AVG-1827 log

Package chromium
Status Fixed
Severity High
Type multiple issues
Affected 89.0.4389.128-1
Fixed 90.0.4430.72-1
Current 96.0.4664.45-2 [extra]
Ticket None
Created Wed Apr 14 22:01:09 2021
Issue Severity Remote Type Description
CVE-2021-21221 High Yes Information disclosure
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process...
CVE-2021-21219 Low Yes Information disclosure
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21218 Low Yes Information disclosure
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21217 Low Yes Information disclosure
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21216 Medium Yes Content spoofing
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21215 Medium Yes Content spoofing
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21214 Medium Yes Arbitrary code execution
Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2021-21213 Medium Yes Arbitrary code execution
Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21210 Medium Yes Information disclosure
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted...
CVE-2021-21209 Medium Yes Information disclosure
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-21207 Medium Yes Sandbox escape
Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially...
CVE-2021-21203 High Yes Arbitrary code execution
Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21202 High Yes Sandbox escape
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially...
CVE-2021-21201 High Yes Sandbox escape
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially...