AVG-2560 log

Package chromium
Status Fixed
Severity High
Type multiple issues
Affected 95.0.4638.69-2
Fixed 96.0.4664.45-1
Current 131.0.6778.85-1 [extra]
Ticket None
Created Mon Nov 15 19:08:38 2021
Issue Severity Remote Type Description
CVE-2021-38022 Low Yes Denial of service
An inappropriate implementation security issue has been found in the WebAuthentication component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38021 Medium Yes Information disclosure
An inappropriate implementation security issue has been found in the referrer component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38020 Medium Yes Information disclosure
An insufficient policy enforcement security issue has been found in the contacts picker component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38019 Medium Yes Same-origin policy bypass
An insufficient policy enforcement security issue has been found in the CORS component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38018 Medium Yes Content spoofing
An inappropriate implementation security issue has been found in the navigation component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38017 Medium Yes Sandbox escape
An insufficient policy enforcement security issue has been found in the iframe sandbox component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38016 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue has been found in the background fetch component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38015 Medium Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the input component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38014 Medium Yes Arbitrary code execution
An out of bounds write security issue has been found in the Swiftshader component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38013 Medium Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the fingerprint recognition component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38012 Medium Yes Arbitrary code execution
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38011 High Yes Arbitrary code execution
A use after free security issue has been found in the storage foundation component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38010 High Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the service workers component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38009 High Yes Arbitrary code execution
An inappropriate implementation security issue has been found in the cache component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38008 High Yes Arbitrary code execution
A use after free security issue has been found in the media component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38007 High Yes Arbitrary code execution
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38006 High Yes Arbitrary code execution
A use after free security issue has been found in the storage foundation component of the Chromium browser engine before version 96.0.4664.45.
CVE-2021-38005 High Yes Arbitrary code execution
A use after free security issue has been found in the loader component of the Chromium browser engine before version 96.0.4664.45.
Date Advisory Package Type
18 Nov 2021 ASA-202111-9 chromium multiple issues