Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE Leap 15.2: 2021:0742-1 Important: Chromium Security Concerns

opensuse
Calendar Grey May 16, 2021
Dist Opensuse Esm H88
New update released for openSUSE addressing 15 vulnerabilities in chromium, essential for ensuring user protection.
An update that fixes 15 vulnerabilities is now available

Description

This update for chromium fixes the following issues:

Chromium 90.0.4430.212 (boo#1185908)

* CVE-2021-30506: Incorrect security UI in Web App Installs

* CVE-2021-30507: Inappropriate implementation in Offline

* CVE-2021-30508: Heap buffer overflow in Media Feeds

* CVE-2021-30509: Out of bounds write in Tab Strip

* CVE-2021-30510: Race in Aura

* CVE-2021-30511: Out of bounds read in Tab Group

* CVE-2021-30512: Use after free in Notifications

* CVE-2021-30513: Type Confusion in V8

* CVE-2021-30514: Use after free in Autofill

* CVE-2021-30515: Use after free in File API

* CVE-2021-30516: Heap buffer overflow in History

* CVE-2021-30517: Type Confusion in V8

* CVE-2021-30518: Heap buffer overflow in Reader Mode

* CVE-2021-30519: Use after free in Payments

* CVE-2021-30520: Use after free in Tab Strip

- FTP support disabled at runtime by default since release 88. Chromium 91

will remove support for ftp altogether (boo#1185496)

Topics%20covered

Topics Covered

security advisory security issue update buffer overflow software update security fix patch important heap overflow openSUSE chromium

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-742=1

Package List

- openSUSE Leap 15.2 (x86_64):

chromedriver-90.0.4430.212-lp152.2.92.1

chromedriver-debuginfo-90.0.4430.212-lp152.2.92.1

chromium-90.0.4430.212-lp152.2.92.1

chromium-debuginfo-90.0.4430.212-lp152.2.92.1

References

https://www.suse.com/security/cve/CVE-2021-30506.html

https://www.suse.com/security/cve/CVE-2021-30507.html

https://www.suse.com/security/cve/CVE-2021-30508.html

https://www.suse.com/security/cve/CVE-2021-30509.html

https://www.suse.com/security/cve/CVE-2021-30510.html

https://www.suse.com/security/cve/CVE-2021-30511.html

https://www.suse.com/security/cve/CVE-2021-30512.html

https://www.suse.com/security/cve/CVE-2021-30513.html

https://www.suse.com/security/cve/CVE-2021-30514.html

https://www.suse.com/security/cve/CVE-2021-30515.html

https://www.suse.com/security/cve/CVE-2021-30516.html

https://www.suse.com/security/cve/CVE-2021-30517.html

https://www.suse.com/security/cve/CVE-2021-30518.html

https://www.suse.com/security/cve/CVE-2021-30519.html

https://www.suse.com/security/cve/CVE-2021-30520.html

https://bugzilla.suse.com/1185496

https://bugzilla.suse.com/1185716

https://bugzilla.suse.com/1185908

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:0742-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Topics%20covered

Topics Covered

security advisory security issue update buffer overflow software update security fix patch important heap overflow openSUSE chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here