ArchLinux: 202112-7: vivaldi: multiple issues

Advisories

Arch Linux Security Advisory ASA-202112-7
=========================================

Severity: High
Date    : 2021-12-11
CVE-ID  : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055
          CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059
          CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064
          CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
Package : vivaldi
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2601

Summary
=======

The package vivaldi before version 5.0.2497.28-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing
and insufficient validation.

Resolution
==========

Upgrade to 5.0.2497.28-1.

# pacman -Syu "vivaldi>=5.0.2497.28-1"

The problems have been fixed upstream in version 5.0.2497.28.

Workaround
==========

None.

Description
===========

- CVE-2021-4052 (arbitrary code execution)

A use after free security issue has been found in the web apps
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4053 (arbitrary code execution)

A use after free security issue has been found in the UI component of
the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4054 (content spoofing)

An incorrect security UI security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4055 (arbitrary code execution)

A heap buffer overflow security issue has been found in the extensions
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4056 (arbitrary code execution)

A type confusion security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4057 (arbitrary code execution)

A use after free security issue has been found in the file API
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4058 (arbitrary code execution)

A heap buffer overflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4059 (insufficient validation)

An insufficient data validation security issue has been found in the
loader component of the Chromium browser engine before version
96.0.4664.93.

- CVE-2021-4061 (arbitrary code execution)

A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4062 (arbitrary code execution)

A heap buffer overflow security issue has been found in the BFCache
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4063 (arbitrary code execution)

A use after free security issue has been found in the developer tools
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4064 (arbitrary code execution)

A use after free security issue has been found in the screen capture
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4065 (arbitrary code execution)

A use after free security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4066 (arbitrary code execution)

An integer underflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4067 (arbitrary code execution)

A use after free security issue has been found in the window manager
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4068 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the new tab page component of the Chromium browser engine
before version 96.0.4664.93.

Impact
======

A remote attacker could execute arbitrary code or spoof content through
crafted web content.

References
==========

https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/
https://vivaldi.com/blog/desktop/minor-update-5-0/
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
https://crbug.com/1267661
https://crbug.com/1267791
https://crbug.com/1239760
https://crbug.com/1266510
https://crbug.com/1260939
https://crbug.com/1262183
https://crbug.com/1267496
https://crbug.com/1270990
https://crbug.com/1271456
https://crbug.com/1272403
https://crbug.com/1273176
https://crbug.com/1273197
https://crbug.com/1273674
https://crbug.com/1274499
https://crbug.com/1274641
https://crbug.com/1265197
https://security.archlinux.org/CVE-2021-4052
https://security.archlinux.org/CVE-2021-4053
https://security.archlinux.org/CVE-2021-4054
https://security.archlinux.org/CVE-2021-4055
https://security.archlinux.org/CVE-2021-4056
https://security.archlinux.org/CVE-2021-4057
https://security.archlinux.org/CVE-2021-4058
https://security.archlinux.org/CVE-2021-4059
https://security.archlinux.org/CVE-2021-4061
https://security.archlinux.org/CVE-2021-4062
https://security.archlinux.org/CVE-2021-4063
https://security.archlinux.org/CVE-2021-4064
https://security.archlinux.org/CVE-2021-4065
https://security.archlinux.org/CVE-2021-4066
https://security.archlinux.org/CVE-2021-4067
https://security.archlinux.org/CVE-2021-4068

ArchLinux: 202112-7: vivaldi: multiple issues

December 12, 2021
The package vivaldi before version 5.0.2497.28-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing and insufficient validation

Summary

- CVE-2021-4052 (arbitrary code execution)
A use after free security issue has been found in the web apps component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4053 (arbitrary code execution)
A use after free security issue has been found in the UI component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4054 (content spoofing)
An incorrect security UI security issue has been found in the autofill component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4055 (arbitrary code execution)
A heap buffer overflow security issue has been found in the extensions component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4056 (arbitrary code execution)
A type confusion security issue has been found in the loader component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4057 (arbitrary code execution)
A use after free security issue has been found in the file API component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4058 (arbitrary code execution)
A heap buffer overflow security issue has been found in the ANGLE component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4059 (insufficient validation)
An insufficient data validation security issue has been found in the loader component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4061 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4062 (arbitrary code execution)
A heap buffer overflow security issue has been found in the BFCache component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4063 (arbitrary code execution)
A use after free security issue has been found in the developer tools component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4064 (arbitrary code execution)
A use after free security issue has been found in the screen capture component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4065 (arbitrary code execution)
A use after free security issue has been found in the autofill component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4066 (arbitrary code execution)
An integer underflow security issue has been found in the ANGLE component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4067 (arbitrary code execution)
A use after free security issue has been found in the window manager component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4068 (insufficient validation)
An insufficient validation of untrusted input security issue has been found in the new tab page component of the Chromium browser engine before version 96.0.4664.93.

Resolution

Upgrade to 5.0.2497.28-1.
# pacman -Syu "vivaldi>=5.0.2497.28-1"
The problems have been fixed upstream in version 5.0.2497.28.

References

https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/ https://vivaldi.com/blog/desktop/minor-update-5-0/ https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html https://crbug.com/1267661 https://crbug.com/1267791 https://crbug.com/1239760 https://crbug.com/1266510 https://crbug.com/1260939 https://crbug.com/1262183 https://crbug.com/1267496 https://crbug.com/1270990 https://crbug.com/1271456 https://crbug.com/1272403 https://crbug.com/1273176 https://crbug.com/1273197 https://crbug.com/1273674 https://crbug.com/1274499 https://crbug.com/1274641 https://crbug.com/1265197 https://security.archlinux.org/CVE-2021-4052 https://security.archlinux.org/CVE-2021-4053 https://security.archlinux.org/CVE-2021-4054 https://security.archlinux.org/CVE-2021-4055 https://security.archlinux.org/CVE-2021-4056 https://security.archlinux.org/CVE-2021-4057 https://security.archlinux.org/CVE-2021-4058 https://security.archlinux.org/CVE-2021-4059 https://security.archlinux.org/CVE-2021-4061 https://security.archlinux.org/CVE-2021-4062 https://security.archlinux.org/CVE-2021-4063 https://security.archlinux.org/CVE-2021-4064 https://security.archlinux.org/CVE-2021-4065 https://security.archlinux.org/CVE-2021-4066 https://security.archlinux.org/CVE-2021-4067 https://security.archlinux.org/CVE-2021-4068

Severity
CVE-ID : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055
CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059
CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064
CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
Package : vivaldi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2601

Impact

A remote attacker could execute arbitrary code or spoof content through crafted web content.

Workaround

None.

Related News

© 2022 Guardian Digital, Inc All Rights Reserved

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.