Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0186-1 Final 1 1 2021-01-28T23:26:27Z current 2021-01-28T23:26:27Z 2021-01-28T23:26:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: chromium was updated to 88.0.4324.96 boo#1181137 - CVE-2021-21117: Insufficient policy enforcement in Cryptohome - CVE-2021-21118: Insufficient data validation in V8 - CVE-2021-21119: Use after free in Media - CVE-2021-21120: Use after free in WebSQL - CVE-2021-21121: Use after free in Omnibox - CVE-2021-21122: Use after free in Blink - CVE-2021-21123: Insufficient data validation in File System API - CVE-2021-21124: Potential user after free in Speech Recognizer - CVE-2021-21125: Insufficient policy enforcement in File System API - CVE-2020-16044: Use after free in WebRTC - CVE-2021-21126: Insufficient policy enforcement in extensions - CVE-2021-21127: Insufficient policy enforcement in extensions - CVE-2021-21128: Heap buffer overflow in Blink - CVE-2021-21129: Insufficient policy enforcement in File System API - CVE-2021-21130: Insufficient policy enforcement in File System API - CVE-2021-21131: Insufficient policy enforcement in File System API - CVE-2021-21132: Inappropriate implementation in DevTools - CVE-2021-21133: Insufficient policy enforcement in Downloads - CVE-2021-21134: Incorrect security UI in Page Info - CVE-2021-21135: Inappropriate implementation in Performance API - CVE-2021-21136: Insufficient policy enforcement in WebView - CVE-2021-21137: Inappropriate implementation in DevTools - CVE-2021-21138: Use after free in DevTools - CVE-2021-21139: Inappropriate implementation in iframe sandbox - CVE-2021-21140: Uninitialized Use in USB - CVE-2021-21141: Insufficient policy enforcement in File System API This update was imported from the openSUSE:Leap:15.2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-186 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ E-Mail link for openSUSE-SU-2021:0186-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1181137 SUSE Bug 1181137 https://www.suse.com/security/cve/CVE-2020-16044/ SUSE CVE CVE-2020-16044 page https://www.suse.com/security/cve/CVE-2021-21117/ SUSE CVE CVE-2021-21117 page https://www.suse.com/security/cve/CVE-2021-21118/ SUSE CVE CVE-2021-21118 page https://www.suse.com/security/cve/CVE-2021-21119/ SUSE CVE CVE-2021-21119 page https://www.suse.com/security/cve/CVE-2021-21120/ SUSE CVE CVE-2021-21120 page https://www.suse.com/security/cve/CVE-2021-21121/ SUSE CVE CVE-2021-21121 page https://www.suse.com/security/cve/CVE-2021-21122/ SUSE CVE CVE-2021-21122 page https://www.suse.com/security/cve/CVE-2021-21123/ SUSE CVE CVE-2021-21123 page https://www.suse.com/security/cve/CVE-2021-21124/ SUSE CVE CVE-2021-21124 page https://www.suse.com/security/cve/CVE-2021-21125/ SUSE CVE CVE-2021-21125 page https://www.suse.com/security/cve/CVE-2021-21126/ SUSE CVE CVE-2021-21126 page https://www.suse.com/security/cve/CVE-2021-21127/ SUSE CVE CVE-2021-21127 page https://www.suse.com/security/cve/CVE-2021-21128/ SUSE CVE CVE-2021-21128 page https://www.suse.com/security/cve/CVE-2021-21129/ SUSE CVE CVE-2021-21129 page https://www.suse.com/security/cve/CVE-2021-21130/ SUSE CVE CVE-2021-21130 page https://www.suse.com/security/cve/CVE-2021-21131/ SUSE CVE CVE-2021-21131 page https://www.suse.com/security/cve/CVE-2021-21132/ SUSE CVE CVE-2021-21132 page https://www.suse.com/security/cve/CVE-2021-21133/ SUSE CVE CVE-2021-21133 page https://www.suse.com/security/cve/CVE-2021-21134/ SUSE CVE CVE-2021-21134 page https://www.suse.com/security/cve/CVE-2021-21135/ SUSE CVE CVE-2021-21135 page https://www.suse.com/security/cve/CVE-2021-21136/ SUSE CVE CVE-2021-21136 page https://www.suse.com/security/cve/CVE-2021-21137/ SUSE CVE CVE-2021-21137 page https://www.suse.com/security/cve/CVE-2021-21138/ SUSE CVE CVE-2021-21138 page https://www.suse.com/security/cve/CVE-2021-21139/ SUSE CVE CVE-2021-21139 page https://www.suse.com/security/cve/CVE-2021-21140/ SUSE CVE CVE-2021-21140 page https://www.suse.com/security/cve/CVE-2021-21141/ SUSE CVE CVE-2021-21141 page SUSE Package Hub 15 SP2 chromedriver-88.0.4324.96-bp152.2.53.1 chromium-88.0.4324.96-bp152.2.53.1 chromedriver-88.0.4324.96-bp152.2.53.1 as a component of SUSE Package Hub 15 SP2 chromium-88.0.4324.96-bp152.2.53.1 as a component of SUSE Package Hub 15 SP2 Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. CVE-2020-16044 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2020-16044.html CVE-2020-16044 https://bugzilla.suse.com/1180623 SUSE Bug 1180623 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file. CVE-2021-21117 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21117.html CVE-2021-21117 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-21118 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21118.html CVE-2021-21118 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21119 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21119.html CVE-2021-21119 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21120 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21120.html CVE-2021-21120 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21121 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21121.html CVE-2021-21121 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21122 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21122.html CVE-2021-21122 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21123 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21123.html CVE-2021-21123 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21124 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21124.html CVE-2021-21124 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21125 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21125.html CVE-2021-21125 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. CVE-2021-21126 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21126.html CVE-2021-21126 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension. CVE-2021-21127 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21127.html CVE-2021-21127 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21128 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21128.html CVE-2021-21128 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21129 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21129.html CVE-2021-21129 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21130 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21130.html CVE-2021-21130 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21131 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21131.html CVE-2021-21131 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2021-21132 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21132.html CVE-2021-21132 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page. CVE-2021-21133 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21133.html CVE-2021-21133 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2021-21134 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21134.html CVE-2021-21134 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21135 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21135.html CVE-2021-21135 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21136 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21136.html CVE-2021-21136 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. CVE-2021-21137 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21137.html CVE-2021-21137 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file. CVE-2021-21138 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21138.html CVE-2021-21138 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-21139 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21139.html CVE-2021-21139 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. CVE-2021-21140 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21140.html CVE-2021-21140 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. CVE-2021-21141 SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1 SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/ https://www.suse.com/security/cve/CVE-2021-21141.html CVE-2021-21141 https://bugzilla.suse.com/1181137 SUSE Bug 1181137