ArchLinux: 202112-6: chromium: multiple issues
Summary
- CVE-2021-4052 (arbitrary code execution)
A use after free security issue has been found in the web apps
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4053 (arbitrary code execution)
A use after free security issue has been found in the UI component of
the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4054 (content spoofing)
An incorrect security UI security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4055 (arbitrary code execution)
A heap buffer overflow security issue has been found in the extensions
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4056 (arbitrary code execution)
A type confusion security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4057 (arbitrary code execution)
A use after free security issue has been found in the file API
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4058 (arbitrary code execution)
A heap buffer overflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4059 (insufficient validation)
An insufficient data validation security issue has been found in the
loader component of the Chromium browser engine before version
96.0.4664.93.
- CVE-2021-4061 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4062 (arbitrary code execution)
A heap buffer overflow security issue has been found in the BFCache
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4063 (arbitrary code execution)
A use after free security issue has been found in the developer tools
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4064 (arbitrary code execution)
A use after free security issue has been found in the screen capture
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4065 (arbitrary code execution)
A use after free security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4066 (arbitrary code execution)
An integer underflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4067 (arbitrary code execution)
A use after free security issue has been found in the window manager
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4068 (insufficient validation)
An insufficient validation of untrusted input security issue has been
found in the new tab page component of the Chromium browser engine
before version 96.0.4664.93.
Resolution
Upgrade to 96.0.4664.93-1.
# pacman -Syu "chromium>=96.0.4664.93-1"
The problems have been fixed upstream in version 96.0.4664.93.
References
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2021-4052 https://security.archlinux.org/CVE-2021-4053 https://security.archlinux.org/CVE-2021-4054 https://security.archlinux.org/CVE-2021-4055 https://security.archlinux.org/CVE-2021-4056 https://security.archlinux.org/CVE-2021-4057 https://security.archlinux.org/CVE-2021-4058 https://security.archlinux.org/CVE-2021-4059 https://security.archlinux.org/CVE-2021-4061 https://security.archlinux.org/CVE-2021-4062 https://security.archlinux.org/CVE-2021-4063 https://security.archlinux.org/CVE-2021-4064 https://security.archlinux.org/CVE-2021-4065 https://security.archlinux.org/CVE-2021-4066 https://security.archlinux.org/CVE-2021-4067 https://security.archlinux.org/CVE-2021-4068
Workaround
None.