ArchLinux: 202106-46: chromium: arbitrary code execution | LinuxSec...

Advisories

Arch Linux Security Advisory ASA-202106-46
==========================================

Severity: High
Date    : 2021-06-22
CVE-ID  : CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557
Package : chromium
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2081

Summary
=======

The package chromium before version 91.0.4472.114-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 91.0.4472.114-1.

# pacman -Syu "chromium>=91.0.4472.114-1"

The problems have been fixed upstream in version 91.0.4472.114.

Workaround
==========

None.

Description
===========

- CVE-2021-30554 (arbitrary code execution)

A use after free security issue has been found in the WebGL component
of the Chromium browser engine before version 91.0.4472.114. Google is
aware that an exploit for CVE-2021-30554 exists in the wild.

- CVE-2021-30555 (arbitrary code execution)

A use after free security issue has been found in the Sharing component
of the Chromium browser engine before version 91.0.4472.114.

- CVE-2021-30556 (arbitrary code execution)

A use after free security issue has been found in the WebAudio
component of the Chromium browser engine before version 91.0.4472.114.

- CVE-2021-30557 (arbitrary code execution)

A use after free security issue has been found in the TabGroups
component of the Chromium browser engine before version 91.0.4472.114.

Impact
======

A remote attacker could execute arbitrary code through a crafted web
page. Google is aware that an exploit for one of the security issues
exists in the wild.

References
==========

https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
https://crbug.com/1219857
https://crbug.com/1215029
https://crbug.com/1212599
https://crbug.com/1202102
https://security.archlinux.org/CVE-2021-30554
https://security.archlinux.org/CVE-2021-30555
https://security.archlinux.org/CVE-2021-30556
https://security.archlinux.org/CVE-2021-30557

ArchLinux: 202106-46: chromium: arbitrary code execution

June 24, 2021
The package chromium before version 91.0.4472.114-1 is vulnerable to arbitrary code execution

Summary

- CVE-2021-30554 (arbitrary code execution)
A use after free security issue has been found in the WebGL component of the Chromium browser engine before version 91.0.4472.114. Google is aware that an exploit for CVE-2021-30554 exists in the wild.
- CVE-2021-30555 (arbitrary code execution)
A use after free security issue has been found in the Sharing component of the Chromium browser engine before version 91.0.4472.114.
- CVE-2021-30556 (arbitrary code execution)
A use after free security issue has been found in the WebAudio component of the Chromium browser engine before version 91.0.4472.114.
- CVE-2021-30557 (arbitrary code execution)
A use after free security issue has been found in the TabGroups component of the Chromium browser engine before version 91.0.4472.114.

Resolution

Upgrade to 91.0.4472.114-1.
# pacman -Syu "chromium>=91.0.4472.114-1"
The problems have been fixed upstream in version 91.0.4472.114.

References

https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html https://crbug.com/1219857 https://crbug.com/1215029 https://crbug.com/1212599 https://crbug.com/1202102 https://security.archlinux.org/CVE-2021-30554 https://security.archlinux.org/CVE-2021-30555 https://security.archlinux.org/CVE-2021-30556 https://security.archlinux.org/CVE-2021-30557

Severity
CVE-ID : CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557
Package : chromium
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-2081

Impact

A remote attacker could execute arbitrary code through a crafted web page. Google is aware that an exploit for one of the security issues exists in the wild.

Workaround

None.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.