AVG-1828 log

Package	vivaldi
Status	Fixed
Severity	High
Type	multiple issues
Affected	3.7.2218.58-1
Fixed	3.8.2259.37-1
Current	7.0.3495.11-1 [extra]
Ticket	None
Created	Thu Apr 15 14:16:25 2021

Issue	Severity	Remote	Type	Description
CVE-2021-21233	High	Yes	Arbitrary code execution	A heap buffer overflow security issue has been found in the ANGLE component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21232	High	Yes	Arbitrary code execution	A use after free security issue has been found in the Dev Tools component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21231	Low	Yes	Incorrect calculation	An insufficient data validation security issue has been found in the V8 component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21230	Medium	Yes	Incorrect calculation	A type confusion security issue has been found in the V8 component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21229	Medium	Yes	Content spoofing	An incorrect security UI security issue has been found in the downloads component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21228	Medium	Yes	Access restriction bypass	An insufficient policy enforcement security issue has been found in the extensions component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21227	High	Yes	Insufficient validation	An insufficient data validation security issue has been found in the V8 component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21226	High	Yes	Sandbox escape	Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially...
CVE-2021-21225	High	Yes	Arbitrary code execution	Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21223	High	Yes	Sandbox escape	Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a...
CVE-2021-21222	High	Yes	Sandbox escape	Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site...
CVE-2021-21221	High	Yes	Information disclosure	Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process...
CVE-2021-21219	Low	Yes	Information disclosure	Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21218	Low	Yes	Information disclosure	Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21217	Low	Yes	Information disclosure	Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21216	Medium	Yes	Content spoofing	Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21215	Medium	Yes	Content spoofing	Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21214	Medium	Yes	Arbitrary code execution	Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2021-21213	Medium	Yes	Arbitrary code execution	Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21210	Medium	Yes	Information disclosure	Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted...
CVE-2021-21209	Medium	Yes	Information disclosure	Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-21207	Medium	Yes	Sandbox escape	Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially...
CVE-2021-21203	High	Yes	Arbitrary code execution	Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21202	High	Yes	Sandbox escape	Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially...
CVE-2021-21201	High	Yes	Sandbox escape	Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially...

Date	Advisory	Package	Type
29 Apr 2021	ASA-202104-2	vivaldi	multiple issues

References
https://vivaldi.com/blog/desktop/minor-update-3-for-vivaldi-desktop-browser-3-7/ https://vivaldi.com/blog/desktop/minor-update-4-for-vivaldi-desktop-browser-3-7/ https://vivaldi.com/blog/new-vivaldi-on-android-language-switcher-blocks-cookies-dialogs/

References

https://vivaldi.com/blog/desktop/minor-update-3-for-vivaldi-desktop-browser-3-7/
https://vivaldi.com/blog/desktop/minor-update-4-for-vivaldi-desktop-browser-3-7/
https://vivaldi.com/blog/new-vivaldi-on-android-language-switcher-blocks-cookies-dialogs/

Notes
Vivaldi version 3.7.2218.58 is based on Chromium version 89.0.4389.128, Vivaldi version 3.8.2259.37 is based on Chromium version 90.0.4430.95 according to the references.