Lesezeichen hinzufügen
Originalnachricht
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-4886-1 security@debian.orghttps://www.debian.org/security/ Michael GilbertApril 06, 2021 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199Several vulnerabilites have been discovered in the chromium web browser.CVE-2021-21159 Khalil Zhani disocvered a buffer overflow issue in the tab implementation.CVE-2021-21160 Marcin Noga discovered a buffer overflow issue in WebAudio.CVE-2021-21161 Khalil Zhani disocvered a buffer overflow issue in the tab implementation.CVE-2021-21162 A use-after-free issue was discovered in the WebRTC implementation.CVE-2021-21163 Alison Huffman discovered a data validation issue.CVE-2021-21165 Alison Huffman discovered an error in the audio implementation.CVE-2021-21166 Alison Huffman discovered an error in the audio implementation.CVE-2021-21167 Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks implementation.CVE-2021-21168 Luan Herrera discovered a policy enforcement error in the appcache.CVE-2021-21169 Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the v8 javascript library.CVE-2021-21170 David Erceg discovered a user interface error.CVE-2021-21171 Irvan Kurniawan discovered a user interface error.CVE-2021-21172 Maciej Pulikowski discovered a policy enforcement error in the File System API.CVE-2021-21173 Tom Van Goethem discovered a network based information leak.CVE-2021-21174 Ashish Guatam Kambled discovered an implementation error in the Referrer policy.CVE-2021-21175 Jun Kokatsu discovered an implementation error in the Site Isolation feature.CVE-2021-21176 Luan Herrera discovered an implementation error in the full screen mode.CVE-2021-21177 Abdulrahman Alqabandi discovered a policy enforcement error in the Autofill feature.CVE-2021-21178 Japong discovered an error in the Compositor implementation.CVE-2021-21179 A use-after-free issue was discovered in the networking implementation.CVE-2021-21180 Abdulrahman Alqabandi discovered a use-after-free issue in the tab search feature.CVE-2021-21181 Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel information leak in the Autofill feature.CVE-2021-21182 Luan Herrera discovered a policy enforcement error in the site navigation implementation.CVE-2021-21183 Takashi Yoneuchi discovered an implementation error in the Performance API.CVE-2021-21184 James Hartig discovered an implementation error in the Performance API.CVE-2021-21185 David Erceg discovered a policy enforcement error in Extensions.CVE-2021-21186 dhirajkumarnifty discovered a policy enforcement error in the QR scan implementation.CVE-2021-21187 Kirtikumar Anandrao Ramchandani discovered a data validation error in URL formatting.CVE-2021-21188 Woojin Oh discovered a use-after-free issue in Blink/Webkit.CVE-2021-21189 Khalil Zhani discovered a policy enforcement error in the Payments implementation.CVE-2021-21190 Zhou Aiting discovered use of uninitialized memory in the pdfium library.CVE-2021-21191 raven discovered a use-after-free issue in the WebRTC implementation.CVE-2021-21192 Abdulrahman Alqabandi discovered a buffer overflow issue in the tab implementation.CVE-2021-21193 A use-after-free issue was discovered in Blink/Webkit.CVE-2021-21194 Leecraso and Guang Gong discovered a use-after-free issue in the screen capture feature.CVE-2021-21195 Liu and Liang discovered a use-after-free issue in the v8 javascript library.CVE-2021-21196 Khalil Zhani discovered a buffer overflow issue in the tab implementation.CVE-2021-21197 Abdulrahman Alqabandi discovered a buffer overflow issue in the tab implementation.CVE-2021-21198 Mark Brand discovered an out-of-bounds read issue in the Inter-Process Communication implementation.CVE-2021-21199 Weipeng Jiang discovered a use-after-free issue in the Aura window and event manager.For the stable distribution (buster), these problems have been fixed inversion 89.0.4389.114-1~deb10u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmBsY1oACgkQmD40ZYkUayiUXSAAgfMNsCeTke9JJBtyvUU4EzWt6op+dq3g4pN11Clqo5Y2vgHTPjiPjoYKz5qy9V9FNUrnKyVmLjspdsNgSHaGUjxhFgiTUql59kSPOuOLCMrByP1aYZ7W6xGJFw5Um5m2V/sPsDFFakTbU3YMLqOV/UnoWxb0E/1WR1ucXRU5DBviAJhl47yaCLwHpP+FLQVgRbhgnwwtEmuq/VulA5UYy3GXU6kyE0NsXU4pvyzHuxJEutvLsQHQ9LqsJf6PbN1oWLAESbVL2sPVNrkSwlfRDM6du+km4KZdaURTBaLN1d8P8nnvBlvVGiAyZgKM3d56PsMBqVvU+2mlg8JsGKqw1pi4yMXSOT13DkzpgfCBJNin9XuzzyzWbdPVgjM+VzpoyD1HSFg23g5ly3VcQcZR62C+JwT35xve52Jed6RWMYK/HmYBMhcE8Yu/7gQiUvg9CnEkvrLpbfy9LvrKNzLmo5KMsvjSFme+nlcrWL9Fp3j89R7uJp/GA4vwnrF16QKz/sI8ylHXuJjnWVzc1LfbyIBWjyBr/YAm6RI8mRAhKIS31qT7Xqp2MXDfHyvioFheWUykKMeX57rlv/U3t8e1iq2tvkMcD1vARTA1LHwHcCYhxHaHo/cZSMgL7qriuNuv4b8PXDJxSsm096sMeeNdoRKUX3lZnaDa3Kbg1Rz78faY3/x2egkSS5eYvzzYLKF2/oK8pXnZeT4woVlp4/bhxVW8YtScDOuGQwwNIVfYmV+AdFI+RJP0FvlkHC2rZ2Rc94zD5kN5ig8XYxFisr7iv7m3Ip1xwCxM0/NYeyv8VV2HX8YIclp4XHZ6sWX9wNQWv9NKDwE/0mdQmqKwhGgfBgUD49HnJv8N9oLwpw0sp8qXupZfFxGHZnsTL9xyHCmFxtQ13JrI2XLYSiDgJOCQjSOBQoE8kcQVe53V44djqKE1z5lsAL5MXGuacK8HOuRQqMeUofBWoN/sIF9unUGqxO6tkqQiQw7PsIfOeTMofMYDDRI1ImyDuBCyG/i6pwHMgjiAkIgxUm2q5JC6U+glOw7Hftxos3S9spUPbJHWxSpUKrlu+w+CNhDomX1E/mJvssTpOD3G0/M50bKgIsxWRnBgF+nzPaKfxmmVJ9V3mMZ7mnE8A+ByZmBGpqyTN57rwJjty8IA14Ti6Cv1WhQ/QRNPNZi6WLj9pkLf0kL5jvJ9ukc44hTq3PLZgUvphhmU0BG9Yt+8JQZ5JqsoP7/Sj+tXlLwWH7lqkbr/mwLzbnTRlEULFTnKvs5W7YJUxE9l9VsrDztOKw3iqTKbAUVozFvN/b/JEb0sQYV9RDSyqW0iiUEG6cVkSyihwOPXdS43UhewHMEVGLe4sJxbMVKhJw===Acyh-----END PGP SIGNATURE-----