ArchLinux: 202105-8: vivaldi: multiple issues
Summary
- CVE-2021-30506 (content spoofing)
An incorrect security UI security issue has been found in the Web App
Installs component of the Chromium browser before version
90.0.4430.212.
- CVE-2021-30507 (incorrect calculation)
An inappropriate implementation security issue has been found in the
Offline component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30508 (arbitrary code execution)
A heap buffer overflow security issue has been found in the Media Feeds
component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30509 (arbitrary code execution)
An out of bounds write security issue has been found in the Tab Strip
component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30510 (arbitrary code execution)
A race condition security issue has been found in the Aura component of
the Chromium browser before version 90.0.4430.212.
- CVE-2021-30511 (information disclosure)
An out of bounds read security issue has been found in the Tab Groups
component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30512 (arbitrary code execution)
A use after free security issue has been found in the Notifications
component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30513 (incorrect calculation)
A type confusion security issue has been found in the V8 component of
the Chromium browser before version 90.0.4430.212.
- CVE-2021-30514 (arbitrary code execution)
A use after free security issue has been found in the Autofill
component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30515 (arbitrary code execution)
A use after free security issue has been found in the File API
component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30516 (arbitrary code execution)
A heap buffer overflow security issue has been found in the History
component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30517 (incorrect calculation)
A type confusion security issue has been found in the V8 component of
the Chromium browser before version 90.0.4430.212.
- CVE-2021-30518 (arbitrary code execution)
A heap buffer overflow security issue has been found in the Reader Mode
component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30519 (arbitrary code execution)
A use after free security issue has been found in the Payments
component of the Chromium browser before version 90.0.4430.212.
- CVE-2021-30520 (arbitrary code execution)
A use after free security issue has been found in the Tab Strip
component of the Chromium browser before version 90.0.4430.212.
Resolution
Upgrade to 3.8.2259.42-1.
# pacman -Syu "vivaldi>=3.8.2259.42-1"
The problems have been fixed upstream in version 3.8.2259.42.
References
https://vivaldi.com/blog/new-vivaldi-on-android-language-switcher-blocks-cookies-dialogs/ https://vivaldi.com/blog/desktop/minor-update-for-vivaldi-desktop-browser-3-8/ https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-browser-3-8/ https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2021-30506 https://security.archlinux.org/CVE-2021-30507 https://security.archlinux.org/CVE-2021-30508 https://security.archlinux.org/CVE-2021-30509 https://security.archlinux.org/CVE-2021-30510 https://security.archlinux.org/CVE-2021-30511 https://security.archlinux.org/CVE-2021-30512 https://security.archlinux.org/CVE-2021-30513 https://security.archlinux.org/CVE-2021-30514 https://security.archlinux.org/CVE-2021-30515 https://security.archlinux.org/CVE-2021-30516 https://security.archlinux.org/CVE-2021-30517 https://security.archlinux.org/CVE-2021-30518 https://security.archlinux.org/CVE-2021-30519 https://security.archlinux.org/CVE-2021-30520
Workaround
None.