ArchLinux: 202112-6 High Severity: Chromium Code Execution Issues

The package chromium before version 96.0.4664.93-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing and insufficient validation.

Arch Linux Security Advisory ASA-202112-6
========================================
Severity: High
Date    : 2021-12-11
CVE-ID  : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055
          CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059
          CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064
          CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2600

Summary
======
The package chromium before version 96.0.4664.93-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing
and insufficient validation.

Resolution
=========
Upgrade to 96.0.4664.93-1.

# pacman -Syu "chromium>=96.0.4664.93-1"

The problems have been fixed upstream in version 96.0.4664.93.

Workaround
=========
None.

Description
==========
- CVE-2021-4052 (arbitrary code execution)

A use after free security issue has been found in the web apps
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4053 (arbitrary code execution)

A use after free security issue has been found in the UI component of
the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4054 (content spoofing)

An incorrect security UI security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4055 (arbitrary code execution)

A heap buffer overflow security issue has been found in the extensions
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4056 (arbitrary code execution)

A type confusion security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4057 (arbitrary code execution)

A use after free security issue has been found in the file API
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4058 (arbitrary code execution)

A heap buffer overflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4059 (insufficient validation)

An insufficient data validation security issue has been found in the
loader component of the Chromium browser engine before version
96.0.4664.93.

- CVE-2021-4061 (arbitrary code execution)

A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4062 (arbitrary code execution)

A heap buffer overflow security issue has been found in the BFCache
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4063 (arbitrary code execution)

A use after free security issue has been found in the developer tools
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4064 (arbitrary code execution)

A use after free security issue has been found in the screen capture
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4065 (arbitrary code execution)

A use after free security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4066 (arbitrary code execution)

An integer underflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4067 (arbitrary code execution)

A use after free security issue has been found in the window manager
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4068 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the new tab page component of the Chromium browser engine
before version 96.0.4664.93.

Impact
=====
A remote attacker could execute arbitrary code or spoof content through
crafted web content.

References
=========
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
https://security.archlinux.org/CVE-2021-4052
https://security.archlinux.org/CVE-2021-4053
https://security.archlinux.org/CVE-2021-4054
https://security.archlinux.org/CVE-2021-4055
https://security.archlinux.org/CVE-2021-4056
https://security.archlinux.org/CVE-2021-4057
https://security.archlinux.org/CVE-2021-4058
https://security.archlinux.org/CVE-2021-4059
https://security.archlinux.org/CVE-2021-4061
https://security.archlinux.org/CVE-2021-4062
https://security.archlinux.org/CVE-2021-4063
https://security.archlinux.org/CVE-2021-4064
https://security.archlinux.org/CVE-2021-4065
https://security.archlinux.org/CVE-2021-4066
https://security.archlinux.org/CVE-2021-4067
https://security.archlinux.org/CVE-2021-4068

ArchLinux: 202112-6 High Severity: Multiple Chromium Threats

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

ArchLinux: 202112-6 High Severity: Multiple Chromium Threats

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!