Fedora 34: chromium 2021-6a292e2cf4

Advisories

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-6a292e2cf4
2022-01-07 01:10:27.075061
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora 34
Version     : 96.0.4664.110
Release     : 3.fc34
URL         : https://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Add wayland detection and pass flags to improve experience when wayland is used.
----  Update to 96.0.4664.110. You know the drill, lots of security bugs fixed,
update if you like security, hit that like and subscribe button. CVE-2021-4052
CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057
CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063
CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
CVE-2021-4079 CVE-2021-4078 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100
CVE-2021-4101 CVE-2021-4102 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999
CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004
CVE-2021-38008 CVE-2021-38009 CVE-2021-38006 CVE-2021-38007 CVE-2021-38005
CVE-2021-38010 CVE-2021-38011  CVE-2021-38012 CVE-2021-38013 CVE-2021-38014
CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018  CVE-2021-38019
CVE-2021-38020 CVE-2021-38021 CVE-2021-38022
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 27 2021 Tom Callaway  - 96.0.4664.110-3
- have chromium-browser.sh check for wayland env vars and if found, set ozone flags appropriately
  Thanks to Neal Gompa for the nudge
* Mon Dec 20 2021 Tom Callaway  - 96.0.4664.110-2
- enable WebRTCPipeWireCapturer by default
* Thu Dec 16 2021 Tom Callaway  - 96.0.4664.110-1
- update to 96.0.4664.110
* Fri Nov 19 2021 Tom Callaway  - 96.0.4664.45-1
- update to 96.0.4664.45
* Fri Nov 12 2021 Tom Callaway  - 95.0.4638.69-1
- update to 95.0.4638.69
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2018561 - CVE-2021-37997 chromium-browser: Use after free in Sign-In
        https://bugzilla.redhat.com/show_bug.cgi?id=2018561
  [ 2 ] Bug #2018562 - CVE-2021-37998 chromium-browser: Use after free in Garbage Collection
        https://bugzilla.redhat.com/show_bug.cgi?id=2018562
  [ 3 ] Bug #2018563 - CVE-2021-37999 chromium-browser: Insufficient data validation in New Tab Page
        https://bugzilla.redhat.com/show_bug.cgi?id=2018563
  [ 4 ] Bug #2018564 - CVE-2021-38000 chromium-browser: Insufficient validation of untrusted input in Intents
        https://bugzilla.redhat.com/show_bug.cgi?id=2018564
  [ 5 ] Bug #2018565 - CVE-2021-38001 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=2018565
  [ 6 ] Bug #2018566 - CVE-2021-38002 chromium-browser: Use after free in Web Transport
        https://bugzilla.redhat.com/show_bug.cgi?id=2018566
  [ 7 ] Bug #2018567 - CVE-2021-38003 chromium-browser: Inappropriate implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=2018567
  [ 8 ] Bug #2024272 - CVE-2021-38008 chromium-browser: Use after free in media
        https://bugzilla.redhat.com/show_bug.cgi?id=2024272
  [ 9 ] Bug #2024273 - CVE-2021-38009 chromium-browser: Inappropriate implementation in cache
        https://bugzilla.redhat.com/show_bug.cgi?id=2024273
  [ 10 ] Bug #2024274 - CVE-2021-38006 chromium-browser: Use after free in storage foundation
        https://bugzilla.redhat.com/show_bug.cgi?id=2024274
  [ 11 ] Bug #2024275 - CVE-2021-38007 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=2024275
  [ 12 ] Bug #2024276 - CVE-2021-38005 chromium-browser: Use after free in loader
        https://bugzilla.redhat.com/show_bug.cgi?id=2024276
  [ 13 ] Bug #2024277 - CVE-2021-38010 chromium-browser: Inappropriate implementation in service workers
        https://bugzilla.redhat.com/show_bug.cgi?id=2024277
  [ 14 ] Bug #2024278 - CVE-2021-38011 chromium-browser: Use after free in storage foundation
        https://bugzilla.redhat.com/show_bug.cgi?id=2024278
  [ 15 ] Bug #2024279 - CVE-2021-38012 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=2024279
  [ 16 ] Bug #2024280 - CVE-2021-38013 chromium-browser: Heap buffer overflow in fingerprint recognition
        https://bugzilla.redhat.com/show_bug.cgi?id=2024280
  [ 17 ] Bug #2024281 - CVE-2021-38014 chromium-browser: Out of bounds write in Swiftshader
        https://bugzilla.redhat.com/show_bug.cgi?id=2024281
  [ 18 ] Bug #2024282 - CVE-2021-38015 chromium-browser: Inappropriate implementation in input
        https://bugzilla.redhat.com/show_bug.cgi?id=2024282
  [ 19 ] Bug #2024283 - CVE-2021-38016 chromium-browser: Insufficient policy enforcement in background fetch
        https://bugzilla.redhat.com/show_bug.cgi?id=2024283
  [ 20 ] Bug #2024284 - CVE-2021-38017 chromium-browser: Insufficient policy enforcement in iframe sandbox
        https://bugzilla.redhat.com/show_bug.cgi?id=2024284
  [ 21 ] Bug #2024285 - CVE-2021-38018 chromium-browser: Inappropriate implementation in navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=2024285
  [ 22 ] Bug #2024286 - CVE-2021-38019 chromium-browser: Insufficient policy enforcement in CORS
        https://bugzilla.redhat.com/show_bug.cgi?id=2024286
  [ 23 ] Bug #2024287 - CVE-2021-38020 chromium-browser: Insufficient policy enforcement in contacts picker
        https://bugzilla.redhat.com/show_bug.cgi?id=2024287
  [ 24 ] Bug #2024288 - CVE-2021-38021 chromium-browser: Inappropriate implementation in referrer
        https://bugzilla.redhat.com/show_bug.cgi?id=2024288
  [ 25 ] Bug #2024289 - CVE-2021-38022 chromium-browser: Inappropriate implementation in WebAuthentication
        https://bugzilla.redhat.com/show_bug.cgi?id=2024289
  [ 26 ] Bug #2029881 - CVE-2021-4052 chromium-browser: Use after free in web apps
        https://bugzilla.redhat.com/show_bug.cgi?id=2029881
  [ 27 ] Bug #2029882 - CVE-2021-4053 chromium-browser: Use after free in UI
        https://bugzilla.redhat.com/show_bug.cgi?id=2029882
  [ 28 ] Bug #2029883 - CVE-2021-4054 chromium-browser: Incorrect security UI in autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=2029883
  [ 29 ] Bug #2029884 - CVE-2021-4055 chromium-browser: Heap buffer overflow in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=2029884
  [ 30 ] Bug #2029885 - CVE-2021-4056 chromium-browser: Type Confusion in loader
        https://bugzilla.redhat.com/show_bug.cgi?id=2029885
  [ 31 ] Bug #2029886 - CVE-2021-4057 chromium-browser: Use after free in file API
        https://bugzilla.redhat.com/show_bug.cgi?id=2029886
  [ 32 ] Bug #2029887 - CVE-2021-4058 chromium-browser: Heap buffer overflow in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=2029887
  [ 33 ] Bug #2029888 - CVE-2021-4059 chromium-browser: Insufficient data validation in loader
        https://bugzilla.redhat.com/show_bug.cgi?id=2029888
  [ 34 ] Bug #2029889 - CVE-2021-4061 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=2029889
  [ 35 ] Bug #2029890 - CVE-2021-4062 chromium-browser: Heap buffer overflow in BFCache
        https://bugzilla.redhat.com/show_bug.cgi?id=2029890
  [ 36 ] Bug #2029892 - CVE-2021-4063 chromium-browser: Use after free in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=2029892
  [ 37 ] Bug #2029893 - CVE-2021-4064 chromium-browser: Use after free in screen capture
        https://bugzilla.redhat.com/show_bug.cgi?id=2029893
  [ 38 ] Bug #2029894 - CVE-2021-4065 chromium-browser: Use after free in autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=2029894
  [ 39 ] Bug #2029895 - CVE-2021-4066 chromium-browser: Integer underflow in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=2029895
  [ 40 ] Bug #2029896 - CVE-2021-4067 chromium-browser: Use after free in window manager
        https://bugzilla.redhat.com/show_bug.cgi?id=2029896
  [ 41 ] Bug #2029897 - CVE-2021-4068 chromium-browser: Insufficient validation of untrusted input in new tab page
        https://bugzilla.redhat.com/show_bug.cgi?id=2029897
  [ 42 ] Bug #2032168 - CVE-2021-4098 chromium-browser: Insufficient data validation in Mojo
        https://bugzilla.redhat.com/show_bug.cgi?id=2032168
  [ 43 ] Bug #2032169 - CVE-2021-4099 chromium-browser: Use after free in Swiftshader
        https://bugzilla.redhat.com/show_bug.cgi?id=2032169
  [ 44 ] Bug #2032170 - CVE-2021-4100 chromium-browser: Object lifecycle issue in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=2032170
  [ 45 ] Bug #2032171 - CVE-2021-4101 chromium-browser: Heap buffer overflow in Swiftshader
        https://bugzilla.redhat.com/show_bug.cgi?id=2032171
  [ 46 ] Bug #2032172 - CVE-2021-4102 chromium-browser: Use after free in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=2032172
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-6a292e2cf4' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 34: chromium 2021-6a292e2cf4

January 6, 2022
Add wayland detection and pass flags to improve experience when wayland is used

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Add wayland detection and pass flags to improve experience when wayland is used. ---- Update to 96.0.4664.110. You know the drill, lots of security bugs fixed, update if you like security, hit that like and subscribe button. CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4079 CVE-2021-4078 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38008 CVE-2021-38009 CVE-2021-38006 CVE-2021-38007 CVE-2021-38005 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022

Change Log

* Mon Dec 27 2021 Tom Callaway - 96.0.4664.110-3 - have chromium-browser.sh check for wayland env vars and if found, set ozone flags appropriately Thanks to Neal Gompa for the nudge * Mon Dec 20 2021 Tom Callaway - 96.0.4664.110-2 - enable WebRTCPipeWireCapturer by default * Thu Dec 16 2021 Tom Callaway - 96.0.4664.110-1 - update to 96.0.4664.110 * Fri Nov 19 2021 Tom Callaway - 96.0.4664.45-1 - update to 96.0.4664.45 * Fri Nov 12 2021 Tom Callaway - 95.0.4638.69-1 - update to 95.0.4638.69

References

[ 1 ] Bug #2018561 - CVE-2021-37997 chromium-browser: Use after free in Sign-In https://bugzilla.redhat.com/show_bug.cgi?id=2018561 [ 2 ] Bug #2018562 - CVE-2021-37998 chromium-browser: Use after free in Garbage Collection https://bugzilla.redhat.com/show_bug.cgi?id=2018562 [ 3 ] Bug #2018563 - CVE-2021-37999 chromium-browser: Insufficient data validation in New Tab Page https://bugzilla.redhat.com/show_bug.cgi?id=2018563 [ 4 ] Bug #2018564 - CVE-2021-38000 chromium-browser: Insufficient validation of untrusted input in Intents https://bugzilla.redhat.com/show_bug.cgi?id=2018564 [ 5 ] Bug #2018565 - CVE-2021-38001 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2018565 [ 6 ] Bug #2018566 - CVE-2021-38002 chromium-browser: Use after free in Web Transport https://bugzilla.redhat.com/show_bug.cgi?id=2018566 [ 7 ] Bug #2018567 - CVE-2021-38003 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2018567 [ 8 ] Bug #2024272 - CVE-2021-38008 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=2024272 [ 9 ] Bug #2024273 - CVE-2021-38009 chromium-browser: Inappropriate implementation in cache https://bugzilla.redhat.com/show_bug.cgi?id=2024273 [ 10 ] Bug #2024274 - CVE-2021-38006 chromium-browser: Use after free in storage foundation https://bugzilla.redhat.com/show_bug.cgi?id=2024274 [ 11 ] Bug #2024275 - CVE-2021-38007 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2024275 [ 12 ] Bug #2024276 - CVE-2021-38005 chromium-browser: Use after free in loader https://bugzilla.redhat.com/show_bug.cgi?id=2024276 [ 13 ] Bug #2024277 - CVE-2021-38010 chromium-browser: Inappropriate implementation in service workers https://bugzilla.redhat.com/show_bug.cgi?id=2024277 [ 14 ] Bug #2024278 - CVE-2021-38011 chromium-browser: Use after free in storage foundation https://bugzilla.redhat.com/show_bug.cgi?id=2024278 [ 15 ] Bug #2024279 - CVE-2021-38012 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2024279 [ 16 ] Bug #2024280 - CVE-2021-38013 chromium-browser: Heap buffer overflow in fingerprint recognition https://bugzilla.redhat.com/show_bug.cgi?id=2024280 [ 17 ] Bug #2024281 - CVE-2021-38014 chromium-browser: Out of bounds write in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=2024281 [ 18 ] Bug #2024282 - CVE-2021-38015 chromium-browser: Inappropriate implementation in input https://bugzilla.redhat.com/show_bug.cgi?id=2024282 [ 19 ] Bug #2024283 - CVE-2021-38016 chromium-browser: Insufficient policy enforcement in background fetch https://bugzilla.redhat.com/show_bug.cgi?id=2024283 [ 20 ] Bug #2024284 - CVE-2021-38017 chromium-browser: Insufficient policy enforcement in iframe sandbox https://bugzilla.redhat.com/show_bug.cgi?id=2024284 [ 21 ] Bug #2024285 - CVE-2021-38018 chromium-browser: Inappropriate implementation in navigation https://bugzilla.redhat.com/show_bug.cgi?id=2024285 [ 22 ] Bug #2024286 - CVE-2021-38019 chromium-browser: Insufficient policy enforcement in CORS https://bugzilla.redhat.com/show_bug.cgi?id=2024286 [ 23 ] Bug #2024287 - CVE-2021-38020 chromium-browser: Insufficient policy enforcement in contacts picker https://bugzilla.redhat.com/show_bug.cgi?id=2024287 [ 24 ] Bug #2024288 - CVE-2021-38021 chromium-browser: Inappropriate implementation in referrer https://bugzilla.redhat.com/show_bug.cgi?id=2024288 [ 25 ] Bug #2024289 - CVE-2021-38022 chromium-browser: Inappropriate implementation in WebAuthentication https://bugzilla.redhat.com/show_bug.cgi?id=2024289 [ 26 ] Bug #2029881 - CVE-2021-4052 chromium-browser: Use after free in web apps https://bugzilla.redhat.com/show_bug.cgi?id=2029881 [ 27 ] Bug #2029882 - CVE-2021-4053 chromium-browser: Use after free in UI https://bugzilla.redhat.com/show_bug.cgi?id=2029882 [ 28 ] Bug #2029883 - CVE-2021-4054 chromium-browser: Incorrect security UI in autofill https://bugzilla.redhat.com/show_bug.cgi?id=2029883 [ 29 ] Bug #2029884 - CVE-2021-4055 chromium-browser: Heap buffer overflow in extensions https://bugzilla.redhat.com/show_bug.cgi?id=2029884 [ 30 ] Bug #2029885 - CVE-2021-4056 chromium-browser: Type Confusion in loader https://bugzilla.redhat.com/show_bug.cgi?id=2029885 [ 31 ] Bug #2029886 - CVE-2021-4057 chromium-browser: Use after free in file API https://bugzilla.redhat.com/show_bug.cgi?id=2029886 [ 32 ] Bug #2029887 - CVE-2021-4058 chromium-browser: Heap buffer overflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2029887 [ 33 ] Bug #2029888 - CVE-2021-4059 chromium-browser: Insufficient data validation in loader https://bugzilla.redhat.com/show_bug.cgi?id=2029888 [ 34 ] Bug #2029889 - CVE-2021-4061 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2029889 [ 35 ] Bug #2029890 - CVE-2021-4062 chromium-browser: Heap buffer overflow in BFCache https://bugzilla.redhat.com/show_bug.cgi?id=2029890 [ 36 ] Bug #2029892 - CVE-2021-4063 chromium-browser: Use after free in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=2029892 [ 37 ] Bug #2029893 - CVE-2021-4064 chromium-browser: Use after free in screen capture https://bugzilla.redhat.com/show_bug.cgi?id=2029893 [ 38 ] Bug #2029894 - CVE-2021-4065 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=2029894 [ 39 ] Bug #2029895 - CVE-2021-4066 chromium-browser: Integer underflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2029895 [ 40 ] Bug #2029896 - CVE-2021-4067 chromium-browser: Use after free in window manager https://bugzilla.redhat.com/show_bug.cgi?id=2029896 [ 41 ] Bug #2029897 - CVE-2021-4068 chromium-browser: Insufficient validation of untrusted input in new tab page https://bugzilla.redhat.com/show_bug.cgi?id=2029897 [ 42 ] Bug #2032168 - CVE-2021-4098 chromium-browser: Insufficient data validation in Mojo https://bugzilla.redhat.com/show_bug.cgi?id=2032168 [ 43 ] Bug #2032169 - CVE-2021-4099 chromium-browser: Use after free in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=2032169 [ 44 ] Bug #2032170 - CVE-2021-4100 chromium-browser: Object lifecycle issue in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2032170 [ 45 ] Bug #2032171 - CVE-2021-4101 chromium-browser: Heap buffer overflow in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=2032171 [ 46 ] Bug #2032172 - CVE-2021-4102 chromium-browser: Use after free in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2032172

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-6a292e2cf4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : chromium
Product : Fedora 34
Version : 96.0.4664.110
Release : 3.fc34
URL : https://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.