Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 33: Critical Update Released for Chromium Heap and Stack Issues

fedora
Calendar Grey February 28, 2021
Dist Fedora Esm H88
The Fedora team has released an update for Chromium version 88.0.4324.182, which mitigates various security vulnerabilities found in the browser.
Update to 88.0.4324.182

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update to 88.0.4324.182. Fixes CVE-2021-21149 CVE-2021-21150 CVE-2021-21151

CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156

CVE-2021-21157

* Wed Feb 17 2021 Tom Callaway - 88.0.4234.182-1

- update to 88.0.4234.182

[ 1 ] Bug #1929523 - CVE-2021-21149 chromium-browser: Stack overflow in Data Transfer

https://bugzilla.redhat.com/show_bug.cgi?id=1929523

[ 2 ] Bug #1929524 - CVE-2021-21150 chromium-browser: Use after free in Downloads

https://bugzilla.redhat.com/show_bug.cgi?id=1929524

[ 3 ] Bug #1929525 - CVE-2021-21151 chromium-browser: Use after free in Payments

https://bugzilla.redhat.com/show_bug.cgi?id=1929525

[ 4 ] Bug #1929526 - CVE-2021-21152 chromium-browser: Heap buffer overflow in Media

https://bugzilla.redhat.com/show_bug.cgi?id=1929526

[ 5 ] Bug #1929527 - CVE-2021-21153 chromium-browser: Stack overflow in GPU Process

https://bugzilla.redhat.com/show_bug.cgi?id=1929527

[ 6 ] Bug #1929528 - CVE-2021-21154 chromium-browser: Heap buffer overflow in Tab Strip

https://bugzilla.redhat.com/show_bug.cgi?id=1929528

[ 7 ] Bug #1929529 - CVE-2021-21155 chromium-browser: Heap buffer overflow in Tab Strip

https://bugzilla.redhat.com/show_bug.cgi?id=1929529

[ 8 ] Bug #1929530 - CVE-2021-21156 chromium-browser: Heap buffer overflow in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1929530

[ 9 ] Bug #1929531 - CVE-2021-21157 chromium-browser: Use after free in Web Sockets

https://bugzilla.redhat.com/show_bug.cgi?id=1929531

su -c 'dnf upgrade --advisory FEDORA-2021-aa764a8531' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory security issue fedora critical Fedora heap overflow stack overflow browser update Chromium chromium heap flaw stack flaw

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 88.0.4324.182
Release: 1.fc33
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser

Topics%20covered

Topics Covered

security advisory security issue fedora critical Fedora heap overflow stack overflow browser update Chromium chromium heap flaw stack flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here