[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 4917-1] chromium security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4917-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
May 17, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509
                 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513
                 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517
                 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2021-30506

    @retsew0x01 discovered an error in the Web App installation interface.

CVE-2021-30507

    Alison Huffman discovered an error in the Offline mode.

CVE-2021-30508

    Leecraso and Guang Gong discovered a buffer overflow issue in the Media
    Feeds implementation.

CVE-2021-30509

    David Erceg discovered an out-of-bounds write issue in the Tab Strip
    implementation.

CVE-2021-30510

    Weipeng Jiang discovered a race condition in the aura window manager.

CVE-2021-30511

    David Erceg discovered an out-of-bounds read issue in the Tab Strip
    implementation.

CVE-2021-30512

    ZhanJia Song discovered a use-after-free issue in the notifications
    implementation.

CVE-2021-30513

    Man Yue Mo discovered an incorrect type in the v8 javascript library.

CVE-2021-30514

    koocola and Wang discovered a use-after-free issue in the Autofill
    feature.

CVE-2021-30515

    Rong Jian and Guang Gong discovered a use-after-free issue in the file
    system access API.

CVE-2021-30516

    ZhanJia Song discovered a buffer overflow issue in the browsing history.

CVE-2021-30517

    Jun Kokatsu discovered a buffer overflow issue in the reader mode.

CVE-2021-30518

    laural discovered use of an incorrect type in the v8 javascript library.

CVE-2021-30519

    asnine discovered a use-after-free issue in the Payments feature.

CVE-2021-30520

    Khalil Zhani discovered a use-after-free issue in the Tab Strip
    implementation.

For the stable distribution (buster), these problems have been fixed in
version 90.0.4430.212-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmCjKigACgkQmD40ZYkU
aygutiAAoTR+pOTfxVWYgdzkPI4z5VSeoFm6nWmE2UhB+yowe7MSczx69hJ9O0DF
c+KyNJkolgkOA6Vu8oywbYhikIj5wSVhFwq3CuAE8IGyDF2T1qNeGiVfXyzO1VHK
r/3zSLZIa7vvRL3/Znb+lhGbrXCAgMEDizzztvIVuZq9vnV6oYDpBVCaSCmk2nBv
AUcuRkBiYp3WEKwOs3N3LJ96WwcObjXUEIyioGXMyczJDRNSN5M7m65A8dlogAvx
tHNipgcMcMU08sAR3Zrw6AwKDqQRaq0tuDmgf85cLDKKAWpJgA8UQQe5l6NJPjlB
WQ0ZvJwO4U2oTKjb7kLBSkZsnqeXqor44Hi+2hcW+4ZhL55N9Cq0rjzeNyUbi5Bl
sGnWrpgg6llIh0e40g6Niq47/1fUMHtiCHrqvn0/lkdpWQ3UvPHV+efWPe1KpIaT
vhq7ja/wS/zIr4glVIvzXprV9vJH1dKcPB/dukdb2jZWBeEF4Dj7GqP+hHMpqR1x
KodWOsInNC+aqiPb6r5VCMpm3l1KxiI8bdTzhPz5cmSlb3n/DuDlGq2bmjA02FGy
2u19R1S7bQbn8yUOB5KGwYnWNVdYo6VugEkfCEnmc0D3ev5LWx9fdqunrZhqWfeZ
izWG5WfutUmIeZ2+SqdFdGUC50ZSCppdnH2Nmc31QvpZfDy2WQk/FtieyCKRm3D1
Oo1rD4GHbw+WCJfQbmSIwit0AZJVG5hyIOComzojMMQdFyihv5N59sZ2LHBOFl3r
J67x9cdPcNCHIKE+hmvnLcf2N+GPSM4PTFyibs5cmUMlsiNnInQVcizV6a25nY8X
iiI7OoG3W+hHcxY3hcl8nHrI/KiQ/ji7yY1bzjfmjR7uEMKhNQz3GH7XAdGo7B5+
HDPg/UH/euXRl+1Gwco6sY5k6Zs/Fl2VdFVFBiqtqd8RO1wltC4XK1JrEKHp3L3d
mADBUgOZHWRNcVNvCLwO59/9hmViQMhwRh1M7Lh1EqhDCfCOuN+2f/rexPDPB7a8
hu9fn4e18Aexc9naqr/JpJxYL+zfbDJgy04ms/2iqR94mQVFd/ON7DtNgfnkfbCB
HXInjHkzTpCxFw8otbPIY2A9aXH1PeT1jNB6oQWF0cJv8WpSw4AV1xU3GaPw323g
4eG0BJ9RlR3cpfvcOQEdvZoaOvZdIgPGM2TvcbHPTjQ7kXYaFlYyCsA7jpwE4aWW
WnYkiY4it9vZi2kmoYNOZbnB7m/w1AA5JmLBkXaNLTHDLU/Lm8YodPirDM9gjae5
3HZLZnmjjZHC0swahD8J8D0XfxwZvonee07pEFKhbL+/pjbs2TeSivOhIwTp9VVo
7KROY+DZ08ZtOkS8mIsHy91+Uh+Wlg==
=7EHh
-----END PGP SIGNATURE-----


Reply to: