AVG-1752 log

Package vivaldi
Status Fixed
Severity High
Type multiple issues
Affected 3.7.2218.49-1
Fixed 3.7.2218.52-1
Current 7.0.3495.23-1 [extra]
Ticket None
Created Wed Mar 31 08:03:33 2021
Issue Severity Remote Type Description
CVE-2021-21199 High Yes Arbitrary code execution
Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially...
CVE-2021-21198 High Yes Sandbox escape
An out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially...
CVE-2021-21197 High Yes Arbitrary code execution
A heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195 High Yes Arbitrary code execution
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21194 High Yes Arbitrary code execution
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
https://vivaldi.com/blog/vivaldi-fires-up-performance-2/
https://vivaldi.com/blog/desktop/minor-update-for-vivaldi-desktop-browser-3-7/
https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-browser-3-7/
Notes
Vivaldi version 3.7.2218.49 is based on Chromium 89.0.4389.91, Vivaldi version 3.7.2218.52 is based on Chromium 89.0.4389.116 according to the references.