Fedora 34: 2021-6a292e2cf4 Moderate: Chromium Browser Security Fix
fedora
January 6, 2022
Add wayland detection and pass flags to improve experience when wayland is used
Summary
Chromium is an open-source web browser, powered by WebKit (Blink).
Add wayland detection and pass flags to improve experience when wayland is used.
---- Update to 96.0.4664.110. You know the drill, lots of security bugs fixed,
update if you like security, hit that like and subscribe button. CVE-2021-4052
CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057
CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063
CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
CVE-2021-4079 CVE-2021-4078 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100
CVE-2021-4101 CVE-2021-4102 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999
CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004
CVE-2021-38008 CVE-2021-38009 CVE-2021-38006 CVE-2021-38007 CVE-2021-38005
CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014
CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019
CVE-2021-38020 CVE-2021-38021 CVE-2021-38022
* Mon Dec 27 2021 Tom Callaway
- have chromium-browser.sh check for wayland env vars and if found, set ozone flags appropriately
Thanks to Neal Gompa for the nudge
* Mon Dec 20 2021 Tom Callaway
- enable WebRTCPipeWireCapturer by default
* Thu Dec 16 2021 Tom Callaway
- update to 96.0.4664.110
* Fri Nov 19 2021 Tom Callaway
- update to 96.0.4664.45
* Fri Nov 12 2021 Tom Callaway
- update to 95.0.4638.69
[ 1 ] Bug #2018561 - CVE-2021-37997 chromium-browser: Use after free in Sign-In
https://bugzilla.redhat.com/show_bug.cgi?id=2018561
[ 2 ] Bug #2018562 - CVE-2021-37998 chromium-browser: Use after free in Garbage Collection
https://bugzilla.redhat.com/show_bug.cgi?id=2018562
[ 3 ] Bug #2018563 - CVE-2021-37999 chromium-browser: Insufficient data validation in New Tab Page
https://bugzilla.redhat.com/show_bug.cgi?id=2018563
[ 4 ] Bug #2018564 - CVE-2021-38000 chromium-browser: Insufficient validation of untrusted input in Intents
https://bugzilla.redhat.com/show_bug.cgi?id=2018564
[ 5 ] Bug #2018565 - CVE-2021-38001 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2018565
[ 6 ] Bug #2018566 - CVE-2021-38002 chromium-browser: Use after free in Web Transport
https://bugzilla.redhat.com/show_bug.cgi?id=2018566
[ 7 ] Bug #2018567 - CVE-2021-38003 chromium-browser: Inappropriate implementation in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2018567
[ 8 ] Bug #2024272 - CVE-2021-38008 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=2024272
[ 9 ] Bug #2024273 - CVE-2021-38009 chromium-browser: Inappropriate implementation in cache
https://bugzilla.redhat.com/show_bug.cgi?id=2024273
[ 10 ] Bug #2024274 - CVE-2021-38006 chromium-browser: Use after free in storage foundation
https://bugzilla.redhat.com/show_bug.cgi?id=2024274
[ 11 ] Bug #2024275 - CVE-2021-38007 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2024275
[ 12 ] Bug #2024276 - CVE-2021-38005 chromium-browser: Use after free in loader
https://bugzilla.redhat.com/show_bug.cgi?id=2024276
[ 13 ] Bug #2024277 - CVE-2021-38010 chromium-browser: Inappropriate implementation in service workers
https://bugzilla.redhat.com/show_bug.cgi?id=2024277
[ 14 ] Bug #2024278 - CVE-2021-38011 chromium-browser: Use after free in storage foundation
https://bugzilla.redhat.com/show_bug.cgi?id=2024278
[ 15 ] Bug #2024279 - CVE-2021-38012 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2024279
[ 16 ] Bug #2024280 - CVE-2021-38013 chromium-browser: Heap buffer overflow in fingerprint recognition
https://bugzilla.redhat.com/show_bug.cgi?id=2024280
[ 17 ] Bug #2024281 - CVE-2021-38014 chromium-browser: Out of bounds write in Swiftshader
https://bugzilla.redhat.com/show_bug.cgi?id=2024281
[ 18 ] Bug #2024282 - CVE-2021-38015 chromium-browser: Inappropriate implementation in input
https://bugzilla.redhat.com/show_bug.cgi?id=2024282
[ 19 ] Bug #2024283 - CVE-2021-38016 chromium-browser: Insufficient policy enforcement in background fetch
https://bugzilla.redhat.com/show_bug.cgi?id=2024283
[ 20 ] Bug #2024284 - CVE-2021-38017 chromium-browser: Insufficient policy enforcement in iframe sandbox
https://bugzilla.redhat.com/show_bug.cgi?id=2024284
[ 21 ] Bug #2024285 - CVE-2021-38018 chromium-browser: Inappropriate implementation in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=2024285
[ 22 ] Bug #2024286 - CVE-2021-38019 chromium-browser: Insufficient policy enforcement in CORS
https://bugzilla.redhat.com/show_bug.cgi?id=2024286
[ 23 ] Bug #2024287 - CVE-2021-38020 chromium-browser: Insufficient policy enforcement in contacts picker
https://bugzilla.redhat.com/show_bug.cgi?id=2024287
[ 24 ] Bug #2024288 - CVE-2021-38021 chromium-browser: Inappropriate implementation in referrer
https://bugzilla.redhat.com/show_bug.cgi?id=2024288
[ 25 ] Bug #2024289 - CVE-2021-38022 chromium-browser: Inappropriate implementation in WebAuthentication
https://bugzilla.redhat.com/show_bug.cgi?id=2024289
[ 26 ] Bug #2029881 - CVE-2021-4052 chromium-browser: Use after free in web apps
https://bugzilla.redhat.com/show_bug.cgi?id=2029881
[ 27 ] Bug #2029882 - CVE-2021-4053 chromium-browser: Use after free in UI
https://bugzilla.redhat.com/show_bug.cgi?id=2029882
[ 28 ] Bug #2029883 - CVE-2021-4054 chromium-browser: Incorrect security UI in autofill
https://bugzilla.redhat.com/show_bug.cgi?id=2029883
[ 29 ] Bug #2029884 - CVE-2021-4055 chromium-browser: Heap buffer overflow in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=2029884
[ 30 ] Bug #2029885 - CVE-2021-4056 chromium-browser: Type Confusion in loader
https://bugzilla.redhat.com/show_bug.cgi?id=2029885
[ 31 ] Bug #2029886 - CVE-2021-4057 chromium-browser: Use after free in file API
https://bugzilla.redhat.com/show_bug.cgi?id=2029886
[ 32 ] Bug #2029887 - CVE-2021-4058 chromium-browser: Heap buffer overflow in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=2029887
[ 33 ] Bug #2029888 - CVE-2021-4059 chromium-browser: Insufficient data validation in loader
https://bugzilla.redhat.com/show_bug.cgi?id=2029888
[ 34 ] Bug #2029889 - CVE-2021-4061 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2029889
[ 35 ] Bug #2029890 - CVE-2021-4062 chromium-browser: Heap buffer overflow in BFCache
https://bugzilla.redhat.com/show_bug.cgi?id=2029890
[ 36 ] Bug #2029892 - CVE-2021-4063 chromium-browser: Use after free in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=2029892
[ 37 ] Bug #2029893 - CVE-2021-4064 chromium-browser: Use after free in screen capture
https://bugzilla.redhat.com/show_bug.cgi?id=2029893
[ 38 ] Bug #2029894 - CVE-2021-4065 chromium-browser: Use after free in autofill
https://bugzilla.redhat.com/show_bug.cgi?id=2029894
[ 39 ] Bug #2029895 - CVE-2021-4066 chromium-browser: Integer underflow in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=2029895
[ 40 ] Bug #2029896 - CVE-2021-4067 chromium-browser: Use after free in window manager
https://bugzilla.redhat.com/show_bug.cgi?id=2029896
[ 41 ] Bug #2029897 - CVE-2021-4068 chromium-browser: Insufficient validation of untrusted input in new tab page
https://bugzilla.redhat.com/show_bug.cgi?id=2029897
[ 42 ] Bug #2032168 - CVE-2021-4098 chromium-browser: Insufficient data validation in Mojo
https://bugzilla.redhat.com/show_bug.cgi?id=2032168
[ 43 ] Bug #2032169 - CVE-2021-4099 chromium-browser: Use after free in Swiftshader
https://bugzilla.redhat.com/show_bug.cgi?id=2032169
[ 44 ] Bug #2032170 - CVE-2021-4100 chromium-browser: Object lifecycle issue in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=2032170
[ 45 ] Bug #2032171 - CVE-2021-4101 chromium-browser: Heap buffer overflow in Swiftshader
https://bugzilla.redhat.com/show_bug.cgi?id=2032171
[ 46 ] Bug #2032172 - CVE-2021-4102 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2032172
su -c 'dnf upgrade --advisory FEDORA-2021-6a292e2cf4' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Topics Covered
Change Log
References
Update Instructions
PREVIOUS
NEXT
Product: Fedora 34
Version: 96.0.4664.110
Release: 3.fc34
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!