AVG-2475 log

Package	vivaldi
Status	Fixed
Severity	High
Type	multiple issues
Affected	4.3.2439.65-1
Fixed	5.0.2497.24-1
Current	6.7.3329.17-1 [extra]
Ticket	None
Created	Tue Oct 19 19:51:40 2021

Issue	Severity	Remote	Type	Description
CVE-2021-38022	Low	Yes	Denial of service	An inappropriate implementation security issue has been found in the WebAuthentication component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38021	Medium	Yes	Information disclosure	An inappropriate implementation security issue has been found in the referrer component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38020	Medium	Yes	Information disclosure	An insufficient policy enforcement security issue has been found in the contacts picker component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38019	Medium	Yes	Same-origin policy bypass	An insufficient policy enforcement security issue has been found in the CORS component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38018	Medium	Yes	Content spoofing	An inappropriate implementation security issue has been found in the navigation component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38017	Medium	Yes	Sandbox escape	An insufficient policy enforcement security issue has been found in the iframe sandbox component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38016	Medium	Yes	Access restriction bypass	An insufficient policy enforcement security issue has been found in the background fetch component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38015	Medium	Yes	Arbitrary code execution	An inappropriate implementation security issue has been found in the input component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38014	Medium	Yes	Arbitrary code execution	An out of bounds write security issue has been found in the Swiftshader component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38013	Medium	Yes	Arbitrary code execution	A heap buffer overflow security issue has been found in the fingerprint recognition component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38012	Medium	Yes	Arbitrary code execution	A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38011	High	Yes	Arbitrary code execution	A use after free security issue has been found in the storage foundation component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38010	High	Yes	Arbitrary code execution	An inappropriate implementation security issue has been found in the service workers component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38009	High	Yes	Arbitrary code execution	An inappropriate implementation security issue has been found in the cache component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38008	High	Yes	Arbitrary code execution	A use after free security issue has been found in the media component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38007	High	Yes	Arbitrary code execution	A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38006	High	Yes	Arbitrary code execution	A use after free security issue has been found in the storage foundation component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38005	High	Yes	Arbitrary code execution	A use after free security issue has been found in the loader component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38004	Medium	Yes	Access restriction bypass	An insufficient policy enforcement security issue has been found in the Autofill component of the Chromium browser engine before version 95.0.4638.69.
CVE-2021-38003	High	Yes	Arbitrary code execution	An inappropriate implementation security issue has been found in the V8 component of the Chromium browser engine before version 95.0.4638.69. Google is...
CVE-2021-38001	High	Yes	Arbitrary code execution	A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 95.0.4638.69.
CVE-2021-38000	High	Yes	Insufficient validation	An insufficient validation of untrusted input security issue has been found in the Intents component of the Chromium browser engine before version...
CVE-2021-37998	High	Yes	Arbitrary code execution	A use after free security issue has been found in the Garbage Collection component of the Chromium browser engine before version 95.0.4638.69.
CVE-2021-37996	Medium	Yes	Insufficient validation	An insufficient validation of untrusted input security issue has been found in the Downloads component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37995	Low	Yes	Arbitrary code execution	An inappropriate implementation security issue has been found in the WebApp Installer component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37994	Low	Yes	Arbitrary code execution	An inappropriate implementation security issue has been found in the iFrame Sandbox component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37993	Medium	Yes	Arbitrary code execution	A use after free security issue has been found in the PDF Accessibility component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37992	Medium	Yes	Information disclosure	An out of bounds read security issue has been found in the WebAudio component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37991	Medium	Yes	Arbitrary code execution	A race security issue has been found in the V8 component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37990	Medium	Yes	Arbitrary code execution	An inappropriate implementation security issue has been found in the WebView component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37989	Medium	Yes	Arbitrary code execution	An inappropriate implementation security issue has been found in the Blink component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37988	Medium	Yes	Arbitrary code execution	A use after free security issue has been found in the Profiles component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37987	Medium	Yes	Arbitrary code execution	A use after free security issue has been found in the Network APIs component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37986	Medium	Yes	Arbitrary code execution	A heap buffer overflow security issue has been found in the Settings component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37985	High	Yes	Arbitrary code execution	A use after free security issue has been found in the V8 component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37984	High	Yes	Arbitrary code execution	A heap buffer overflow security issue has been found in the PDFium component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37982	High	Yes	Arbitrary code execution	A use after free security issue has been found in the Incognito component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37981	High	Yes	Arbitrary code execution	A heap buffer overflow security issue has been found in the Skia component of the Chromium browser engine before version 95.0.4638.54.

Date	Advisory	Package	Type
03 Dec 2021	ASA-202112-1	vivaldi	multiple issues

References
https://vivaldi.com/blog/desktop/update-three-4-3/ https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/

Notes
Vivaldi version 4.3.2439.65 is based on Chromium version 94.0.4606.114, Vivaldi version 5.0.2497.24 is based on Chromium version 96.0.4664.51 according to the references.