AVG-1828 log

Package vivaldi
Status Fixed
Severity High
Type multiple issues
Affected 3.7.2218.58-1
Fixed 3.8.2259.37-1
Current 7.0.3495.11-1 [extra]
Ticket None
Created Thu Apr 15 14:16:25 2021
Issue Severity Remote Type Description
CVE-2021-21233 High Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the ANGLE component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21232 High Yes Arbitrary code execution
A use after free security issue has been found in the Dev Tools component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21231 Low Yes Incorrect calculation
An insufficient data validation security issue has been found in the V8 component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21230 Medium Yes Incorrect calculation
A type confusion security issue has been found in the V8 component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21229 Medium Yes Content spoofing
An incorrect security UI security issue has been found in the downloads component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21228 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue has been found in the extensions component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21227 High Yes Insufficient validation
An insufficient data validation security issue has been found in the V8 component of the Chromium browser before version 90.0.4430.93.
CVE-2021-21226 High Yes Sandbox escape
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially...
CVE-2021-21225 High Yes Arbitrary code execution
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21223 High Yes Sandbox escape
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a...
CVE-2021-21222 High Yes Sandbox escape
Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site...
CVE-2021-21221 High Yes Information disclosure
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process...
CVE-2021-21219 Low Yes Information disclosure
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21218 Low Yes Information disclosure
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21217 Low Yes Information disclosure
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21216 Medium Yes Content spoofing
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21215 Medium Yes Content spoofing
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21214 Medium Yes Arbitrary code execution
Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2021-21213 Medium Yes Arbitrary code execution
Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21210 Medium Yes Information disclosure
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted...
CVE-2021-21209 Medium Yes Information disclosure
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-21207 Medium Yes Sandbox escape
Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially...
CVE-2021-21203 High Yes Arbitrary code execution
Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21202 High Yes Sandbox escape
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially...
CVE-2021-21201 High Yes Sandbox escape
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially...
Date Advisory Package Type
29 Apr 2021 ASA-202104-2 vivaldi multiple issues
References
https://vivaldi.com/blog/desktop/minor-update-3-for-vivaldi-desktop-browser-3-7/
https://vivaldi.com/blog/desktop/minor-update-4-for-vivaldi-desktop-browser-3-7/
https://vivaldi.com/blog/new-vivaldi-on-android-language-switcher-blocks-cookies-dialogs/
Notes
Vivaldi version 3.7.2218.58 is based on Chromium version 89.0.4389.128, Vivaldi version 3.8.2259.37 is based on Chromium version 90.0.4430.95 according to the references.