ArchLinux: 202112-1: vivaldi: multiple issues
Summary
- CVE-2021-37981 (arbitrary code execution)
A heap buffer overflow security issue has been found in the Skia
component of the Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37982 (arbitrary code execution)
A use after free security issue has been found in the Incognito
component of the Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37984 (arbitrary code execution)
A heap buffer overflow security issue has been found in the PDFium
component of the Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37985 (arbitrary code execution)
A use after free security issue has been found in the V8 component of
the Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37986 (arbitrary code execution)
A heap buffer overflow security issue has been found in the Settings
component of the Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37987 (arbitrary code execution)
A use after free security issue has been found in the Network APIs
component of the Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37988 (arbitrary code execution)
A use after free security issue has been found in the Profiles
component of the Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37989 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
Blink component of the Chromium browser engine before version
95.0.4638.54.
- CVE-2021-37990 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
WebView component of the Chromium browser engine before version
95.0.4638.54.
- CVE-2021-37991 (arbitrary code execution)
A race security issue has been found in the V8 component of the
Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37992 (information disclosure)
An out of bounds read security issue has been found in the WebAudio
component of the Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37993 (arbitrary code execution)
A use after free security issue has been found in the PDF Accessibility
component of the Chromium browser engine before version 95.0.4638.54.
- CVE-2021-37994 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
iFrame Sandbox component of the Chromium browser engine before version
95.0.4638.54.
- CVE-2021-37995 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
WebApp Installer component of the Chromium browser engine before
version 95.0.4638.54.
- CVE-2021-37996 (insufficient validation)
An insufficient validation of untrusted input security issue has been
found in the Downloads component of the Chromium browser engine before
version 95.0.4638.54.
- CVE-2021-37998 (arbitrary code execution)
A use after free security issue has been found in the Garbage
Collection component of the Chromium browser engine before version
95.0.4638.69.
- CVE-2021-38000 (insufficient validation)
An insufficient validation of untrusted input security issue has been
found in the Intents component of the Chromium browser engine before
version 95.0.4638.69. Google is aware that an exploit for
CVE-2021-38000 exists in the wild.
- CVE-2021-38001 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 95.0.4638.69.
- CVE-2021-38003 (arbitrary code execution)
An inappropriate implementation security issue has been found in the V8
component of the Chromium browser engine before version 95.0.4638.69.
Google is aware that an exploit for CVE-2021-38003 exists in the wild.
- CVE-2021-38004 (access restriction bypass)
An insufficient policy enforcement security issue has been found in the
Autofill component of the Chromium browser engine before version
95.0.4638.69.
- CVE-2021-38005 (arbitrary code execution)
A use after free security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38006 (arbitrary code execution)
A use after free security issue has been found in the storage
foundation component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38007 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38008 (arbitrary code execution)
A use after free security issue has been found in the media component
of the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38009 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
cache component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38010 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
service workers component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38011 (arbitrary code execution)
A use after free security issue has been found in the storage
foundation component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38012 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38013 (arbitrary code execution)
A heap buffer overflow security issue has been found in the fingerprint
recognition component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38014 (arbitrary code execution)
An out of bounds write security issue has been found in the Swiftshader
component of the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38015 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
input component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38016 (access restriction bypass)
An insufficient policy enforcement security issue has been found in the
background fetch component of the Chromium browser engine before
version 96.0.4664.45.
- CVE-2021-38017 (sandbox escape)
An insufficient policy enforcement security issue has been found in the
iframe sandbox component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38018 (content spoofing)
An inappropriate implementation security issue has been found in the
navigation component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38019 (same-origin policy bypass)
An insufficient policy enforcement security issue has been found in the
CORS component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38020 (information disclosure)
An insufficient policy enforcement security issue has been found in the
contacts picker component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38021 (information disclosure)
An inappropriate implementation security issue has been found in the
referrer component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38022 (denial of service)
An inappropriate implementation security issue has been found in the
WebAuthentication component of the Chromium browser engine before
version 96.0.4664.45.
Resolution
Upgrade to 5.0.2497.24-1.
# pacman -Syu "vivaldi>=5.0.2497.24-1"
The problems have been fixed upstream in version 5.0.2497.24.
References
https://vivaldi.com/blog/desktop/update-three-4-3/ https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/ https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2021-37981 https://security.archlinux.org/CVE-2021-37982 https://security.archlinux.org/CVE-2021-37984 https://security.archlinux.org/CVE-2021-37985 https://security.archlinux.org/CVE-2021-37986 https://security.archlinux.org/CVE-2021-37987 https://security.archlinux.org/CVE-2021-37988 https://security.archlinux.org/CVE-2021-37989 https://security.archlinux.org/CVE-2021-37990 https://security.archlinux.org/CVE-2021-37991 https://security.archlinux.org/CVE-2021-37992 https://security.archlinux.org/CVE-2021-37993 https://security.archlinux.org/CVE-2021-37994 https://security.archlinux.org/CVE-2021-37995 https://security.archlinux.org/CVE-2021-37996 https://security.archlinux.org/CVE-2021-37998 https://security.archlinux.org/CVE-2021-38000 https://security.archlinux.org/CVE-2021-38001 https://security.archlinux.org/CVE-2021-38003 https://security.archlinux.org/CVE-2021-38004 https://security.archlinux.org/CVE-2021-38005 https://security.archlinux.org/CVE-2021-38006 https://security.archlinux.org/CVE-2021-38007 https://security.archlinux.org/CVE-2021-38008 https://security.archlinux.org/CVE-2021-38009 https://security.archlinux.org/CVE-2021-38010 https://security.archlinux.org/CVE-2021-38011 https://security.archlinux.org/CVE-2021-38012 https://security.archlinux.org/CVE-2021-38013 https://security.archlinux.org/CVE-2021-38014 https://security.archlinux.org/CVE-2021-38015 https://security.archlinux.org/CVE-2021-38016 https://security.archlinux.org/CVE-2021-38017 https://security.archlinux.org/CVE-2021-38018 https://security.archlinux.org/CVE-2021-38019 https://security.archlinux.org/CVE-2021-38020 https://security.archlinux.org/CVE-2021-38021 https://security.archlinux.org/CVE-2021-38022
Workaround
None.