AVG-1633 log

Package	vivaldi
Status	Fixed
Severity	High
Type	multiple issues
Affected	3.6.2165.40-1
Fixed	3.7.2218.45-1
Current	7.0.3495.11-1 [extra]
Ticket	None
Created	Tue Mar 2 22:21:02 2021

Issue	Severity	Remote	Type	Description
CVE-2021-21193	High	Yes	Arbitrary code execution	A use after free security issue was found in the Blink component of the Chromium browser before version 89.0.4389.90. Google is aware of reports that an...
CVE-2021-21192	High	Yes	Arbitrary code execution	A heap buffer overflow security issue was found in the tab groups component of the Chromium browser before version 89.0.4389.90.
CVE-2021-21191	High	Yes	Arbitrary code execution	A use after free security issue was found in the WebRTC component of the Chromium browser before version 89.0.4389.90.
CVE-2021-21190	Low	Yes	Arbitrary code execution	An uninitialized use security issue was found in the PDFium component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21189	Low	Yes	Access restriction bypass	An insufficient policy enforcement security issue was found in the payments component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21188	Low	Yes	Arbitrary code execution	A use after free security issue was found in the Blink component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21187	Low	Yes	Insufficient validation	An insufficient data validation security issue was found in the URL formatting component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21186	Low	Yes	Access restriction bypass	An insufficient policy enforcement security issue was found in the QR scanning component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21185	Low	Yes	Access restriction bypass	An insufficient policy enforcement security issue was found in the extensions component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21184	Low	Yes	Incorrect calculation	An inappropriate implementation security issue was found in the performance APIs component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21183	Low	Yes	Incorrect calculation	An inappropriate implementation security issue was found in the performance APIs component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21182	Low	Yes	Access restriction bypass	An insufficient policy enforcement security issue was found in the navigations component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21181	Medium	Yes	Information disclosure	A side-channel information leakage security issue was found in the autofill component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21180	Medium	Yes	Arbitrary code execution	A use after free security issue was found in the tab search component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21179	Medium	Yes	Arbitrary code execution	A use after free security issue was found in the Network Internals component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21178	Medium	Yes	Incorrect calculation	An inappropriate implementation security issue was found in the Compositing component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21177	Medium	Yes	Access restriction bypass	An insufficient policy enforcement security issue was found in the Autofill component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21176	Medium	Yes	Incorrect calculation	An inappropriate implementation security issue was found in the full screen mode component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21175	Medium	Yes	Incorrect calculation	An inappropriate implementation security issue was found in the Site isolation component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21174	Medium	Yes	Incorrect calculation	An inappropriate implementation security issue was found in the Referrer component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21173	Medium	Yes	Information disclosure	A side-channel information leakage security issue was found in the Network Internals component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21172	Medium	Yes	Access restriction bypass	An insufficient policy enforcement security issue was found in the File System API component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21171	Medium	Yes	Content spoofing	An incorrect security UI security issue was found in the TabStrip and Navigation components of the Chromium browser before version 89.0.4389.72.
CVE-2021-21170	Medium	Yes	Content spoofing	An incorrect security UI security issue was found in the Loader component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21169	Medium	Yes	Information disclosure	An out of bounds memory access security issue was found in the V8 component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21168	Medium	Yes	Access restriction bypass	An insufficient policy enforcement security issue was found in the appcache component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21167	Medium	Yes	Arbitrary code execution	A use after free security issue was found in the bookmarks component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21166	High	Yes	Arbitrary code execution	An object lifecycle security issue was found in the audio component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21165	High	Yes	Arbitrary code execution	An object lifecycle security issue was found in the audio component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21163	High	Yes	Insufficient validation	An insufficient data validation security issue was found in the Reader Mode component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21162	High	Yes	Arbitrary code execution	A use after free security issue was found in the WebRTC component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21161	High	Yes	Arbitrary code execution	A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21160	High	Yes	Arbitrary code execution	A heap buffer overflow security issue was found in the WebAudio component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21159	High	Yes	Arbitrary code execution	A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser before version 89.0.4389.72.
CVE-2020-27844	Medium	No	Arbitrary code execution	A heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in the current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of OpenJPEG.

Date	Advisory	Package	Type
25 Mar 2021	ASA-202103-19	vivaldi	multiple issues

References
https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/ https://vivaldi.com/blog/vivaldi-fires-up-performance-2/

Notes
Vivaldi version 3.6.2165.40 is based on Chromium 88.0.4324.186, Vivaldi version 3.7.2218.45 is based on Chromium 89.0.4389.91 according to the references.