--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-35d2bb4627
2021-05-14 21:09:17.379371
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora 33
Version     : 90.0.4430.93
Release     : 1.fc33
URL         : https://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to Chromium 90.0.4430.93.  Fixes the following security issues:
CVE-2021-21206 CVE-2021-21220 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203
CVE-2021-21204 CVE-2021-21221  CVE-2021-21207 CVE-2021-21208 CVE-2021-21209
CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213  CVE-2021-21214
CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219
CVE-2021-21205 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197
CVE-2021-21198 CVE-2021-21199 CVE-2021-21222  CVE-2021-21223 CVE-2021-21224
CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21232 CVE-2021-21233
CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231  If you hold your
broken appliances close to the screen when you update, it might fix them too.
(fixes not guaranteed)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 27 2021 Tom Callaway  - 90.0.4430.93-1
- update to 90.0.4430.93
* Wed Apr 21 2021 Tom Callaway  - 90.0.4430.85-1
- update to 90.0.4430.85
* Fri Apr 16 2021 Tom Callaway  - 90.0.4430.72-1
- update to 90.0.4430.72
* Wed Apr 14 2021 Tom Callaway  - 89.0.4389.128-1
- update to 89.0.4389.128
* Wed Mar 31 2021 Jonathan Wakely  - 89.0.4389.90-5
- Rebuilt for removed libstdc++ symbols (#1937698)
* Mon Mar 29 2021 Tom Callaway  - 89.0.4389.90-4
- fix libva compile in rawhide
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1945106 - CVE-2021-21194 chromium-browser: Use after free in screen capture
        https://bugzilla.redhat.com/show_bug.cgi?id=1945106
  [ 2 ] Bug #1945107 - CVE-2021-21195 chromium-browser: Use after free in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1945107
  [ 3 ] Bug #1945108 - CVE-2021-21196 chromium-browser: Heap buffer overflow in TabStrip
        https://bugzilla.redhat.com/show_bug.cgi?id=1945108
  [ 4 ] Bug #1945109 - CVE-2021-21197 chromium-browser: Heap buffer overflow in TabStrip
        https://bugzilla.redhat.com/show_bug.cgi?id=1945109
  [ 5 ] Bug #1945110 - CVE-2021-21198 chromium-browser: Out of bounds read in IPC
        https://bugzilla.redhat.com/show_bug.cgi?id=1945110
  [ 6 ] Bug #1945111 - CVE-2021-21199 chromium-browser: Use Use after free in Aura
        https://bugzilla.redhat.com/show_bug.cgi?id=1945111
  [ 7 ] Bug #1949617 - CVE-2021-21206 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1949617
  [ 8 ] Bug #1949618 - CVE-2021-21220 chromium-browser: Insufficient validation of untrusted input in V8 for x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=1949618
  [ 9 ] Bug #1950436 - CVE-2021-21201 chromium-browser: Use after free in permissions
        https://bugzilla.redhat.com/show_bug.cgi?id=1950436
  [ 10 ] Bug #1950437 - CVE-2021-21202 chromium-browser: Use after free in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1950437
  [ 11 ] Bug #1950438 - CVE-2021-21203 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1950438
  [ 12 ] Bug #1950439 - CVE-2021-21204 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1950439
  [ 13 ] Bug #1950440 - CVE-2021-21221 chromium-browser: Insufficient validation of untrusted input in Mojo
        https://bugzilla.redhat.com/show_bug.cgi?id=1950440
  [ 14 ] Bug #1950441 - CVE-2021-21207 chromium-browser: Use after free in IndexedDB
        https://bugzilla.redhat.com/show_bug.cgi?id=1950441
  [ 15 ] Bug #1950442 - CVE-2021-21208 chromium-browser: Insufficient data validation in QR scanner
        https://bugzilla.redhat.com/show_bug.cgi?id=1950442
  [ 16 ] Bug #1950443 - CVE-2021-21209 chromium-browser: Inappropriate implementation in storage
        https://bugzilla.redhat.com/show_bug.cgi?id=1950443
  [ 17 ] Bug #1950444 - CVE-2021-21210 chromium-browser: Inappropriate implementation in Network
        https://bugzilla.redhat.com/show_bug.cgi?id=1950444
  [ 18 ] Bug #1950445 - CVE-2021-21211 chromium-browser: Inappropriate implementation in Navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1950445
  [ 19 ] Bug #1950446 - CVE-2021-21212 chromium-browser: Incorrect security UI in Network Config UI
        https://bugzilla.redhat.com/show_bug.cgi?id=1950446
  [ 20 ] Bug #1950447 - CVE-2021-21213 chromium-browser: Use after free in WebMIDI
        https://bugzilla.redhat.com/show_bug.cgi?id=1950447
  [ 21 ] Bug #1950448 - CVE-2021-21214 chromium-browser: Use after free in Network API
        https://bugzilla.redhat.com/show_bug.cgi?id=1950448
  [ 22 ] Bug #1950449 - CVE-2021-21215 chromium-browser: Inappropriate implementation in Autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=1950449
  [ 23 ] Bug #1950450 - CVE-2021-21216 chromium-browser: Inappropriate implementation in Autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=1950450
  [ 24 ] Bug #1950451 - CVE-2021-21217 chromium-browser: Uninitialized Use in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1950451
  [ 25 ] Bug #1950452 - CVE-2021-21218 chromium-browser: Uninitialized Use in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1950452
  [ 26 ] Bug #1950453 - CVE-2021-21219 chromium-browser: Uninitialized Use in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1950453
  [ 27 ] Bug #1950454 - CVE-2021-21205 chromium-browser: Insufficient policy enforcement in navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1950454
  [ 28 ] Bug #1951741 - CVE-2021-21222 chromium-browser: Heap buffer overflow in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1951741
  [ 29 ] Bug #1951742 - CVE-2021-21223 chromium-browser: Integer overflow in Mojo
        https://bugzilla.redhat.com/show_bug.cgi?id=1951742
  [ 30 ] Bug #1951743 - CVE-2021-21224 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1951743
  [ 31 ] Bug #1951744 - CVE-2021-21225 chromium-browser: Out of bounds memory access in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1951744
  [ 32 ] Bug #1951745 - CVE-2021-21226 chromium-browser: Use after free in navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1951745
  [ 33 ] Bug #1954051 - CVE-2021-21227 chromium-browser: Insufficient data validation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1954051
  [ 34 ] Bug #1954052 - CVE-2021-21232 chromium-browser: Use after free in Dev Tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1954052
  [ 35 ] Bug #1954053 - CVE-2021-21233 chromium-browser: Heap buffer overflow in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=1954053
  [ 36 ] Bug #1954054 - CVE-2021-21228 chromium-browser: Insufficient policy enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1954054
  [ 37 ] Bug #1954055 - CVE-2021-21229 chromium-browser: Incorrect security UI in downloads
        https://bugzilla.redhat.com/show_bug.cgi?id=1954055
  [ 38 ] Bug #1954056 - CVE-2021-21230 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1954056
  [ 39 ] Bug #1954058 - CVE-2021-21231 chromium-browser: Insufficient data validation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1954058
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-35d2bb4627' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure