ArchLinux: 202103-19: vivaldi: multiple issues
Summary
- CVE-2020-27844 (arbitrary code execution)
A heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in
the current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of
OpenJPEG.
- CVE-2021-21159 (arbitrary code execution)
A heap buffer overflow security issue was found in the TabStrip
component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21160 (arbitrary code execution)
A heap buffer overflow security issue was found in the WebAudio
component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21161 (arbitrary code execution)
A heap buffer overflow security issue was found in the TabStrip
component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21162 (arbitrary code execution)
A use after free security issue was found in the WebRTC component of
the Chromium browser before version 89.0.4389.72.
- CVE-2021-21163 (insufficient validation)
An insufficient data validation security issue was found in the Reader
Mode component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21165 (arbitrary code execution)
An object lifecycle security issue was found in the audio component of
the Chromium browser before version 89.0.4389.72.
- CVE-2021-21166 (arbitrary code execution)
An object lifecycle security issue was found in the audio component of
the Chromium browser before version 89.0.4389.72.
- CVE-2021-21167 (arbitrary code execution)
A use after free security issue was found in the bookmarks component of
the Chromium browser before version 89.0.4389.72.
- CVE-2021-21168 (access restriction bypass)
An insufficient policy enforcement security issue was found in the
appcache component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21169 (information disclosure)
An out of bounds memory access security issue was found in the V8
component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21170 (content spoofing)
An incorrect security UI security issue was found in the Loader
component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21171 (content spoofing)
An incorrect security UI security issue was found in the TabStrip and
Navigation components of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21172 (access restriction bypass)
An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21173 (information disclosure)
A side-channel information leakage security issue was found in the
Network Internals component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21174 (incorrect calculation)
An inappropriate implementation security issue was found in the
Referrer component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21175 (incorrect calculation)
An inappropriate implementation security issue was found in the Site
isolation component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21176 (incorrect calculation)
An inappropriate implementation security issue was found in the full
screen mode component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21177 (access restriction bypass)
An insufficient policy enforcement security issue was found in the
Autofill component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21178 (incorrect calculation)
An inappropriate implementation security issue was found in the
Compositing component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21179 (arbitrary code execution)
A use after free security issue was found in the Network Internals
component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21180 (arbitrary code execution)
A use after free security issue was found in the tab search component
of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21181 (information disclosure)
A side-channel information leakage security issue was found in the
autofill component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21182 (access restriction bypass)
An insufficient policy enforcement security issue was found in the
navigations component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21183 (incorrect calculation)
An inappropriate implementation security issue was found in the
performance APIs component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21184 (incorrect calculation)
An inappropriate implementation security issue was found in the
performance APIs component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21185 (access restriction bypass)
An insufficient policy enforcement security issue was found in the
extensions component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21186 (access restriction bypass)
An insufficient policy enforcement security issue was found in the QR
scanning component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21187 (insufficient validation)
An insufficient data validation security issue was found in the URL
formatting component of the Chromium browser before version
89.0.4389.72.
- CVE-2021-21188 (arbitrary code execution)
A use after free security issue was found in the Blink component of the
Chromium browser before version 89.0.4389.72.
- CVE-2021-21189 (access restriction bypass)
An insufficient policy enforcement security issue was found in the
payments component of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21190 (arbitrary code execution)
An uninitialized use security issue was found in the PDFium component
of the Chromium browser before version 89.0.4389.72.
- CVE-2021-21191 (arbitrary code execution)
A use after free security issue was found in the WebRTC component of
the Chromium browser before version 89.0.4389.90.
- CVE-2021-21192 (arbitrary code execution)
A heap buffer overflow security issue was found in the tab groups
component of the Chromium browser before version 89.0.4389.90.
- CVE-2021-21193 (arbitrary code execution)
A use after free security issue was found in the Blink component of the
Chromium browser before version 89.0.4389.90. Google is aware of
reports that an exploit for this issue exists in the wild.
Resolution
Upgrade to 3.7.2218.45-1.
# pacman -Syu "vivaldi>=3.7.2218.45-1"
The problems have been fixed upstream in version 3.7.2218.45.
References
https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/ https://vivaldi.com/blog/vivaldi-fires-up-performance-2/ https://github.com/uclouvain/openjpeg/issues/1299 https://github.com/uclouvain/openjpeg/pull/1301 https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2020-27844 https://security.archlinux.org/CVE-2021-21159 https://security.archlinux.org/CVE-2021-21160 https://security.archlinux.org/CVE-2021-21161 https://security.archlinux.org/CVE-2021-21162 https://security.archlinux.org/CVE-2021-21163 https://security.archlinux.org/CVE-2021-21165 https://security.archlinux.org/CVE-2021-21166 https://security.archlinux.org/CVE-2021-21167 https://security.archlinux.org/CVE-2021-21168 https://security.archlinux.org/CVE-2021-21169 https://security.archlinux.org/CVE-2021-21170 https://security.archlinux.org/CVE-2021-21171 https://security.archlinux.org/CVE-2021-21172 https://security.archlinux.org/CVE-2021-21173 https://security.archlinux.org/CVE-2021-21174 https://security.archlinux.org/CVE-2021-21175 https://security.archlinux.org/CVE-2021-21176 https://security.archlinux.org/CVE-2021-21177 https://security.archlinux.org/CVE-2021-21178 https://security.archlinux.org/CVE-2021-21179 https://security.archlinux.org/CVE-2021-21180 https://security.archlinux.org/CVE-2021-21181 https://security.archlinux.org/CVE-2021-21182 https://security.archlinux.org/CVE-2021-21183 https://security.archlinux.org/CVE-2021-21184 https://security.archlinux.org/CVE-2021-21185 https://security.archlinux.org/CVE-2021-21186 https://security.archlinux.org/CVE-2021-21187 https://security.archlinux.org/CVE-2021-21188 https://security.archlinux.org/CVE-2021-21189 https://security.archlinux.org/CVE-2021-21190 https://security.archlinux.org/CVE-2021-21191 https://security.archlinux.org/CVE-2021-21192 https://security.archlinux.org/CVE-2021-21193
Workaround
None.