AVG-1633 log

Package vivaldi
Status Fixed
Severity High
Type multiple issues
Affected 3.6.2165.40-1
Fixed 3.7.2218.45-1
Current 7.0.3495.15-1 [extra]
Ticket None
Created Tue Mar 2 22:21:02 2021
Issue Severity Remote Type Description
CVE-2021-21193 High Yes Arbitrary code execution
A use after free security issue was found in the Blink component of the Chromium browser before version 89.0.4389.90. Google is aware of reports that an...
CVE-2021-21192 High Yes Arbitrary code execution
A heap buffer overflow security issue was found in the tab groups component of the Chromium browser before version 89.0.4389.90.
CVE-2021-21191 High Yes Arbitrary code execution
A use after free security issue was found in the WebRTC component of the Chromium browser before version 89.0.4389.90.
CVE-2021-21190 Low Yes Arbitrary code execution
An uninitialized use security issue was found in the PDFium component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21189 Low Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the payments component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21188 Low Yes Arbitrary code execution
A use after free security issue was found in the Blink component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21187 Low Yes Insufficient validation
An insufficient data validation security issue was found in the URL formatting component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21186 Low Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the QR scanning component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21185 Low Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the extensions component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21184 Low Yes Incorrect calculation
An inappropriate implementation security issue was found in the performance APIs component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21183 Low Yes Incorrect calculation
An inappropriate implementation security issue was found in the performance APIs component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21182 Low Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the navigations component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21181 Medium Yes Information disclosure
A side-channel information leakage security issue was found in the autofill component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21180 Medium Yes Arbitrary code execution
A use after free security issue was found in the tab search component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21179 Medium Yes Arbitrary code execution
A use after free security issue was found in the Network Internals component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21178 Medium Yes Incorrect calculation
An inappropriate implementation security issue was found in the Compositing component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21177 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the Autofill component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21176 Medium Yes Incorrect calculation
An inappropriate implementation security issue was found in the full screen mode component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21175 Medium Yes Incorrect calculation
An inappropriate implementation security issue was found in the Site isolation component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21174 Medium Yes Incorrect calculation
An inappropriate implementation security issue was found in the Referrer component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21173 Medium Yes Information disclosure
A side-channel information leakage security issue was found in the Network Internals component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21172 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the File System API component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21171 Medium Yes Content spoofing
An incorrect security UI security issue was found in the TabStrip and Navigation components of the Chromium browser before version 89.0.4389.72.
CVE-2021-21170 Medium Yes Content spoofing
An incorrect security UI security issue was found in the Loader component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21169 Medium Yes Information disclosure
An out of bounds memory access security issue was found in the V8 component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21168 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue was found in the appcache component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21167 Medium Yes Arbitrary code execution
A use after free security issue was found in the bookmarks component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21166 High Yes Arbitrary code execution
An object lifecycle security issue was found in the audio component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21165 High Yes Arbitrary code execution
An object lifecycle security issue was found in the audio component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21163 High Yes Insufficient validation
An insufficient data validation security issue was found in the Reader Mode component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21162 High Yes Arbitrary code execution
A use after free security issue was found in the WebRTC component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21161 High Yes Arbitrary code execution
A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21160 High Yes Arbitrary code execution
A heap buffer overflow security issue was found in the WebAudio component of the Chromium browser before version 89.0.4389.72.
CVE-2021-21159 High Yes Arbitrary code execution
A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser before version 89.0.4389.72.
CVE-2020-27844 Medium No Arbitrary code execution
A heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in the current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of OpenJPEG.
Date Advisory Package Type
25 Mar 2021 ASA-202103-19 vivaldi multiple issues
References
https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/
https://vivaldi.com/blog/vivaldi-fires-up-performance-2/
Notes
Vivaldi version 3.6.2165.40 is based on Chromium 88.0.4324.186, Vivaldi version 3.7.2218.45 is based on Chromium 89.0.4389.91 according to the references.