ArchLinux: 202103-9: chromium: arbitrary code execution
Summary
- CVE-2021-21191 (arbitrary code execution)
A use after free security issue was found in the WebRTC component of
the Chromium browser before version 89.0.4389.90.
- CVE-2021-21192 (arbitrary code execution)
A heap buffer overflow security issue was found in the tab groups
component of the Chromium browser before version 89.0.4389.90.
- CVE-2021-21193 (arbitrary code execution)
A use after free security issue was found in the Blink component of the
Chromium browser before version 89.0.4389.90. Google is aware of
reports that an exploit for this issue exists in the wild.
Resolution
Upgrade to 89.0.4389.90-1.
# pacman -Syu "chromium>=89.0.4389.90-1"
The problems have been fixed upstream in version 89.0.4389.90.
References
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2021-21191 https://security.archlinux.org/CVE-2021-21192 https://security.archlinux.org/CVE-2021-21193
Workaround
None.