ArchLinux: 202101-20: vivaldi: multiple issues
Summary
- CVE-2020-15995 (arbitrary code execution)
An out of bounds write security issue has been found in the V8
component of the Chromium browser before version 87.0.4280.141.
- CVE-2020-16043 (insufficient validation)
An insufficient data validation security issue has been found in the
networking component of the Chromium browser before version
87.0.4280.141.
- CVE-2021-21106 (arbitrary code execution)
A use after free security issue has been found in the autofill
component of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21107 (arbitrary code execution)
A use after free security issue has been found in the drag and drop
component of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21108 (arbitrary code execution)
A use after free security issue has been found in the media component
of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21109 (arbitrary code execution)
A use after free security issue has been found in the payments
component of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21110 (arbitrary code execution)
A use after free security issue has been found in the safe browsing
component of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21111 (access restriction bypass)
An insufficient policy enforcement security issue has been found in the
WebUI component of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21112 (arbitrary code execution)
A use after free security issue has been found in the Blink component
of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21113 (arbitrary code execution)
A heap buffer overflow security issue has been found in the Skia
component of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21114 (arbitrary code execution)
A use after free security issue has been found in the audio component
of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21115 (arbitrary code execution)
A use after free security issue has been found in the safe browsing
component of the Chromium browser before version 87.0.4280.141.
- CVE-2021-21116 (arbitrary code execution)
A heap buffer overflow security issue has been found in the audio
component of the Chromium browser before version 87.0.4280.141.
Resolution
Upgrade to 3.5.2115.87-1.
# pacman -Syu "vivaldi>=3.5.2115.87-1"
The problems have been fixed upstream in version 3.5.2115.87.
References
https://vivaldi.com/blog/desktop/minor-update-for-vivaldi-desktop-browser-3-5/ https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2020-15995 https://security.archlinux.org/CVE-2020-16043 https://security.archlinux.org/CVE-2021-21106 https://security.archlinux.org/CVE-2021-21107 https://security.archlinux.org/CVE-2021-21108 https://security.archlinux.org/CVE-2021-21109 https://security.archlinux.org/CVE-2021-21110 https://security.archlinux.org/CVE-2021-21111 https://security.archlinux.org/CVE-2021-21112 https://security.archlinux.org/CVE-2021-21113 https://security.archlinux.org/CVE-2021-21114 https://security.archlinux.org/CVE-2021-21115 https://security.archlinux.org/CVE-2021-21116
Workaround
None.