openSUSE-SU-2021:0840-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0840-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0840-1
Related
Published
2021-06-04T13:40:38Z
Modified
2021-06-04T13:40:38Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

Chromium 91.0.4472.77 (boo#1186458):

  • Support Managed configuration API for Web Applications
  • WebOTP API: cross-origin iframe support
  • CSS custom counter styles
  • Support JSON Modules
  • Clipboard: read-only files support
  • Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events
  • Honor media HTML attribute for link icon
  • Import Assertions
  • Class static initializer blocks
  • Ergonomic brand checks for private fields
  • Expose WebAssembly SIMD
  • New Feature: WebTransport
  • ES Modules for service workers ('module' type option)
  • Suggested file name and location for the File System Access API
  • adaptivePTime property for RTCRtpEncodingParameters
  • Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack
  • Support WebSockets over HTTP/2
  • Support 103 Early Hints for Navigation
  • CVE-2021-30521: Heap buffer overflow in Autofill
  • CVE-2021-30522: Use after free in WebAudio
  • CVE-2021-30523: Use after free in WebRTC
  • CVE-2021-30524: Use after free in TabStrip
  • CVE-2021-30525: Use after free in TabGroups
  • CVE-2021-30526: Out of bounds write in TabStrip
  • CVE-2021-30527: Use after free in WebUI
  • CVE-2021-30528: Use after free in WebAuthentication
  • CVE-2021-30529: Use after free in Bookmarks
  • CVE-2021-30530: Out of bounds memory access in WebAudio
  • CVE-2021-30531: Insufficient policy enforcement in Content Security Policy
  • CVE-2021-30532: Insufficient policy enforcement in Content Security Policy
  • CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
  • CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
  • CVE-2021-30535: Double free in ICU
  • CVE-2021-21212: Insufficient data validation in networking
  • CVE-2021-30536: Out of bounds read in V8
  • CVE-2021-30537: Insufficient policy enforcement in cookies
  • CVE-2021-30538: Insufficient policy enforcement in content security policy
  • CVE-2021-30539: Insufficient policy enforcement in content security policy
  • CVE-2021-30540: Incorrect security UI in payments
  • Various fixes from internal audits, fuzzing and other initiatives
References

Affected packages

SUSE:Package Hub 15 SP3 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.0.4472.77-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "91.0.4472.77-bp153.2.3.1",
            "chromium": "91.0.4472.77-bp153.2.3.1"
        }
    ]
}

openSUSE:Leap 15.3 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.0.4472.77-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "91.0.4472.77-bp153.2.3.1",
            "chromium": "91.0.4472.77-bp153.2.3.1"
        }
    ]
}