Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryfedorachrome updateFedora 38: 2024-01f4c93547 High: Chromium Object Issue Notification
Update to 123.0.6312.58 * High CVE-2024-2625: Object lifecycle issue in V8 * Medium CVE-2024-2626: Out of bounds read in Swiftshader * Medium CVE-2024-2627: Use after free in Canvas * Medium CVE-2024-2628: Inappropriate implementation in Downloads. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-01f4c93547 2024-03-23 00:51:57.193889 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 38 Version : 123.0.6312.58 Release : 1.fc38 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 123.0.6312.58 * High CVE-2024-2625: Object lifecycle issue in V8 * Medium CVE-2024-2626: Out of bounds read in Swiftshader * Medium CVE-2024-2627: Use after free in Canvas * Medium CVE-2024-2628: Inappropriate implementation in Downloads * Medium CVE-2024-2629: Incorrect security UI in iOS * Medium CVE-2024-2630: Inappropriate implementation in iOS * Low CVE-2024-2631: Inappropriate implementation in iOS -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 20 2024 Than Ngo - 123.0.6312.58-1 - update to 123.0.6312.58 * High CVE-2024-2625: Object lifecycle issue in V8 * Medium CVE-2024-2626: Out of bounds read in Swiftshader * Medium CVE-2024-2627: Use after free in Canvas * Medium CVE-2024-2628: Inappropriate implementation in Downloads * Medium CVE-2024-2629: Incorrect security UI in iOS * Medium CVE-2024-2630: Inappropriate implementation in iOS * Low CVE-2024-2631: Inappropriate implementation in iOS * Fri Mar 15 2024 Than Ngo - 123.0.6312.46-1 - update to123.0.6312.46 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2270389 - CVE-2024-2626 CVE-2024-2627 CVE-2024-2628 CVE-2024-2629 CVE-2024-2630 CVE-2024-2631 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2270389 [ 2 ] Bug #2270393 - CVE-2024-2625 chromium: chromium-browser: Object lifecycle issue in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2270393 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-01f4c93547' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 23, 2024
Fedora
89
security advisoryfedoracritical fixFedora 35: 2022-3ca063941b Critical: Chromium Browser Security Fixes
Update to chromium-105.0.5195.125. This package only has minor changes... ah, just kidding. Here is the pile of security issues it fixes: CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3ca063941b 2022-10-05 01:03:41.175132 --------------------------------------------------------------------------------Name : chromium Product : Fedora 35 Version : 105.0.5195.125 Release : 2.fc35 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to chromium-105.0.5195.125. This package only has minor changes... ah, just kidding. Here is the pile of security issues it fixes: CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624 CVE-2022-2852 CVE-2022-2854 CVE-2022-2855 CVE-2022-2857 CVE-2022-2858 CVE-2022-2853 CVE-2022-2856 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3042 CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3071 CVE-2022-3047 CVE-2022-3048 CVE-2022-3049 CVE-2022-3050 CVE-2022-3051 CVE-2022-3052 CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 CVE-2022-3058 CVE-2022-3075 CVE-2022-3195CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 --------------------------------------------------------------------------------ChangeLog: * Fri Sep 23 2022 Tom Callaway - 105.0.5195.125-2 - apply upstream fix for wayland menu misplacement bug * Mon Sep 19 2022 Tom Callaway - 105.0.5195.125-1 - update to 105.0.5195.125 * Thu Sep 1 2022 Tom Callaway - 105.0.5195.52-1 - update to 105.0.5195.52 * Thu Aug 18 2022 Tom Callaway - 104.0.5112.101-1 - update to 104.0.5112.101 * Wed Jul 20 2022 Fedora Release Engineering - 103.0.5060.114-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2095757 - CVE-2022-2007 chromium-browser: Use after free in WebGPU https://bugzilla.redhat.com/show_bug.cgi?id=2095757 [ 2 ] Bug #2095759 - CVE-2022-2008 chromium-browser: Out of bounds memory access in WebGL https://bugzilla.redhat.com/show_bug.cgi?id=2095759 [ 3 ] Bug #2095760 - CVE-2022-2010 chromium-browser: Out of bounds read in compositing https://bugzilla.redhat.com/show_bug.cgi?id=2095760 [ 4 ] Bug #2095761 - CVE-2022-2011 chromium-browser: Use after free in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2095761 [ 5 ] Bug #2114693 - CVE-2022-2603 chromium-browser: Use after free in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=2114693 [ 6 ] Bug #2114694 - CVE-2022-2604 chromium-browser: Use after free in Safe Browsing https://bugzilla.redhat.com/show_bug.cgi?id=2114694 [ 7 ] Bug #2114695 - CVE-2022-2605 chromium-browser: Out of bounds read in Dawn https://bugzilla.redhat.com/show_bug.cgi?id=2114695 [ 8 ] Bug #2114696 - CVE-2022-2606 chromium-browser: Use after free in Managed devices API https://bugzilla.redhat.com/show_bug.cgi?id=2114696 [ 9 ] Bug #2114697 - CVE-2022-2607 chromium-browser: Use after free in Tab Strip https://bugzilla.redhat.com/show_bug.cgi?id=2114697 [ 10 ] Bug #2114698 - CVE-2022-2608 chromium-browser: Use after free in Overview Mode https://bugzilla.redhat.com/show_bug.cgi?id=2114698 [ 11 ] Bug #2114699 - CVE-2022-2609 chromium-browser: Use after free in Nearby Share https://bugzilla.redhat.com/show_bug.cgi?id=2114699 [ 12 ] Bug #2114700 - CVE-2022-2610 chromium-browser: Insufficient policy enforcement in Background Fetch https://bugzilla.redhat.com/show_bug.cgi?id=2114700 [ 13 ] Bug #2114701 - CVE-2022-2611 chromium-browser: Inappropriate implementation in Fullscreen API https://bugzilla.redhat.com/show_bug.cgi?id=2114701 [ 14 ] Bug #2114702 - CVE-2022-2612 chromium-browser: Side-channel information leakage in Keyboard input https://bugzilla.redhat.com/show_bug.cgi?id=2114702 [ 15 ] Bug #2114703 - CVE-2022-2613 chromium-browser: Use after free in Input https://bugzilla.redhat.com/show_bug.cgi?id=2114703 [ 16 ] Bug #2114704 - CVE-2022-2614 chromium-browser: Use after free in Sign-In Flow https://bugzilla.redhat.com/show_bug.cgi?id=2114704 [ 17 ] Bug #2114705 - CVE-2022-2615 chromium-browser: Insufficient policy enforcement in Cookies https://bugzilla.redhat.com/show_bug.cgi?id=2114705 [ 18 ] Bug #2114706 - CVE-2022-2616 chromium-browser: Inappropriate implementation in Extensions API https://bugzilla.redhat.com/show_bug.cgi?id=2114706 [ 19 ] Bug #2114707 - CVE-2022-2617 chromium-browser: Use after free in Extensions API https://bugzilla.redhat.com/show_bug.cgi?id=2114707 [ 20 ] Bug #2114708 - CVE-2022-2618 chromium-browser: Insufficient validation of untrusted input in Internals https://bugzilla.redhat.com/show_bug.cgi?id=2114708 [ 21 ] Bug #2114709 - CVE-2022-2619 chromium-browser: Insufficient validation of untrusted input in Settings https://bugzilla.redhat.com/show_bug.cgi?id=2114709 [ 22 ] Bug #2114710 - CVE-2022-2620 chromium-browser: Use after free inWebUI https://bugzilla.redhat.com/show_bug.cgi?id=2114710 [ 23 ] Bug #2114711 - CVE-2022-2621 chromium-browser: Use after free in Extensions https://bugzilla.redhat.com/show_bug.cgi?id=2114711 [ 24 ] Bug #2114712 - CVE-2022-2622 chromium-browser: Insufficient validation of untrusted input in Safe Browsing https://bugzilla.redhat.com/show_bug.cgi?id=2114712 [ 25 ] Bug #2114713 - CVE-2022-2623 chromium-browser: Use after free in Offline https://bugzilla.redhat.com/show_bug.cgi?id=2114713 [ 26 ] Bug #2114714 - CVE-2022-2624 chromium-browser: Heap buffer overflow in PDF https://bugzilla.redhat.com/show_bug.cgi?id=2114714 [ 27 ] Bug #2118934 - CVE-2022-2852 chromium-browser: Use after free in FedCM https://bugzilla.redhat.com/show_bug.cgi?id=2118934 [ 28 ] Bug #2118935 - CVE-2022-2854 chromium-browser: Use after free in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=2118935 [ 29 ] Bug #2118936 - CVE-2022-2855 chromium-browser: Use after free in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2118936 [ 30 ] Bug #2118937 - CVE-2022-2857 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=2118937 [ 31 ] Bug #2118938 - CVE-2022-2858 chromium-browser: Use after free in Sign-In Flow https://bugzilla.redhat.com/show_bug.cgi?id=2118938 [ 32 ] Bug #2118939 - CVE-2022-2853 chromium-browser: Heap buffer overflow in Downloads https://bugzilla.redhat.com/show_bug.cgi?id=2118939 [ 33 ] Bug #2118941 - CVE-2022-2856 chromium-browser: Insufficient validation of untrusted input in Intents https://bugzilla.redhat.com/show_bug.cgi?id=2118941 [ 34 ] Bug #2118942 - CVE-2022-2859 chromium-browser: Use after free in Chrome OS Shell https://bugzilla.redhat.com/show_bug.cgi?id=2118942 [ 35 ] Bug #2118943 - CVE-2022-2860 chromium-browser: Insufficient policy enforcement in Cookies https://bugzilla.redhat.com/show_bug.cgi?id=2118943 [36 ] Bug #2118944 - CVE-2022-2861 chromium-browser: Inappropriate implementation in Extensions API https://bugzilla.redhat.com/show_bug.cgi?id=2118944 [ 37 ] Bug #2123660 - CVE-2022-3038 chromium-browser: Use after free in Network Service https://bugzilla.redhat.com/show_bug.cgi?id=2123660 [ 38 ] Bug #2123661 - CVE-2022-3039 chromium-browser: Use after free in WebSQL https://bugzilla.redhat.com/show_bug.cgi?id=2123661 [ 39 ] Bug #2123662 - CVE-2022-3040 chromium-browser: Use after free in Layout https://bugzilla.redhat.com/show_bug.cgi?id=2123662 [ 40 ] Bug #2123664 - CVE-2022-3041 chromium-browser: Use after free in WebSQL https://bugzilla.redhat.com/show_bug.cgi?id=2123664 [ 41 ] Bug #2123665 - CVE-2022-3042 chromium-browser: Use after free in PhoneHub https://bugzilla.redhat.com/show_bug.cgi?id=2123665 [ 42 ] Bug #2123666 - CVE-2022-3043 chromium-browser: Heap buffer overflow in Screen Capture https://bugzilla.redhat.com/show_bug.cgi?id=2123666 [ 43 ] Bug #2123667 - CVE-2022-3044 chromium-browser: Inappropriate implementation in Site Isolation https://bugzilla.redhat.com/show_bug.cgi?id=2123667 [ 44 ] Bug #2123668 - CVE-2022-3045 chromium-browser: Insufficient validation of untrusted input in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2123668 [ 45 ] Bug #2123669 - CVE-2022-3046 chromium-browser: Use after free in Browser Tag https://bugzilla.redhat.com/show_bug.cgi?id=2123669 [ 46 ] Bug #2123670 - CVE-2022-3071 chromium-browser: Use after free in Tab Strip https://bugzilla.redhat.com/show_bug.cgi?id=2123670 [ 47 ] Bug #2123671 - CVE-2022-3047 chromium-browser: Insufficient policy enforcement in Extensions API https://bugzilla.redhat.com/show_bug.cgi?id=2123671 [ 48 ] Bug #2123672 - CVE-2022-3048 chromium-browser: Inappropriate implementation in Chrome OS lockscreen https://bugzilla.redhat.com/show_bug.cgi?id=2123672 [ 49 ] Bug #2123673 - CVE-2022-3049chromium-browser: Use after free in SplitScreen https://bugzilla.redhat.com/show_bug.cgi?id=2123673 [ 50 ] Bug #2123674 - CVE-2022-3050 chromium-browser: Heap buffer overflow in WebUI https://bugzilla.redhat.com/show_bug.cgi?id=2123674 [ 51 ] Bug #2123675 - CVE-2022-3051 chromium-browser: Heap buffer overflow in Exosphere https://bugzilla.redhat.com/show_bug.cgi?id=2123675 [ 52 ] Bug #2123676 - CVE-2022-3052 chromium-browser: Heap buffer overflow in Window Manager https://bugzilla.redhat.com/show_bug.cgi?id=2123676 [ 53 ] Bug #2123677 - CVE-2022-3053 chromium-browser: Inappropriate implementation in Pointer Lock https://bugzilla.redhat.com/show_bug.cgi?id=2123677 [ 54 ] Bug #2123678 - CVE-2022-3054 chromium-browser: Insufficient policy enforcement in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=2123678 [ 55 ] Bug #2123679 - CVE-2022-3055 chromium-browser: Use after free in Passwords https://bugzilla.redhat.com/show_bug.cgi?id=2123679 [ 56 ] Bug #2123680 - CVE-2022-3056 chromium-browser: Insufficient policy enforcement in Content Security Policy https://bugzilla.redhat.com/show_bug.cgi?id=2123680 [ 57 ] Bug #2123681 - CVE-2022-3057 chromium-browser: Inappropriate implementation in iframe Sandbox https://bugzilla.redhat.com/show_bug.cgi?id=2123681 [ 58 ] Bug #2123683 - CVE-2022-3058 chromium-browser: Use after free in Sign-In Flow https://bugzilla.redhat.com/show_bug.cgi?id=2123683 [ 59 ] Bug #2124154 - CVE-2022-3075 chromium-browser: Insufficient data validation in Mojo https://bugzilla.redhat.com/show_bug.cgi?id=2124154 [ 60 ] Bug #2126918 - CVE-2022-3195 chromium-browser: Out of bounds write in Storage https://bugzilla.redhat.com/show_bug.cgi?id=2126918 [ 61 ] Bug #2126919 - CVE-2022-3196 chromium-browser: Use after free in PDF https://bugzilla.redhat.com/show_bug.cgi?id=2126919 [ 62 ] Bug #2126920 - CVE-2022-3197 chromium-browser: Use after free inPDF https://bugzilla.redhat.com/show_bug.cgi?id=2126920 [ 63 ] Bug #2126921 - CVE-2022-3198 chromium-browser: Use after free in PDF https://bugzilla.redhat.com/show_bug.cgi?id=2126921 [ 64 ] Bug #2126922 - CVE-2022-3199 chromium-browser: Use after free in Frames https://bugzilla.redhat.com/show_bug.cgi?id=2126922 [ 65 ] Bug #2126923 - CVE-2022-3200 chromium-browser: Heap buffer overflow in Internals https://bugzilla.redhat.com/show_bug.cgi?id=2126923 [ 66 ] Bug #2126924 - CVE-2022-3201 chromium-browser: Insufficient validation of untrusted input in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=2126924 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3ca063941b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 04, 2022
•Critical
Fedora
202
security advisorysoftware patchsecurity issuesopenSUSE: 2022:10035-1 Important: Chromium Security Update Overview
An update that fixes 9 vulnerabilities is now available. . openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10035-1 Rating: important References: #1200783 Cross-References: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 103.0.5060.53 (boo#1200783) * CVE-2022-2156: Use after free in Base * CVE-2022-2157: Use after free in Interest groups * CVE-2022-2158: Type Confusion in V8 * CVE-2022-2160: Insufficient policy enforcement in DevTools * CVE-2022-2161: Use after free in WebApp Provider * CVE-2022-2162: Insufficient policy enforcement in File System API * CVE-2022-2163: Use after free in Cast UI and Toolbar * CVE-2022-2164: Inappropriate implementation in Extensions API * CVE-2022-2165: Insufficient data validation in URL formatting Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10035=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-103.0.5060.53-bp154.2.11.1 chromium-103.0.5060.53-bp154.2.11.1 References: https://www.suse.com/security/cve/CVE-2022-2156.html https://www.suse.com/security/cve/CVE-2022-2157.html https://www.suse.com/security/cve/CVE-2022-2158.html https://www.suse.com/security/cve/CVE-2022-2160.html https://www.suse.com/security/cve/CVE-2022-2161.html https://www.suse.com/security/cve/CVE-2022-2162.html https://www.suse.com/security/cve/CVE-2022-2163.html https://www.suse.com/security/cve/CVE-2022-2164.html https://www.suse.com/security/cve/CVE-2022-2165.html https://bugzilla.suse.com/1200783 . Important patch for openSUSE tackling nine vulnerabilities in chromium. Comprehensive guidance for setup provided.. openSUSE, Chromium Update, Security Patch, Software Security, System Update. . Severity: Important. LinuxSecurity.com Team
Jun 29, 2022
•Important
OpenSUSE
198
security advisorycriticalremote accessArchLinux: 202102-6 Critical Advisory for Chromium Remote Threat
The package chromium before version 88.0.4324.150-1 is vulnerable to multiple issues including arbitrary code execution and incorrect calculation. . Arch Linux Security Advisory ASA-202102-6 ======================================== Severity: Critical Date : 2021-02-06 CVE-ID : CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 CVE-2021-21148 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1525 Summary ====== The package chromium before version 88.0.4324.150-1 is vulnerable to multiple issues including arbitrary code execution and incorrect calculation. Resolution ========= Upgrade to 88.0.4324.150-1. # pacman -Syu "chromium> =88.0.4324.150-1" The problems have been fixed upstream in version 88.0.4324.150. Workaround ========= None. Description ========== - CVE-2021-21142 (arbitrary code execution) A use after free security issue was found in the Payments component of the Chromium browser before version 88.0.4324.146. - CVE-2021-21143 (arbitrary code execution) A heap buffer overflow security issue was found in the Extensions component of the Chromium browser before version 88.0.4324.146. - CVE-2021-21144 (arbitrary code execution) A heap buffer overflow security issue was found in the Tab Groups component of the Chromium browser before version 88.0.4324.146. - CVE-2021-21145 (arbitrary code execution) A use after free security issue was found in the Fonts component of the Chromium browser before version 88.0.4324.146. - CVE-2021-21146 (arbitrary code execution) A use after free security issue was found in the Navigation component of the Chromium browser before version 88.0.4324.146. - CVE-2021-21147 (incorrect calculation) An inappropriate implementation security issue was found in the Skia component of the Chromium browser before version 88.0.4324.146. - CVE-2021-21148 (arbitrary code execution) A heap buffer overflowsecurity issue was found in the V8 component of the Chromium browser before version 88.0.4324.150. Impact ===== A remote attacker might be able to bypass security measures or execute arbitrary code. References ========= https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html https://security.archlinux.org/CVE-2021-21142 https://security.archlinux.org/CVE-2021-21143 https://security.archlinux.org/CVE-2021-21144 https://security.archlinux.org/CVE-2021-21145 https://security.archlinux.org/CVE-2021-21146 https://security.archlinux.org/CVE-2021-21147 https://security.archlinux.org/CVE-2021-21148 . Arch Linux Security Notice: Severe vulnerabilities found in Chromium resolved through update. Prompt action necessary.. Chromium Update, ArchLinux Security, Critical Issues, Remote Code Execution. . Severity: Critical. LinuxSecurity.com Team
Feb 12, 2021
•Critical
ArchLinux
202
security advisorysoftware patchpatchopenSUSE 15.2: openSUSE-SU-2021:0173-1 Moderate: Chromium Update
An update that fixes 26 vulnerabilities is now available. . openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0173-1 Rating: important References: #1181137 Cross-References: CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes 26 vulnerabilities is now available. Description: This update for chromium fixes the following issues: chromium was updated to 88.0.4324.96 boo#1181137 - CVE-2021-21117: Insufficient policy enforcement in Cryptohome - CVE-2021-21118: Insufficient data validation in V8 - CVE-2021-21119: Use after free in Media - CVE-2021-21120: Use after free in WebSQL - CVE-2021-21121: Use after free in Omnibox - CVE-2021-21122: Use after free in Blink - CVE-2021-21123: Insufficient data validation in File System API - CVE-2021-21124: Potential user after free in Speech Recognizer - CVE-2021-21125: Insufficient policy enforcement in File System API - CVE-2020-16044: Use after free in WebRTC - CVE-2021-21126: Insufficient policy enforcement in extensions - CVE-2021-21127: Insufficient policy enforcement in extensions - CVE-2021-21128: Heap buffer overflow in Blink - CVE-2021-21129: Insufficient policy enforcement in File System API - CVE-2021-21130:Insufficient policy enforcement in File System API - CVE-2021-21131: Insufficient policy enforcement in File System API - CVE-2021-21132: Inappropriate implementation in DevTools - CVE-2021-21133: Insufficient policy enforcement in Downloads - CVE-2021-21134: Incorrect security UI in Page Info - CVE-2021-21135: Inappropriate implementation in Performance API - CVE-2021-21136: Insufficient policy enforcement in WebView - CVE-2021-21137: Inappropriate implementation in DevTools - CVE-2021-21138: Use after free in DevTools - CVE-2021-21139: Inappropriate implementation in iframe sandbox - CVE-2021-21140: Uninitialized Use in USB - CVE-2021-21141: Insufficient policy enforcement in File System API Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-173=1 Package List: - openSUSE Leap 15.2 (x86_64): chromedriver-88.0.4324.96-lp152.2.66.1 chromedriver-debuginfo-88.0.4324.96-lp152.2.66.1 chromium-88.0.4324.96-lp152.2.66.1 chromium-debuginfo-88.0.4324.96-lp152.2.66.1 References: https://www.suse.com/security/cve/CVE-2020-16044.html https://www.suse.com/security/cve/CVE-2021-21117.html https://www.suse.com/security/cve/CVE-2021-21118.html https://www.suse.com/security/cve/CVE-2021-21119.html https://www.suse.com/security/cve/CVE-2021-21120.html https://www.suse.com/security/cve/CVE-2021-21121.html https://www.suse.com/security/cve/CVE-2021-21122.html https://www.suse.com/security/cve/CVE-2021-21123.html https://www.suse.com/security/cve/CVE-2021-21124.html https://www.suse.com/security/cve/CVE-2021-21125.html https://www.suse.com/security/cve/CVE-2021-21126.html https://www.suse.com/security/cve/CVE-2021-21127.html https://www.suse.com/security/cve/CVE-2021-21128.html https://www.suse.com/security/cve/CVE-2021-21129.html https://www.suse.com/security/cve/CVE-2021-21130.html https://www.suse.com/security/cve/CVE-2021-21131.html https://www.suse.com/security/cve/CVE-2021-21132.html https://www.suse.com/security/cve/CVE-2021-21133.html https://www.suse.com/security/cve/CVE-2021-21134.html https://www.suse.com/security/cve/CVE-2021-21135.html https://www.suse.com/security/cve/CVE-2021-21136.html https://www.suse.com/security/cve/CVE-2021-21137.html https://www.suse.com/security/cve/CVE-2021-21138.html https://www.suse.com/security/cve/CVE-2021-21139.html https://www.suse.com/security/cve/CVE-2021-21140.html https://www.suse.com/security/cve/CVE-2021-21141.html https://bugzilla.suse.com/1181137 . This essential Ubuntu patch addresses 30 flaws in firefox, boosting safety for its users.. OpenSUSE Update, Chromium Security, Software Patch, Linux Security. . Severity: Important. LinuxSecurity.com Team
Jan 27, 2021
•Important
OpenSUSE
91
security advisorygentoocode execution riskGentoo GLSA: 201805-03 Normal Severity: Google Chrome Code Execution
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, Google Chrome: Multiple vulnerabilities Date: May 02, 2018 Bugs: #654384 ID: 201805-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Background ========= Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 66.0.3359.139 > = 66.0.3359.139 2 www-client/google-chrome < 66.0.3359.139 > = 66.0.3359.139 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact ===== A remote attacker could possibly execute arbitrary code with the privileges of the process. Workaround ========= There is no known workaround at this time. Resolution ========= All Chromium users should upgradeto the latest version: # emerge --sync # emerge --ask --oneshot -v "> =www-client/chromium-66.0.3359.139" All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v "> =www-client/google-chrome-66.0.3359.139" References ========= [ 1 ] CVE-2018-6118 https://nvd.nist.gov/vuln/detail/CVE-2018-6118 [ 2 ] Google Chrome Release 20180426 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201805-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
May 02, 2018
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!