AVG-2601 log

Package vivaldi
Status Fixed
Severity High
Type multiple issues
Affected 5.0.2497.24-1
Fixed 5.0.2497.28-1
Current 7.0.3495.10-1 [extra]
Ticket None
Created Mon Dec 6 22:13:22 2021
Issue Severity Remote Type Description
CVE-2021-4068 Low Yes Insufficient validation
An insufficient validation of untrusted input security issue has been found in the new tab page component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4067 High Yes Arbitrary code execution
A use after free security issue has been found in the window manager component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4066 High Yes Arbitrary code execution
An integer underflow security issue has been found in the ANGLE component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4065 High Yes Arbitrary code execution
A use after free security issue has been found in the autofill component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4064 High Yes Arbitrary code execution
A use after free security issue has been found in the screen capture component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4063 High Yes Arbitrary code execution
A use after free security issue has been found in the developer tools component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4062 High Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the BFCache component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4061 High Yes Arbitrary code execution
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4059 High Yes Insufficient validation
An insufficient data validation security issue has been found in the loader component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4058 High Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the ANGLE component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4057 High Yes Arbitrary code execution
A use after free security issue has been found in the file API component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4056 High Yes Arbitrary code execution
A type confusion security issue has been found in the loader component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4055 High Yes Arbitrary code execution
A heap buffer overflow security issue has been found in the extensions component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4054 High Yes Content spoofing
An incorrect security UI security issue has been found in the autofill component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4053 High Yes Arbitrary code execution
A use after free security issue has been found in the UI component of the Chromium browser engine before version 96.0.4664.93.
CVE-2021-4052 High Yes Arbitrary code execution
A use after free security issue has been found in the web apps component of the Chromium browser engine before version 96.0.4664.93.
Date Advisory Package Type
11 Dec 2021 ASA-202112-7 vivaldi multiple issues
References
https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/
https://vivaldi.com/blog/desktop/minor-update-5-0/
Notes
Vivaldi version 5.0.2497.24 is based on Chromium version 96.0.4664.51, Vivaldi version 5.0.2497.28 is based on Chromium version 96.0.4664.97 according to the references.