AVG-2475 log

Package vivaldi
Status Fixed
Severity High
Type multiple issues
Affected 4.3.2439.65-1
Fixed 5.0.2497.24-1
Current 5.0.2497.24-1 [community]
Ticket None
Created Tue Oct 19 19:51:40 2021
Advisory Pending
Issue Severity Remote Type Description
CVE-2021-38022 Low Yes Denial of service
An inappropriate implementation security issue has been found in the WebAuthentication component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38021 Medium Yes Information disclosure
An inappropriate implementation security issue has been found in the referrer component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38020 Medium Yes Information disclosure
An insufficient policy enforcement security issue has been found in the contacts picker component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38019 Medium Yes Same-origin policy bypass
An insufficient policy enforcement security issue has been found in the CORS component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38018 Medium Yes Content spoofing
An inappropriate implementation security issue has been found in the navigation component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38017 Medium Yes Sandbox escape
An insufficient policy enforcement security issue has been found in the iframe sandbox component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38016 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue has been found in the background fetch component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38015 Medium Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the input component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38014 Medium Yes Arbitrary code execution
An out of bounds write security issue has been found in the Swiftshader component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38013 Medium Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the fingerprint recognition component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38012 Medium Yes Arbitrary code execution
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38011 High Yes Arbitrary code execution
A use after free security issue has been found in the storage foundation component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38010 High Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the service workers component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38009 High Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the cache component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38008 High Yes Arbitrary code execution
A use after free security issue has been found in the media component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38007 High Yes Arbitrary code execution
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38006 High Yes Arbitrary code execution
A use after free security issue has been found in the storage foundation component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38005 High Yes Arbitrary code execution
A use after free security issue has been found in the loader component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38004 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue has been found in the Autofill component of the Chromium browser engine before version 95.0.4638.69.
CVE-2021-38003 High Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the V8 component of the Chromium browser engine before version 95.0.4638.69. Google is...
CVE-2021-38001 High Yes Arbitrary code execution
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 95.0.4638.69.
CVE-2021-38000 High Yes Insufficient validation
An insufficient validation of untrusted input security issue has been found in the Intents component of the Chromium browser engine before version...
CVE-2021-37998 High Yes Arbitrary code execution
A use after free security issue has been found in the Garbage Collection component of the Chromium browser engine before version 95.0.4638.69.
CVE-2021-37996 Medium Yes Insufficient validation
An insufficient validation of untrusted input security issue has been found in the Downloads component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37995 Low Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the WebApp Installer component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37994 Low Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the iFrame Sandbox component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37993 Medium Yes Arbitrary code execution
A use after free security issue has been found in the PDF Accessibility component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37992 Medium Yes Information disclosure
An out of bounds read security issue has been found in the WebAudio component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37991 Medium Yes Arbitrary code execution
A race security issue has been found in the V8 component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37990 Medium Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the WebView component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37989 Medium Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the Blink component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37988 Medium Yes Arbitrary code execution
A use after free security issue has been found in the Profiles component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37987 Medium Yes Arbitrary code execution
A use after free security issue has been found in the Network APIs component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37986 Medium Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the Settings component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37985 High Yes Arbitrary code execution
A use after free security issue has been found in the V8 component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37984 High Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the PDFium component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37982 High Yes Arbitrary code execution
A use after free security issue has been found in the Incognito component of the Chromium browser engine before version 95.0.4638.54.
CVE-2021-37981 High Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the Skia component of the Chromium browser engine before version 95.0.4638.54.
References
https://vivaldi.com/blog/desktop/update-three-4-3/
https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/
Notes
Vivaldi version 4.3.2439.65 is based on Chromium version 94.0.4606.114, Vivaldi version 5.0.2497.24 is based on Chromium version 96.0.4664.51 according to the references.