Debian Security Advisory

DSA-4886-1 chromium -- security update

Date Reported:
06 Apr 2021
Affected Packages:
chromium
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21163, CVE-2021-21165, CVE-2021-21166, CVE-2021-21167, CVE-2021-21168, CVE-2021-21169, CVE-2021-21170, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173, CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21177, CVE-2021-21178, CVE-2021-21179, CVE-2021-21180, CVE-2021-21181, CVE-2021-21182, CVE-2021-21183, CVE-2021-21184, CVE-2021-21185, CVE-2021-21186, CVE-2021-21187, CVE-2021-21188, CVE-2021-21189, CVE-2021-21190, CVE-2021-21191, CVE-2021-21192, CVE-2021-21193, CVE-2021-21194, CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198, CVE-2021-21199.
More information:

Several vulnerabilites have been discovered in the chromium web browser.

  • CVE-2021-21159

    Khalil Zhani discovered a buffer overflow issue in the tab implementation.

  • CVE-2021-21160

    Marcin Noga discovered a buffer overflow issue in WebAudio.

  • CVE-2021-21161

    Khalil Zhani discovered a buffer overflow issue in the tab implementation.

  • CVE-2021-21162

    A use-after-free issue was discovered in the WebRTC implementation.

  • CVE-2021-21163

    Alison Huffman discovered a data validation issue.

  • CVE-2021-21165

    Alison Huffman discovered an error in the audio implementation.

  • CVE-2021-21166

    Alison Huffman discovered an error in the audio implementation.

  • CVE-2021-21167

    Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks implementation.

  • CVE-2021-21168

    Luan Herrera discovered a policy enforcement error in the appcache.

  • CVE-2021-21169

    Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the v8 javascript library.

  • CVE-2021-21170

    David Erceg discovered a user interface error.

  • CVE-2021-21171

    Irvan Kurniawan discovered a user interface error.

  • CVE-2021-21172

    Maciej Pulikowski discovered a policy enforcement error in the File System API.

  • CVE-2021-21173

    Tom Van Goethem discovered a network based information leak.

  • CVE-2021-21174

    Ashish Guatam Kambled discovered an implementation error in the Referrer policy.

  • CVE-2021-21175

    Jun Kokatsu discovered an implementation error in the Site Isolation feature.

  • CVE-2021-21176

    Luan Herrera discovered an implementation error in the full screen mode.

  • CVE-2021-21177

    Abdulrahman Alqabandi discovered a policy enforcement error in the Autofill feature.

  • CVE-2021-21178

    Japong discovered an error in the Compositor implementation.

  • CVE-2021-21179

    A use-after-free issue was discovered in the networking implementation.

  • CVE-2021-21180

    Abdulrahman Alqabandi discovered a use-after-free issue in the tab search feature.

  • CVE-2021-21181

    Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel information leak in the Autofill feature.

  • CVE-2021-21182

    Luan Herrera discovered a policy enforcement error in the site navigation implementation.

  • CVE-2021-21183

    Takashi Yoneuchi discovered an implementation error in the Performance API.

  • CVE-2021-21184

    James Hartig discovered an implementation error in the Performance API.

  • CVE-2021-21185

    David Erceg discovered a policy enforcement error in Extensions.

  • CVE-2021-21186

    dhirajkumarnifty discovered a policy enforcement error in the QR scan implementation.

  • CVE-2021-21187

    Kirtikumar Anandrao Ramchandani discovered a data validation error in URL formatting.

  • CVE-2021-21188

    Woojin Oh discovered a use-after-free issue in Blink/Webkit.

  • CVE-2021-21189

    Khalil Zhani discovered a policy enforcement error in the Payments implementation.

  • CVE-2021-21190

    Zhou Aiting discovered use of uninitialized memory in the pdfium library.

  • CVE-2021-21191

    raven discovered a use-after-free issue in the WebRTC implementation.

  • CVE-2021-21192

    Abdulrahman Alqabandi discovered a buffer overflow issue in the tab implementation.

  • CVE-2021-21193

    A use-after-free issue was discovered in Blink/Webkit.

  • CVE-2021-21194

    Leecraso and Guang Gong discovered a use-after-free issue in the screen capture feature.

  • CVE-2021-21195

    Liu and Liang discovered a use-after-free issue in the v8 javascript library.

  • CVE-2021-21196

    Khalil Zhani discovered a buffer overflow issue in the tab implementation.

  • CVE-2021-21197

    Abdulrahman Alqabandi discovered a buffer overflow issue in the tab implementation.

  • CVE-2021-21198

    Mark Brand discovered an out-of-bounds read issue in the Inter-Process Communication implementation.

  • CVE-2021-21199

    Weipeng Jiang discovered a use-after-free issue in the Aura window and event manager.

For the stable distribution (buster), these problems have been fixed in version 89.0.4389.114-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium