AVG-1631 log

Package chromium
Status Fixed
Severity High
Type multiple issues
Affected 88.0.4324.182-1
Fixed 89.0.4389.72-1
Current 130.0.6723.116-1 [extra]
Ticket None
Created Tue Mar 2 21:27:24 2021
Issue Severity Remote Type Description
CVE-2021-21190 Low Yes Arbitrary code execution
An uninitialized use security issue was found in the PDFium component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21189 Low Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the payments component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21188 Low Yes Arbitrary code execution
A use after free security issue was found in the Blink component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21187 Low Yes Insufficient validation
An insufficient data validation security issue was found in the URL formatting component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21186 Low Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the QR scanning component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21185 Low Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the extensions component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21184 Low Yes Incorrect calculation
An inappropriate implementation security issue was found in the performance APIs component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21183 Low Yes Incorrect calculation
An inappropriate implementation security issue was found in the performance APIs component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21182 Low Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the navigations component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21181 Medium Yes Information disclosure
A side-channel information leakage security issue was found in the autofill component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21180 Medium Yes Arbitrary code execution
A use after free security issue was found in the tab search component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21179 Medium Yes Arbitrary code execution
A use after free security issue was found in the Network Internals component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21178 Medium Yes Incorrect calculation
An inappropriate implementation security issue was found in the Compositing component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21177 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the Autofill component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21176 Medium Yes Incorrect calculation
An inappropriate implementation security issue was found in the full screen mode component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21175 Medium Yes Incorrect calculation
An inappropriate implementation security issue was found in the Site isolation component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21174 Medium Yes Incorrect calculation
An inappropriate implementation security issue was found in the Referrer component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21173 Medium Yes Information disclosure
A side-channel information leakage security issue was found in the Network Internals component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21172 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the File System API component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21171 Medium Yes Content spoofing
An incorrect security UI security issue was found in the TabStrip and Navigation components of the Chromium browser before version 89.0.4389.72.
CVE-2021-21170 Medium Yes Content spoofing
An incorrect security UI security issue was found in the Loader component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21169 Medium Yes Information disclosure
An out of bounds memory access security issue was found in the V8 component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21168 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the appcache component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21167 Medium Yes Arbitrary code execution
A use after free security issue was found in the bookmarks component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21166 High Yes Arbitrary code execution
An object lifecycle security issue was found in the audio component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21165 High Yes Arbitrary code execution
An object lifecycle security issue was found in the audio component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21163 High Yes Insufficient validation
An insufficient data validation security issue was found in the Reader Mode component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21162 High Yes Arbitrary code execution
A use after free security issue was found in the WebRTC component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21161 High Yes Arbitrary code execution
A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21160 High Yes Arbitrary code execution
A heap buffer overflow security issue was found in the WebAudio component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21159 High Yes Arbitrary code execution
A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser before version 89.0.4389.72.
CVE-2020-27844 Medium No Arbitrary code execution
A heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in the current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of OpenJPEG.
References
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html