-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4886-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
April 06, 2021                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162
                 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167
                 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171
                 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175
                 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179
                 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183
                 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187
                 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191
                 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195
                 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199

Several vulnerabilites have been discovered in the chromium web browser.

CVE-2021-21159

    Khalil Zhani disocvered a buffer overflow issue in the tab implementation.

CVE-2021-21160

    Marcin Noga discovered a buffer overflow issue in WebAudio.

CVE-2021-21161

    Khalil Zhani disocvered a buffer overflow issue in the tab implementation.

CVE-2021-21162

    A use-after-free issue was discovered in the WebRTC implementation.

CVE-2021-21163

    Alison Huffman discovered a data validation issue.

CVE-2021-21165

    Alison Huffman discovered an error in the audio implementation.

CVE-2021-21166

    Alison Huffman discovered an error in the audio implementation.

CVE-2021-21167

    Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks
    implementation.

CVE-2021-21168

    Luan Herrera discovered a policy enforcement error in the appcache.

CVE-2021-21169

    Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the
    v8 javascript library.

CVE-2021-21170

    David Erceg discovered a user interface error.

CVE-2021-21171

    Irvan Kurniawan discovered a user interface error.

CVE-2021-21172

    Maciej Pulikowski discovered a policy enforcement error in the File
    System API.

CVE-2021-21173

    Tom Van Goethem discovered a network based information leak.

CVE-2021-21174

    Ashish Guatam Kambled discovered an implementation error in the Referrer
    policy.

CVE-2021-21175

    Jun Kokatsu discovered an implementation error in the Site Isolation
    feature.

CVE-2021-21176

    Luan Herrera discovered an implementation error in the full screen mode.

CVE-2021-21177

    Abdulrahman Alqabandi discovered a policy enforcement error in the
    Autofill feature.

CVE-2021-21178

    Japong discovered an error in the Compositor implementation.

CVE-2021-21179

    A use-after-free issue was discovered in the networking implementation.

CVE-2021-21180

    Abdulrahman Alqabandi discovered a use-after-free issue in the tab search
    feature.

CVE-2021-21181

    Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel
    information leak in the Autofill feature.

CVE-2021-21182

    Luan Herrera discovered a policy enforcement error in the site navigation
    implementation.

CVE-2021-21183

    Takashi Yoneuchi discovered an implementation error in the Performance API.

CVE-2021-21184

    James Hartig discovered an implementation error in the Performance API.

CVE-2021-21185

    David Erceg discovered a policy enforcement error in Extensions.

CVE-2021-21186

    dhirajkumarnifty discovered a policy enforcement error in the QR scan
    implementation.

CVE-2021-21187

    Kirtikumar Anandrao Ramchandani discovered a data validation error in
    URL formatting.

CVE-2021-21188

    Woojin Oh discovered a use-after-free issue in Blink/Webkit.

CVE-2021-21189

    Khalil Zhani discovered a policy enforcement error in the Payments
    implementation.

CVE-2021-21190

    Zhou Aiting discovered use of uninitialized memory in the pdfium library.

CVE-2021-21191

    raven discovered a use-after-free issue in the WebRTC implementation.

CVE-2021-21192

    Abdulrahman Alqabandi discovered a buffer overflow issue in the tab
    implementation.

CVE-2021-21193

    A use-after-free issue was discovered in Blink/Webkit.

CVE-2021-21194

    Leecraso and Guang Gong discovered a use-after-free issue in the screen
    capture feature.

CVE-2021-21195

    Liu and Liang discovered a use-after-free issue in the v8 javascript
    library.

CVE-2021-21196

    Khalil Zhani discovered a buffer overflow issue in the tab implementation.

CVE-2021-21197

     Abdulrahman Alqabandi discovered a buffer overflow issue in the tab
     implementation.

CVE-2021-21198

    Mark Brand discovered an out-of-bounds read issue in the Inter-Process
    Communication implementation.

CVE-2021-21199

    Weipeng Jiang discovered a use-after-free issue in the Aura window and
    event manager.

For the stable distribution (buster), these problems have been fixed in
version 89.0.4389.114-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-4886-1: chromium security update

April 6, 2021
Several vulnerabilites have been discovered in the chromium web browser

Summary

Several vulnerabilites have been discovered in the chromium web browser.

CVE-2021-21159

Khalil Zhani disocvered a buffer overflow issue in the tab implementation.

CVE-2021-21160

Marcin Noga discovered a buffer overflow issue in WebAudio.

CVE-2021-21161

Khalil Zhani disocvered a buffer overflow issue in the tab implementation.

CVE-2021-21162

A use-after-free issue was discovered in the WebRTC implementation.

CVE-2021-21163

Alison Huffman discovered a data validation issue.

CVE-2021-21165

Alison Huffman discovered an error in the audio implementation.

CVE-2021-21166

Alison Huffman discovered an error in the audio implementation.

CVE-2021-21167

Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks
implementation.

CVE-2021-21168

Luan Herrera discovered a policy enforcement error in the appcache.

CVE-2021-21169

Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the
v8 javascript library.

CVE-2021-21170

David Erceg discovered a user interface error.

CVE-2021-21171

Irvan Kurniawan discovered a user interface error.

CVE-2021-21172

Maciej Pulikowski discovered a policy enforcement error in the File
System API.

CVE-2021-21173

Tom Van Goethem discovered a network based information leak.

CVE-2021-21174

Ashish Guatam Kambled discovered an implementation error in the Referrer
policy.

CVE-2021-21175

Jun Kokatsu discovered an implementation error in the Site Isolation
feature.

CVE-2021-21176

Luan Herrera discovered an implementation error in the full screen mode.

CVE-2021-21177

Abdulrahman Alqabandi discovered a policy enforcement error in the
Autofill feature.

CVE-2021-21178

Japong discovered an error in the Compositor implementation.

CVE-2021-21179

A use-after-free issue was discovered in the networking implementation.

CVE-2021-21180

Abdulrahman Alqabandi discovered a use-after-free issue in the tab search
feature.

CVE-2021-21181

Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel
information leak in the Autofill feature.

CVE-2021-21182

Luan Herrera discovered a policy enforcement error in the site navigation
implementation.

CVE-2021-21183

Takashi Yoneuchi discovered an implementation error in the Performance API.

CVE-2021-21184

James Hartig discovered an implementation error in the Performance API.

CVE-2021-21185

David Erceg discovered a policy enforcement error in Extensions.

CVE-2021-21186

dhirajkumarnifty discovered a policy enforcement error in the QR scan
implementation.

CVE-2021-21187

Kirtikumar Anandrao Ramchandani discovered a data validation error in
URL formatting.

CVE-2021-21188

Woojin Oh discovered a use-after-free issue in Blink/Webkit.

CVE-2021-21189

Khalil Zhani discovered a policy enforcement error in the Payments
implementation.

CVE-2021-21190

Zhou Aiting discovered use of uninitialized memory in the pdfium library.

CVE-2021-21191

raven discovered a use-after-free issue in the WebRTC implementation.

CVE-2021-21192

Abdulrahman Alqabandi discovered a buffer overflow issue in the tab
implementation.

CVE-2021-21193

A use-after-free issue was discovered in Blink/Webkit.

CVE-2021-21194

Leecraso and Guang Gong discovered a use-after-free issue in the screen
capture feature.

CVE-2021-21195

Liu and Liang discovered a use-after-free issue in the v8 javascript
library.

CVE-2021-21196

Khalil Zhani discovered a buffer overflow issue in the tab implementation.

CVE-2021-21197

Abdulrahman Alqabandi discovered a buffer overflow issue in the tab
implementation.

CVE-2021-21198

Mark Brand discovered an out-of-bounds read issue in the Inter-Process
Communication implementation.

CVE-2021-21199

Weipeng Jiang discovered a use-after-free issue in the Aura window and
event manager.

For the stable distribution (buster), these problems have been fixed in
version 89.0.4389.114-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Package : chromium
CVE ID : CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162
CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167
CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171
CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175
CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179
CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183
CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187
CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191
CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195
CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199

Related News

8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
Sign Up