ArchLinux: 202107-2: electron11: multiple issues | LinuxSecurity.com

Advisories

Arch Linux Security Advisory ASA-202107-2
=========================================

Severity: Critical
Date    : 2021-07-01
CVE-ID  : CVE-2021-30544 CVE-2021-30548 CVE-2021-30551
Package : electron11
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2099

Summary
=======

The package electron11 before version 11.4.9-1 is vulnerable to
multiple issues including arbitrary code execution and incorrect
calculation.

Resolution
==========

Upgrade to 11.4.9-1.

# pacman -Syu "electron11>=11.4.9-1"

The problems have been fixed upstream in version 11.4.9.

Workaround
==========

None.

Description
===========

- CVE-2021-30544 (arbitrary code execution)

A use after free security issue has been found in the BFCache component
of the Chromium browser before version 91.0.4472.101.

- CVE-2021-30548 (arbitrary code execution)

A use after free security issue has been found in the Loader component
of the Chromium browser before version 91.0.4472.101.

- CVE-2021-30551 (incorrect calculation)

A type confusion security issue has been found in the V8 component of
the Chromium browser before version 91.0.4472.101. Google is aware that
an exploit for CVE-2021-30551 exists in the wild.

Impact
======

A remote attacker could execute arbitrary code through a crafted web
page. Google is aware that an exploit for one of the security issues
exists in the wild.

References
==========

https://www.electronjs.org/releases/stable?version=11#11.4.9
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
https://crbug.com/1212618
https://crbug.com/1210487
https://crbug.com/1216437
https://security.archlinux.org/CVE-2021-30544
https://security.archlinux.org/CVE-2021-30548
https://security.archlinux.org/CVE-2021-30551

ArchLinux: 202107-2: electron11: multiple issues

July 3, 2021
The package electron11 before version 11.4.9-1 is vulnerable to multiple issues including arbitrary code execution and incorrect calculation

Summary

- CVE-2021-30544 (arbitrary code execution)
A use after free security issue has been found in the BFCache component of the Chromium browser before version 91.0.4472.101.
- CVE-2021-30548 (arbitrary code execution)
A use after free security issue has been found in the Loader component of the Chromium browser before version 91.0.4472.101.
- CVE-2021-30551 (incorrect calculation)
A type confusion security issue has been found in the V8 component of the Chromium browser before version 91.0.4472.101. Google is aware that an exploit for CVE-2021-30551 exists in the wild.

Resolution

Upgrade to 11.4.9-1.
# pacman -Syu "electron11>=11.4.9-1"
The problems have been fixed upstream in version 11.4.9.

References

https://www.electronjs.org/releases/stable?version=11#11.4.9 https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html https://crbug.com/1212618 https://crbug.com/1210487 https://crbug.com/1216437 https://security.archlinux.org/CVE-2021-30544 https://security.archlinux.org/CVE-2021-30548 https://security.archlinux.org/CVE-2021-30551

Severity
CVE-ID : CVE-2021-30544 CVE-2021-30548 CVE-2021-30551
Package : electron11
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2099

Impact

A remote attacker could execute arbitrary code through a crafted web page. Google is aware that an exploit for one of the security issues exists in the wild.

Workaround

None.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.