ArchLinux: 202102-6: chromium: multiple issues
Summary
- CVE-2021-21142 (arbitrary code execution)
A use after free security issue was found in the Payments component of
the Chromium browser before version 88.0.4324.146.
- CVE-2021-21143 (arbitrary code execution)
A heap buffer overflow security issue was found in the Extensions
component of the Chromium browser before version 88.0.4324.146.
- CVE-2021-21144 (arbitrary code execution)
A heap buffer overflow security issue was found in the Tab Groups
component of the Chromium browser before version 88.0.4324.146.
- CVE-2021-21145 (arbitrary code execution)
A use after free security issue was found in the Fonts component of the
Chromium browser before version 88.0.4324.146.
- CVE-2021-21146 (arbitrary code execution)
A use after free security issue was found in the Navigation component
of the Chromium browser before version 88.0.4324.146.
- CVE-2021-21147 (incorrect calculation)
An inappropriate implementation security issue was found in the Skia
component of the Chromium browser before version 88.0.4324.146.
- CVE-2021-21148 (arbitrary code execution)
A heap buffer overflow security issue was found in the V8 component of
the Chromium browser before version 88.0.4324.150.
Resolution
Upgrade to 88.0.4324.150-1.
# pacman -Syu "chromium>=88.0.4324.150-1"
The problems have been fixed upstream in version 88.0.4324.150.
References
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2021-21142 https://security.archlinux.org/CVE-2021-21143 https://security.archlinux.org/CVE-2021-21144 https://security.archlinux.org/CVE-2021-21145 https://security.archlinux.org/CVE-2021-21146 https://security.archlinux.org/CVE-2021-21147 https://security.archlinux.org/CVE-2021-21148
Workaround
None.