-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4911-1                   [email protected]
https://www.debian.org/security/                          Michael Gilbert
May 03, 2021                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230
                 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2021-21227

    Gengming Liu discovered a data validation issue in the v8 javascript
    library.

CVE-2021-21228

    Rob Wu discovered a policy enforcement error.

CVE-2021-21229

    Mohit Raj discovered a user interface error in the file downloader.

CVE-2021-21230

    Manfred Paul discovered use of an incorrect type.

CVE-2021-21231

    Sergei Glazunov discovered a data validation issue in the v8 javascript
    library.

CVE-2021-21232

    Abdulrahman Alqabandi discovered a use-after-free issue in the developer
    tools.

CVE-2021-21233

    Omair discovered a buffer overflow issue in the ANGLE library.

For the stable distribution (buster), these problems have been fixed in
version 90.0.4430.93-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]