Fedora 32: FEDORA-2021-ff893e12c5 Moderate: Chromium Browser Update
fedora
May 12, 2021
Update to Chromium 90.0.4430.93
Summary
Chromium is an open-source web browser, powered by WebKit (Blink).
Update to Chromium 90.0.4430.93. Fixes the following security issues:
CVE-2021-21206 CVE-2021-21220 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203
CVE-2021-21204 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209
CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214
CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219
CVE-2021-21205 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197
CVE-2021-21198 CVE-2021-21199 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224
CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21232 CVE-2021-21233
CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 If you hold your
broken appliances close to the screen when you update, it might fix them too.
(fixes not guaranteed)
* Tue Apr 27 2021 Tom Callaway
- update to 90.0.4430.93
* Wed Apr 21 2021 Tom Callaway
- update to 90.0.4430.85
* Fri Apr 16 2021 Tom Callaway
- update to 90.0.4430.72
* Wed Apr 14 2021 Tom Callaway
- update to 89.0.4389.128
* Wed Mar 31 2021 Jonathan Wakely
- Rebuilt for removed libstdc++ symbols (#1937698)
* Mon Mar 29 2021 Tom Callaway
- fix libva compile in rawhide
[ 1 ] Bug #1945106 - CVE-2021-21194 chromium-browser: Use after free in screen capture
https://bugzilla.redhat.com/show_bug.cgi?id=1945106
[ 2 ] Bug #1945107 - CVE-2021-21195 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1945107
[ 3 ] Bug #1945108 - CVE-2021-21196 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1945108
[ 4 ] Bug #1945109 - CVE-2021-21197 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1945109
[ 5 ] Bug #1945110 - CVE-2021-21198 chromium-browser: Out of bounds read in IPC
https://bugzilla.redhat.com/show_bug.cgi?id=1945110
[ 6 ] Bug #1945111 - CVE-2021-21199 chromium-browser: Use Use after free in Aura
https://bugzilla.redhat.com/show_bug.cgi?id=1945111
[ 7 ] Bug #1949617 - CVE-2021-21206 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1949617
[ 8 ] Bug #1949618 - CVE-2021-21220 chromium-browser: Insufficient validation of untrusted input in V8 for x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1949618
[ 9 ] Bug #1950436 - CVE-2021-21201 chromium-browser: Use after free in permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1950436
[ 10 ] Bug #1950437 - CVE-2021-21202 chromium-browser: Use after free in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1950437
[ 11 ] Bug #1950438 - CVE-2021-21203 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1950438
[ 12 ] Bug #1950439 - CVE-2021-21204 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1950439
[ 13 ] Bug #1950440 - CVE-2021-21221 chromium-browser: Insufficient validation of untrusted input in Mojo
https://bugzilla.redhat.com/show_bug.cgi?id=1950440
[ 14 ] Bug #1950441 - CVE-2021-21207 chromium-browser: Use after free in IndexedDB
https://bugzilla.redhat.com/show_bug.cgi?id=1950441
[ 15 ] Bug #1950442 - CVE-2021-21208 chromium-browser: Insufficient data validation in QR scanner
https://bugzilla.redhat.com/show_bug.cgi?id=1950442
[ 16 ] Bug #1950443 - CVE-2021-21209 chromium-browser: Inappropriate implementation in storage
https://bugzilla.redhat.com/show_bug.cgi?id=1950443
[ 17 ] Bug #1950444 - CVE-2021-21210 chromium-browser: Inappropriate implementation in Network
https://bugzilla.redhat.com/show_bug.cgi?id=1950444
[ 18 ] Bug #1950445 - CVE-2021-21211 chromium-browser: Inappropriate implementation in Navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1950445
[ 19 ] Bug #1950446 - CVE-2021-21212 chromium-browser: Incorrect security UI in Network Config UI
https://bugzilla.redhat.com/show_bug.cgi?id=1950446
[ 20 ] Bug #1950447 - CVE-2021-21213 chromium-browser: Use after free in WebMIDI
https://bugzilla.redhat.com/show_bug.cgi?id=1950447
[ 21 ] Bug #1950448 - CVE-2021-21214 chromium-browser: Use after free in Network API
https://bugzilla.redhat.com/show_bug.cgi?id=1950448
[ 22 ] Bug #1950449 - CVE-2021-21215 chromium-browser: Inappropriate implementation in Autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1950449
[ 23 ] Bug #1950450 - CVE-2021-21216 chromium-browser: Inappropriate implementation in Autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1950450
[ 24 ] Bug #1950451 - CVE-2021-21217 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1950451
[ 25 ] Bug #1950452 - CVE-2021-21218 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1950452
[ 26 ] Bug #1950453 - CVE-2021-21219 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1950453
[ 27 ] Bug #1950454 - CVE-2021-21205 chromium-browser: Insufficient policy enforcement in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1950454
[ 28 ] Bug #1951741 - CVE-2021-21222 chromium-browser: Heap buffer overflow in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1951741
[ 29 ] Bug #1951742 - CVE-2021-21223 chromium-browser: Integer overflow in Mojo
https://bugzilla.redhat.com/show_bug.cgi?id=1951742
[ 30 ] Bug #1951743 - CVE-2021-21224 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1951743
[ 31 ] Bug #1951744 - CVE-2021-21225 chromium-browser: Out of bounds memory access in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1951744
[ 32 ] Bug #1951745 - CVE-2021-21226 chromium-browser: Use after free in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1951745
[ 33 ] Bug #1954051 - CVE-2021-21227 chromium-browser: Insufficient data validation in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1954051
[ 34 ] Bug #1954052 - CVE-2021-21232 chromium-browser: Use after free in Dev Tools
https://bugzilla.redhat.com/show_bug.cgi?id=1954052
[ 35 ] Bug #1954053 - CVE-2021-21233 chromium-browser: Heap buffer overflow in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=1954053
[ 36 ] Bug #1954054 - CVE-2021-21228 chromium-browser: Insufficient policy enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1954054
[ 37 ] Bug #1954055 - CVE-2021-21229 chromium-browser: Incorrect security UI in downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1954055
[ 38 ] Bug #1954056 - CVE-2021-21230 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1954056
[ 39 ] Bug #1954058 - CVE-2021-21231 chromium-browser: Insufficient data validation in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1954058
su -c 'dnf upgrade --advisory FEDORA-2021-ff893e12c5' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Change Log
References
Update Instructions
PREVIOUS
NEXT
Product: Fedora 32
Version: 90.0.4430.93
Release: 1.fc32
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!