Bug 1185398 - (CVE-2021-21227) VUL-0: CVE-2021-21227,CVE-2021-21232,CVE-2021-21233,CVE-2021-21228,CVE-2021-21229,CVE-2021-21230,CVE-2021-21231: chromium: Update to 90.0.4430.93
(CVE-2021-21227)
VUL-0: CVE-2021-21227,CVE-2021-21232,CVE-2021-21233,CVE-2021-21228,CVE-2021-2...
Status: RESOLVED FIXED
: 1185375 (view as bug list)
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-04-28 08:49 UTC by Alexandros Toptsoglou
Modified: 2021-12-15 09:50 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2021-04-28 08:49:31 UTC
CVE-2021-21227: Insufficient data validation in V8. 
CVE-2021-21232: Use after free in Dev Tools. 
CVE-2021-21233: Heap buffer overflow in ANGLE.
CVE-2021-21228: Insufficient policy enforcement in extensions.
CVE-2021-21229: Incorrect security UI in downloads.
CVE-2021-21230: Type Confusion in V8. 
CVE-2021-21231: Insufficient data validation in V8.

Reference 

https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
Comment 1 Andreas Stieger 2021-04-28 09:26:59 UTC
*** Bug 1185375 has been marked as a duplicate of this bug. ***
Comment 2 Marcus Meissner 2021-04-28 16:17:19 UTC
i sent a sr to network:chromium with the fixed version
Comment 3 OBSbugzilla Bot 2021-04-28 17:00:06 UTC
This is an autogenerated message for OBS integration:
This bug (1185398) was mentioned in
https://build.opensuse.org/request/show/889077 Factory / chromium
https://build.opensuse.org/request/show/889078 Backports:SLE-15-SP3 / chromium
Comment 4 OBSbugzilla Bot 2021-04-28 18:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (1185398) was mentioned in
https://build.opensuse.org/request/show/889098 15.2 / chromium
Comment 5 Andreas Stieger 2021-04-30 15:50:26 UTC
back to security team
Comment 6 Swamp Workflow Management 2021-05-01 01:24:15 UTC
openSUSE-SU-2021:0629-1: An update that fixes 25 vulnerabilities is now available.

Category: security (critical)
Bug References: 11845047,1184764,1185398
CVE References: CVE-2021-21201,CVE-2021-21202,CVE-2021-21203,CVE-2021-21204,CVE-2021-21205,CVE-2021-21207,CVE-2021-21208,CVE-2021-21209,CVE-2021-21210,CVE-2021-21211,CVE-2021-21212,CVE-2021-21213,CVE-2021-21221,CVE-2021-21222,CVE-2021-21223,CVE-2021-21224,CVE-2021-21225,CVE-2021-21226,CVE-2021-21227,CVE-2021-21228,CVE-2021-21229,CVE-2021-21230,CVE-2021-21231,CVE-2021-21232,CVE-2021-21233
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    chromium-90.0.4430.93-lp152.2.89.1
Comment 7 Andreas Stieger 2021-05-01 09:38:22 UTC
done
Comment 8 OBSbugzilla Bot 2021-12-15 09:50:09 UTC
This is an autogenerated message for OBS integration:
This bug (1185398) was mentioned in
https://build.opensuse.org/request/show/940663 Backports:SLE-12-SP3 / chromium