15:12
ubuntucve
ubuntucve
CVE-2021-21156
2021-02-22 00:00:00
CVE-2021-21184
2021-03-09 00:00:00
CVE-2021-21186
2021-03-09 00:00:00
veracode
veracode
Information Disclosure
2021-03-09 14:32:14
Information Disclosure
2021-04-29 13:27:26
Insufficient Policy Enforcement
2021-03-09 14:26:18
redhatcve
redhatcve
CVE-2021-21170
2022-05-20 23:12:31
CVE-2020-27844
2020-12-14 19:26:31

EPSS

0.038

Percentile

92.0%

JSON
Related for OPENSUSE-SU-2021:0401-1
suse2nessus16openvas18fedora4chrome2kaspersky5freebsd2mageia2archlinux2debian3osv2threatpost1malwarebytes1gentoo1cvelist13rapid7blog1cve15nvd10prion15mscve13alpinelinux15debiancve16ubuntucve18veracode20redhatcve2