First Last Prev Next    This bug is not in your last search results.
Bug 1193519 - VUL-0: chromium: multiple security issues fixed in 96.0.4664.93
VUL-0: chromium: multiple security issues fixed in 96.0.4664.93
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Callum Farmer
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-12-08 09:55 UTC by Thomas Leroy
Modified: 2022-01-22 14:16 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2021-12-08 09:55:55 UTC 
[$15000][1267661] High CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07

[$10000][1267791] High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08

[$8500][1265806] High CVE-2021-4079: Out of bounds write in WebRTC. Reported by Brendon Tiszka on 2021-11-01

[$5000][1239760] High CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz on 2021-08-13

[$5000][1268738] High CVE-2021-4078: Type confusion in V8. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2021-11-09

[$1000][1266510] High CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong on 2021-11-03

[$TBD][1260939] High CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360 Alpha Lab on 2021-10-18

[$TBD][1262183] High CVE-2021-4057: Use after free in file API. Reported by Sergei Glazunov of Google Project Zero on 2021-10-21

[$TBD][1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair  on 2021-11-06

[$TBD][1270990] High CVE-2021-4059: Insufficient data validation in loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17

[$TBD][1271456] High CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini on 2021-11-18

[$TBD][1272403] High CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22

[$TBD][1273176] High CVE-2021-4063: Use after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23

[$TBD][1273197] High CVE-2021-4064: Use after free in screen capture. Reported by @ginggilBesel on 2021-11-23

[$TBD][1273674] High CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 on 2021-11-25

[$TBD][1274499] High CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29

[$TBD][1274641] High CVE-2021-4067: Use after free in window manager. Reported by @ginggilBesel on 2021-11-29

[$500][1265197] Low CVE-2021-4068: Insufficient validation of untrusted input in new tab page. Reported by NDevTK on 2021-10-31
Comment 1 OBSbugzilla Bot 2021-12-09 11:40:16 UTC 
This is an autogenerated message for OBS integration:
This bug (1193519) was mentioned in
https://build.opensuse.org/request/show/937729 Backports:SLE-15-SP3 / chromium
Comment 2 Swamp Workflow Management 2021-12-13 23:17:38 UTC 
openSUSE-SU-2021:1582-1: An update that fixes 36 vulnerabilities is now available.

Category: security (important)
Bug References: 1192310,1192734,1193519
CVE References: CVE-2021-38005,CVE-2021-38006,CVE-2021-38007,CVE-2021-38008,CVE-2021-38009,CVE-2021-38010,CVE-2021-38011,CVE-2021-38012,CVE-2021-38013,CVE-2021-38014,CVE-2021-38015,CVE-2021-38016,CVE-2021-38017,CVE-2021-38018,CVE-2021-38019,CVE-2021-38020,CVE-2021-38021,CVE-2021-38022,CVE-2021-4052,CVE-2021-4053,CVE-2021-4054,CVE-2021-4055,CVE-2021-4056,CVE-2021-4057,CVE-2021-4058,CVE-2021-4059,CVE-2021-4061,CVE-2021-4062,CVE-2021-4063,CVE-2021-4064,CVE-2021-4065,CVE-2021-4066,CVE-2021-4067,CVE-2021-4068,CVE-2021-4078,CVE-2021-4079
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    chromium-96.0.4664.93-bp153.2.45.2
Comment 3 OBSbugzilla Bot 2021-12-14 23:30:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1193519) was mentioned in
https://build.opensuse.org/request/show/940589 Factory / chromium
Comment 4 OBSbugzilla Bot 2021-12-15 09:00:20 UTC 
This is an autogenerated message for OBS integration:
This bug (1193519) was mentioned in
https://build.opensuse.org/request/show/940660 15.2 / chromium
Comment 5 OBSbugzilla Bot 2021-12-15 09:50:31 UTC 
This is an autogenerated message for OBS integration:
This bug (1193519) was mentioned in
https://build.opensuse.org/request/show/940663 Backports:SLE-12-SP3 / chromium
Comment 6 OBSbugzilla Bot 2021-12-15 11:50:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1193519) was mentioned in
https://build.opensuse.org/request/show/940702 15.2 / chromium
Comment 7 OBSbugzilla Bot 2021-12-27 00:00:14 UTC 
This is an autogenerated message for OBS integration:
This bug (1193519) was mentioned in
https://build.opensuse.org/request/show/942659 15.2 / chromium
Comment 8 Swamp Workflow Management 2021-12-28 11:17:17 UTC 
openSUSE-SU-2021:1632-1: An update that fixes 41 vulnerabilities is now available.

Category: security (important)
Bug References: 1192310,1192734,1193519,1193713
CVE References: CVE-2021-38005,CVE-2021-38006,CVE-2021-38007,CVE-2021-38008,CVE-2021-38009,CVE-2021-38010,CVE-2021-38011,CVE-2021-38012,CVE-2021-38013,CVE-2021-38014,CVE-2021-38015,CVE-2021-38016,CVE-2021-38017,CVE-2021-38018,CVE-2021-38019,CVE-2021-38020,CVE-2021-38021,CVE-2021-38022,CVE-2021-4052,CVE-2021-4053,CVE-2021-4054,CVE-2021-4055,CVE-2021-4056,CVE-2021-4057,CVE-2021-4058,CVE-2021-4059,CVE-2021-4061,CVE-2021-4062,CVE-2021-4063,CVE-2021-4064,CVE-2021-4065,CVE-2021-4066,CVE-2021-4067,CVE-2021-4068,CVE-2021-4078,CVE-2021-4079,CVE-2021-4098,CVE-2021-4099,CVE-2021-4100,CVE-2021-4101,CVE-2021-4102
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    chromium-96.0.4664.110-lp152.2.143.1
Comment 9 Callum Farmer 2022-01-22 14:16:46 UTC 
done
First Last Prev Next    This bug is not in your last search results.