AVG-2167 log

Package vivaldi
Status Fixed
Severity High
Type arbitrary code execution
Affected 4.0.2312.38-1
Fixed 4.0.2312.41-1
Current 4.3.2439.56-1 [community]
Ticket None
Created Thu Jul 15 21:17:10 2021
Issue Severity Remote Type Description
CVE-2021-30564 Medium Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the WebXR component of the Chromium browser engine before version 91.0.4472.164.
CVE-2021-30563 High Yes Arbitrary code execution
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 91.0.4472.164. Google is aware of reports...
CVE-2021-30562 High Yes Arbitrary code execution
A use after free security issue has been found in the WebSerial component of the Chromium browser engine before version 91.0.4472.164.
CVE-2021-30561 High Yes Arbitrary code execution
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 91.0.4472.164.
CVE-2021-30560 High Yes Arbitrary code execution
A use after free security issue has been found in the Blink XSLT component of the Chromium browser engine before version 91.0.4472.164.
CVE-2021-30559 High Yes Arbitrary code execution
An out of bounds write security issue has been found in the ANGLE component of the Chromium browser engine before version 91.0.4472.164.
CVE-2021-30541 High Yes Arbitrary code execution
A use after free security issue has been found in the V8 component of the Chromium browser engine before version 91.0.4472.164.
Date Advisory Package Type
16 Jul 2021 ASA-202107-31 vivaldi arbitrary code execution
References
https://vivaldi.com/blog/desktop/minor-update-3-for-vivaldi-desktop-browser-4-0/
https://vivaldi.com/blog/desktop/minor-update-6-for-desktop-4-0/
Notes
Vivaldi version 4.0.2312.38 is based on Chromium version 91.0.4472.114, Vivaldi version 4.0.2312.41 is based on Chromium version 91.0.4472.166 according to the references.