Subject: [ASA-202107-47] chromium: multiple issues Arch Linux Security Advisory ASA-202107-47 ========================================== Severity: High Date : 2021-07-21 CVE-ID : CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568 CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573 CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30578 CVE-2021-30579 CVE-2021-30581 CVE-2021-30582 CVE-2021-30584 CVE-2021-30585 CVE-2021-30588 CVE-2021-30589 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2200 Summary ======= The package chromium before version 92.0.4515.107-1 is vulnerable to multiple issues including access restriction bypass, arbitrary code execution, content spoofing, incorrect calculation, information disclosure and insufficient validation. Resolution ========== Upgrade to 92.0.4515.107-1. # pacman -Syu "chromium>=92.0.4515.107-1" The problems have been fixed upstream in version 92.0.4515.107. Workaround ========== None. Description =========== - CVE-2021-30565 (arbitrary code execution) An out of bounds write security issue has been found in the Tab Groups component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30566 (arbitrary code execution) A stack buffer overflow security issue has been found in the Printing component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30567 (arbitrary code execution) A use after free security issue has been found in the DevTools component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30568 (arbitrary code execution) A heap buffer overflow security issue has been found in the WebGL component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30569 (arbitrary code execution) A use after free security issue has been found in the sqlite component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30571 (access restriction bypass) An insufficient policy enforcement security issue has been found in the DevTools component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30572 (arbitrary code execution) A use after free security issue has been found in the Autofill component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30573 (arbitrary code execution) A use after free security issue has been found in the GPU component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30574 (arbitrary code execution) A use after free security issue has been found in the protocol handling component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30575 (information disclosure) An out of bounds read security issue has been found in the Autofill component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30576 (arbitrary code execution) A use after free security issue has been found in the DevTools component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30578 (arbitrary code execution) An uninitialized use security issue has been found in the Media component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30579 (arbitrary code execution) A use after free security issue has been found in the UI framework component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30581 (arbitrary code execution) A use after free security issue has been found in the DevTools component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30582 (incorrect calculation) An inappropriate implementation security issue has been found in the Animation component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30584 (content spoofing) An incorrect security UI security issue has been found in the Downloads component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30585 (arbitrary code execution) A use after free security issue has been found in the sensor handling component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30588 (incorrect calculation) A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 92.0.4515.107. - CVE-2021-30589 (insufficient validation) An insufficient validation of untrusted input security issue has been found in the Sharing component of the Chromium browser engine before version 92.0.4515.107. Impact ====== A remote attacker could execute arbitrary code or spoof content through a crafted web page. References ========== https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html https://crbug.com/1210985 https://crbug.com/1202661 https://crbug.com/1211326 https://crbug.com/1219886 https://crbug.com/1218707 https://crbug.com/1101897 https://crbug.com/1214234 https://crbug.com/1216822 https://securityforeveryone.com/blog/google-chrome-zero-day-vulnerability-cve-2021-30573 https://crbug.com/1227315 https://crbug.com/1213313 https://crbug.com/1194896 https://crbug.com/1201074 https://crbug.com/1207277 https://crbug.com/1194431 https://crbug.com/1205981 https://crbug.com/1213350 https://crbug.com/1023503 https://crbug.com/1195650 https://crbug.com/1180510 https://security.archlinux.org/CVE-2021-30565 https://security.archlinux.org/CVE-2021-30566 https://security.archlinux.org/CVE-2021-30567 https://security.archlinux.org/CVE-2021-30568 https://security.archlinux.org/CVE-2021-30569 https://security.archlinux.org/CVE-2021-30571 https://security.archlinux.org/CVE-2021-30572 https://security.archlinux.org/CVE-2021-30573 https://security.archlinux.org/CVE-2021-30574 https://security.archlinux.org/CVE-2021-30575 https://security.archlinux.org/CVE-2021-30576 https://security.archlinux.org/CVE-2021-30578 https://security.archlinux.org/CVE-2021-30579 https://security.archlinux.org/CVE-2021-30581 https://security.archlinux.org/CVE-2021-30582 https://security.archlinux.org/CVE-2021-30584 https://security.archlinux.org/CVE-2021-30585 https://security.archlinux.org/CVE-2021-30588 https://security.archlinux.org/CVE-2021-30589