ArchLinux: 202108-6: vivaldi: multiple issues | LinuxSecurity.com

Advisories

Arch Linux Security Advisory ASA-202108-6
=========================================

Severity: High
Date    : 2021-08-10
CVE-ID  : CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593
          CVE-2021-30594 CVE-2021-30596 CVE-2021-30597
Package : vivaldi
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2247

Summary
=======

The package vivaldi before version 4.1.2369.15-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and content spoofing.

Resolution
==========

Upgrade to 4.1.2369.15-1.

# pacman -Syu "vivaldi>=4.1.2369.15-1"

The problems have been fixed upstream in version 4.1.2369.15.

Workaround
==========

None.

Description
===========

- CVE-2021-30590 (arbitrary code execution)

A heap buffer overflow security issue has been found in the Bookmarks
component of the Chromium browser engine before version 92.0.4515.131.

- CVE-2021-30591 (arbitrary code execution)

A use after free security issue has been found in the File System API
component of the Chromium browser engine before version 92.0.4515.131.

- CVE-2021-30592 (arbitrary code execution)

An out of bounds write security issue has been found in the Tab Groups
component of the Chromium browser engine before version 92.0.4515.131.

- CVE-2021-30593 (information disclosure)

An out of bounds read security issue has been found in the Tab Strip
component of the Chromium browser engine before version 92.0.4515.131.

- CVE-2021-30594 (arbitrary code execution)

A use after free security issue has been found in the Page Info UI
component of the Chromium browser engine before version 92.0.4515.131.

- CVE-2021-30596 (content spoofing)

An incorrect security UI security issue has been found in the
Navigation component of the Chromium browser engine before version
92.0.4515.131.

- CVE-2021-30597 (arbitrary code execution)

A use after free security issue has been found in the Browser UI
component of the Chromium browser engine before version 92.0.4515.131.

Impact
======

A remote attacker could execute arbitrary code, disclose sensitive
information, or spoof content through crafted web pages.

References
==========

https://vivaldi.com/blog/desktop/vivaldi-4-1-rc-1-desktop/
https://vivaldi.com/blog/desktop/minor-update-desktop-4-1/
https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html
https://crbug.com/1227777
https://crbug.com/1229298
https://crbug.com/1209469
https://crbug.com/1209616
https://crbug.com/1218468
https://crbug.com/1214481
https://crbug.com/1232617
https://security.archlinux.org/CVE-2021-30590
https://security.archlinux.org/CVE-2021-30591
https://security.archlinux.org/CVE-2021-30592
https://security.archlinux.org/CVE-2021-30593
https://security.archlinux.org/CVE-2021-30594
https://security.archlinux.org/CVE-2021-30596
https://security.archlinux.org/CVE-2021-30597

ArchLinux: 202108-6: vivaldi: multiple issues

August 13, 2021
The package vivaldi before version 4.1.2369.15-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and content spoofing

Summary

- CVE-2021-30590 (arbitrary code execution)
A heap buffer overflow security issue has been found in the Bookmarks component of the Chromium browser engine before version 92.0.4515.131.
- CVE-2021-30591 (arbitrary code execution)
A use after free security issue has been found in the File System API component of the Chromium browser engine before version 92.0.4515.131.
- CVE-2021-30592 (arbitrary code execution)
An out of bounds write security issue has been found in the Tab Groups component of the Chromium browser engine before version 92.0.4515.131.
- CVE-2021-30593 (information disclosure)
An out of bounds read security issue has been found in the Tab Strip component of the Chromium browser engine before version 92.0.4515.131.
- CVE-2021-30594 (arbitrary code execution)
A use after free security issue has been found in the Page Info UI component of the Chromium browser engine before version 92.0.4515.131.
- CVE-2021-30596 (content spoofing)
An incorrect security UI security issue has been found in the Navigation component of the Chromium browser engine before version 92.0.4515.131.
- CVE-2021-30597 (arbitrary code execution)
A use after free security issue has been found in the Browser UI component of the Chromium browser engine before version 92.0.4515.131.

Resolution

Upgrade to 4.1.2369.15-1.
# pacman -Syu "vivaldi>=4.1.2369.15-1"
The problems have been fixed upstream in version 4.1.2369.15.

References

https://vivaldi.com/blog/desktop/vivaldi-4-1-rc-1-desktop/ https://vivaldi.com/blog/desktop/minor-update-desktop-4-1/ https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html https://crbug.com/1227777 https://crbug.com/1229298 https://crbug.com/1209469 https://crbug.com/1209616 https://crbug.com/1218468 https://crbug.com/1214481 https://crbug.com/1232617 https://security.archlinux.org/CVE-2021-30590 https://security.archlinux.org/CVE-2021-30591 https://security.archlinux.org/CVE-2021-30592 https://security.archlinux.org/CVE-2021-30593 https://security.archlinux.org/CVE-2021-30594 https://security.archlinux.org/CVE-2021-30596 https://security.archlinux.org/CVE-2021-30597

Severity
CVE-ID : CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593
CVE-2021-30594 CVE-2021-30596 CVE-2021-30597
Package : vivaldi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2247

Impact

A remote attacker could execute arbitrary code, disclose sensitive information, or spoof content through crafted web pages.

Workaround

None.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.