Fedora 34: chromium 2021-6a292e2cf4
Summary
Chromium is an open-source web browser, powered by WebKit (Blink).
Add wayland detection and pass flags to improve experience when wayland is used.
---- Update to 96.0.4664.110. You know the drill, lots of security bugs fixed,
update if you like security, hit that like and subscribe button. CVE-2021-4052
CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057
CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063
CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
CVE-2021-4079 CVE-2021-4078 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100
CVE-2021-4101 CVE-2021-4102 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999
CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004
CVE-2021-38008 CVE-2021-38009 CVE-2021-38006 CVE-2021-38007 CVE-2021-38005
CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014
CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019
CVE-2021-38020 CVE-2021-38021 CVE-2021-38022
* Mon Dec 27 2021 Tom Callaway
- have chromium-browser.sh check for wayland env vars and if found, set ozone flags appropriately
Thanks to Neal Gompa for the nudge
* Mon Dec 20 2021 Tom Callaway
- enable WebRTCPipeWireCapturer by default
* Thu Dec 16 2021 Tom Callaway
- update to 96.0.4664.110
* Fri Nov 19 2021 Tom Callaway
- update to 96.0.4664.45
* Fri Nov 12 2021 Tom Callaway
- update to 95.0.4638.69
[ 1 ] Bug #2018561 - CVE-2021-37997 chromium-browser: Use after free in Sign-In
https://bugzilla.redhat.com/show_bug.cgi?id=2018561
[ 2 ] Bug #2018562 - CVE-2021-37998 chromium-browser: Use after free in Garbage Collection
https://bugzilla.redhat.com/show_bug.cgi?id=2018562
[ 3 ] Bug #2018563 - CVE-2021-37999 chromium-browser: Insufficient data validation in New Tab Page
https://bugzilla.redhat.com/show_bug.cgi?id=2018563
[ 4 ] Bug #2018564 - CVE-2021-38000 chromium-browser: Insufficient validation of untrusted input in Intents
https://bugzilla.redhat.com/show_bug.cgi?id=2018564
[ 5 ] Bug #2018565 - CVE-2021-38001 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2018565
[ 6 ] Bug #2018566 - CVE-2021-38002 chromium-browser: Use after free in Web Transport
https://bugzilla.redhat.com/show_bug.cgi?id=2018566
[ 7 ] Bug #2018567 - CVE-2021-38003 chromium-browser: Inappropriate implementation in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2018567
[ 8 ] Bug #2024272 - CVE-2021-38008 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=2024272
[ 9 ] Bug #2024273 - CVE-2021-38009 chromium-browser: Inappropriate implementation in cache
https://bugzilla.redhat.com/show_bug.cgi?id=2024273
[ 10 ] Bug #2024274 - CVE-2021-38006 chromium-browser: Use after free in storage foundation
https://bugzilla.redhat.com/show_bug.cgi?id=2024274
[ 11 ] Bug #2024275 - CVE-2021-38007 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2024275
[ 12 ] Bug #2024276 - CVE-2021-38005 chromium-browser: Use after free in loader
https://bugzilla.redhat.com/show_bug.cgi?id=2024276
[ 13 ] Bug #2024277 - CVE-2021-38010 chromium-browser: Inappropriate implementation in service workers
https://bugzilla.redhat.com/show_bug.cgi?id=2024277
[ 14 ] Bug #2024278 - CVE-2021-38011 chromium-browser: Use after free in storage foundation
https://bugzilla.redhat.com/show_bug.cgi?id=2024278
[ 15 ] Bug #2024279 - CVE-2021-38012 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2024279
[ 16 ] Bug #2024280 - CVE-2021-38013 chromium-browser: Heap buffer overflow in fingerprint recognition
https://bugzilla.redhat.com/show_bug.cgi?id=2024280
[ 17 ] Bug #2024281 - CVE-2021-38014 chromium-browser: Out of bounds write in Swiftshader
https://bugzilla.redhat.com/show_bug.cgi?id=2024281
[ 18 ] Bug #2024282 - CVE-2021-38015 chromium-browser: Inappropriate implementation in input
https://bugzilla.redhat.com/show_bug.cgi?id=2024282
[ 19 ] Bug #2024283 - CVE-2021-38016 chromium-browser: Insufficient policy enforcement in background fetch
https://bugzilla.redhat.com/show_bug.cgi?id=2024283
[ 20 ] Bug #2024284 - CVE-2021-38017 chromium-browser: Insufficient policy enforcement in iframe sandbox
https://bugzilla.redhat.com/show_bug.cgi?id=2024284
[ 21 ] Bug #2024285 - CVE-2021-38018 chromium-browser: Inappropriate implementation in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=2024285
[ 22 ] Bug #2024286 - CVE-2021-38019 chromium-browser: Insufficient policy enforcement in CORS
https://bugzilla.redhat.com/show_bug.cgi?id=2024286
[ 23 ] Bug #2024287 - CVE-2021-38020 chromium-browser: Insufficient policy enforcement in contacts picker
https://bugzilla.redhat.com/show_bug.cgi?id=2024287
[ 24 ] Bug #2024288 - CVE-2021-38021 chromium-browser: Inappropriate implementation in referrer
https://bugzilla.redhat.com/show_bug.cgi?id=2024288
[ 25 ] Bug #2024289 - CVE-2021-38022 chromium-browser: Inappropriate implementation in WebAuthentication
https://bugzilla.redhat.com/show_bug.cgi?id=2024289
[ 26 ] Bug #2029881 - CVE-2021-4052 chromium-browser: Use after free in web apps
https://bugzilla.redhat.com/show_bug.cgi?id=2029881
[ 27 ] Bug #2029882 - CVE-2021-4053 chromium-browser: Use after free in UI
https://bugzilla.redhat.com/show_bug.cgi?id=2029882
[ 28 ] Bug #2029883 - CVE-2021-4054 chromium-browser: Incorrect security UI in autofill
https://bugzilla.redhat.com/show_bug.cgi?id=2029883
[ 29 ] Bug #2029884 - CVE-2021-4055 chromium-browser: Heap buffer overflow in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=2029884
[ 30 ] Bug #2029885 - CVE-2021-4056 chromium-browser: Type Confusion in loader
https://bugzilla.redhat.com/show_bug.cgi?id=2029885
[ 31 ] Bug #2029886 - CVE-2021-4057 chromium-browser: Use after free in file API
https://bugzilla.redhat.com/show_bug.cgi?id=2029886
[ 32 ] Bug #2029887 - CVE-2021-4058 chromium-browser: Heap buffer overflow in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=2029887
[ 33 ] Bug #2029888 - CVE-2021-4059 chromium-browser: Insufficient data validation in loader
https://bugzilla.redhat.com/show_bug.cgi?id=2029888
[ 34 ] Bug #2029889 - CVE-2021-4061 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2029889
[ 35 ] Bug #2029890 - CVE-2021-4062 chromium-browser: Heap buffer overflow in BFCache
https://bugzilla.redhat.com/show_bug.cgi?id=2029890
[ 36 ] Bug #2029892 - CVE-2021-4063 chromium-browser: Use after free in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=2029892
[ 37 ] Bug #2029893 - CVE-2021-4064 chromium-browser: Use after free in screen capture
https://bugzilla.redhat.com/show_bug.cgi?id=2029893
[ 38 ] Bug #2029894 - CVE-2021-4065 chromium-browser: Use after free in autofill
https://bugzilla.redhat.com/show_bug.cgi?id=2029894
[ 39 ] Bug #2029895 - CVE-2021-4066 chromium-browser: Integer underflow in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=2029895
[ 40 ] Bug #2029896 - CVE-2021-4067 chromium-browser: Use after free in window manager
https://bugzilla.redhat.com/show_bug.cgi?id=2029896
[ 41 ] Bug #2029897 - CVE-2021-4068 chromium-browser: Insufficient validation of untrusted input in new tab page
https://bugzilla.redhat.com/show_bug.cgi?id=2029897
[ 42 ] Bug #2032168 - CVE-2021-4098 chromium-browser: Insufficient data validation in Mojo
https://bugzilla.redhat.com/show_bug.cgi?id=2032168
[ 43 ] Bug #2032169 - CVE-2021-4099 chromium-browser: Use after free in Swiftshader
https://bugzilla.redhat.com/show_bug.cgi?id=2032169
[ 44 ] Bug #2032170 - CVE-2021-4100 chromium-browser: Object lifecycle issue in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=2032170
[ 45 ] Bug #2032171 - CVE-2021-4101 chromium-browser: Heap buffer overflow in Swiftshader
https://bugzilla.redhat.com/show_bug.cgi?id=2032171
[ 46 ] Bug #2032172 - CVE-2021-4102 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2032172
su -c 'dnf upgrade --advisory FEDORA-2021-6a292e2cf4' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FEDORA-2021-6a292e2cf4 2022-01-07 01:10:27.075061 Product : Fedora 34 Version : 96.0.4664.110 Release : 3.fc34 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). Add wayland detection and pass flags to improve experience when wayland is used. ---- Update to 96.0.4664.110. You know the drill, lots of security bugs fixed, update if you like security, hit that like and subscribe button. CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4079 CVE-2021-4078 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38008 CVE-2021-38009 CVE-2021-38006 CVE-2021-38007 CVE-2021-38005 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 * Mon Dec 27 2021 Tom Callaway - 96.0.4664.110-3 - have chromium-browser.sh check for wayland env vars and if found, set ozone flags appropriately Thanks to Neal Gompa for the nudge * Mon Dec 20 2021 Tom Callaway - 96.0.4664.110-2 - enable WebRTCPipeWireCapturer by default * Thu Dec 16 2021 Tom Callaway - 96.0.4664.110-1 - update to 96.0.4664.110 * Fri Nov 19 2021 Tom Callaway - 96.0.4664.45-1 - update to 96.0.4664.45 * Fri Nov 12 2021 Tom Callaway - 95.0.4638.69-1 - update to 95.0.4638.69 [ 1 ] Bug #2018561 - CVE-2021-37997 chromium-browser: Use after free in Sign-In https://bugzilla.redhat.com/show_bug.cgi?id=2018561 [ 2 ] Bug #2018562 - CVE-2021-37998 chromium-browser: Use after free in Garbage Collection https://bugzilla.redhat.com/show_bug.cgi?id=2018562 [ 3 ] Bug #2018563 - CVE-2021-37999 chromium-browser: Insufficient data validation in New Tab Page https://bugzilla.redhat.com/show_bug.cgi?id=2018563 [ 4 ] Bug #2018564 - CVE-2021-38000 chromium-browser: Insufficient validation of untrusted input in Intents https://bugzilla.redhat.com/show_bug.cgi?id=2018564 [ 5 ] Bug #2018565 - CVE-2021-38001 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2018565 [ 6 ] Bug #2018566 - CVE-2021-38002 chromium-browser: Use after free in Web Transport https://bugzilla.redhat.com/show_bug.cgi?id=2018566 [ 7 ] Bug #2018567 - CVE-2021-38003 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2018567 [ 8 ] Bug #2024272 - CVE-2021-38008 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=2024272 [ 9 ] Bug #2024273 - CVE-2021-38009 chromium-browser: Inappropriate implementation in cache https://bugzilla.redhat.com/show_bug.cgi?id=2024273 [ 10 ] Bug #2024274 - CVE-2021-38006 chromium-browser: Use after free in storage foundation https://bugzilla.redhat.com/show_bug.cgi?id=2024274 [ 11 ] Bug #2024275 - CVE-2021-38007 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2024275 [ 12 ] Bug #2024276 - CVE-2021-38005 chromium-browser: Use after free in loader https://bugzilla.redhat.com/show_bug.cgi?id=2024276 [ 13 ] Bug #2024277 - CVE-2021-38010 chromium-browser: Inappropriate implementation in service workers https://bugzilla.redhat.com/show_bug.cgi?id=2024277 [ 14 ] Bug #2024278 - CVE-2021-38011 chromium-browser: Use after free in storage foundation https://bugzilla.redhat.com/show_bug.cgi?id=2024278 [ 15 ] Bug #2024279 - CVE-2021-38012 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2024279 [ 16 ] Bug #2024280 - CVE-2021-38013 chromium-browser: Heap buffer overflow in fingerprint recognition https://bugzilla.redhat.com/show_bug.cgi?id=2024280 [ 17 ] Bug #2024281 - CVE-2021-38014 chromium-browser: Out of bounds write in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=2024281 [ 18 ] Bug #2024282 - CVE-2021-38015 chromium-browser: Inappropriate implementation in input https://bugzilla.redhat.com/show_bug.cgi?id=2024282 [ 19 ] Bug #2024283 - CVE-2021-38016 chromium-browser: Insufficient policy enforcement in background fetch https://bugzilla.redhat.com/show_bug.cgi?id=2024283 [ 20 ] Bug #2024284 - CVE-2021-38017 chromium-browser: Insufficient policy enforcement in iframe sandbox https://bugzilla.redhat.com/show_bug.cgi?id=2024284 [ 21 ] Bug #2024285 - CVE-2021-38018 chromium-browser: Inappropriate implementation in navigation https://bugzilla.redhat.com/show_bug.cgi?id=2024285 [ 22 ] Bug #2024286 - CVE-2021-38019 chromium-browser: Insufficient policy enforcement in CORS https://bugzilla.redhat.com/show_bug.cgi?id=2024286 [ 23 ] Bug #2024287 - CVE-2021-38020 chromium-browser: Insufficient policy enforcement in contacts picker https://bugzilla.redhat.com/show_bug.cgi?id=2024287 [ 24 ] Bug #2024288 - CVE-2021-38021 chromium-browser: Inappropriate implementation in referrer https://bugzilla.redhat.com/show_bug.cgi?id=2024288 [ 25 ] Bug #2024289 - CVE-2021-38022 chromium-browser: Inappropriate implementation in WebAuthentication https://bugzilla.redhat.com/show_bug.cgi?id=2024289 [ 26 ] Bug #2029881 - CVE-2021-4052 chromium-browser: Use after free in web apps https://bugzilla.redhat.com/show_bug.cgi?id=2029881 [ 27 ] Bug #2029882 - CVE-2021-4053 chromium-browser: Use after free in UI https://bugzilla.redhat.com/show_bug.cgi?id=2029882 [ 28 ] Bug #2029883 - CVE-2021-4054 chromium-browser: Incorrect security UI in autofill https://bugzilla.redhat.com/show_bug.cgi?id=2029883 [ 29 ] Bug #2029884 - CVE-2021-4055 chromium-browser: Heap buffer overflow in extensions https://bugzilla.redhat.com/show_bug.cgi?id=2029884 [ 30 ] Bug #2029885 - CVE-2021-4056 chromium-browser: Type Confusion in loader https://bugzilla.redhat.com/show_bug.cgi?id=2029885 [ 31 ] Bug #2029886 - CVE-2021-4057 chromium-browser: Use after free in file API https://bugzilla.redhat.com/show_bug.cgi?id=2029886 [ 32 ] Bug #2029887 - CVE-2021-4058 chromium-browser: Heap buffer overflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2029887 [ 33 ] Bug #2029888 - CVE-2021-4059 chromium-browser: Insufficient data validation in loader https://bugzilla.redhat.com/show_bug.cgi?id=2029888 [ 34 ] Bug #2029889 - CVE-2021-4061 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2029889 [ 35 ] Bug #2029890 - CVE-2021-4062 chromium-browser: Heap buffer overflow in BFCache https://bugzilla.redhat.com/show_bug.cgi?id=2029890 [ 36 ] Bug #2029892 - CVE-2021-4063 chromium-browser: Use after free in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=2029892 [ 37 ] Bug #2029893 - CVE-2021-4064 chromium-browser: Use after free in screen capture https://bugzilla.redhat.com/show_bug.cgi?id=2029893 [ 38 ] Bug #2029894 - CVE-2021-4065 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=2029894 [ 39 ] Bug #2029895 - CVE-2021-4066 chromium-browser: Integer underflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2029895 [ 40 ] Bug #2029896 - CVE-2021-4067 chromium-browser: Use after free in window manager https://bugzilla.redhat.com/show_bug.cgi?id=2029896 [ 41 ] Bug #2029897 - CVE-2021-4068 chromium-browser: Insufficient validation of untrusted input in new tab page https://bugzilla.redhat.com/show_bug.cgi?id=2029897 [ 42 ] Bug #2032168 - CVE-2021-4098 chromium-browser: Insufficient data validation in Mojo https://bugzilla.redhat.com/show_bug.cgi?id=2032168 [ 43 ] Bug #2032169 - CVE-2021-4099 chromium-browser: Use after free in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=2032169 [ 44 ] Bug #2032170 - CVE-2021-4100 chromium-browser: Object lifecycle issue in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2032170 [ 45 ] Bug #2032171 - CVE-2021-4101 chromium-browser: Heap buffer overflow in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=2032171 [ 46 ] Bug #2032172 - CVE-2021-4102 chromium-browser: Use after free in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2032172 su -c 'dnf upgrade --advisory FEDORA-2021-6a292e2cf4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Change Log
References