Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0401-1 Final 1 1 2021-03-09T19:05:08Z current 2021-03-09T19:05:08Z 2021-03-09T19:05:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Update to 89.0.4389.72 (boo#1182358, boo#1182960): - CVE-2021-21159: Heap buffer overflow in TabStrip. - CVE-2021-21160: Heap buffer overflow in WebAudio. - CVE-2021-21161: Heap buffer overflow in TabStrip. - CVE-2021-21162: Use after free in WebRTC. - CVE-2021-21163: Insufficient data validation in Reader Mode. - CVE-2021-21164: Insufficient data validation in Chrome for iOS. - CVE-2021-21165: Object lifecycle issue in audio. - CVE-2021-21166: Object lifecycle issue in audio. - CVE-2021-21167: Use after free in bookmarks. - CVE-2021-21168: Insufficient policy enforcement in appcache. - CVE-2021-21169: Out of bounds memory access in V8. - CVE-2021-21170: Incorrect security UI in Loader. - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. - CVE-2021-21172: Insufficient policy enforcement in File System API. - CVE-2021-21173: Side-channel information leakage in Network Internals. - CVE-2021-21174: Inappropriate implementation in Referrer. - CVE-2021-21175: Inappropriate implementation in Site isolation. - CVE-2021-21176: Inappropriate implementation in full screen mode. - CVE-2021-21177: Insufficient policy enforcement in Autofill. - CVE-2021-21178: Inappropriate implementation in Compositing. - CVE-2021-21179: Use after free in Network Internals. - CVE-2021-21180: Use after free in tab search. - CVE-2020-27844: Heap buffer overflow in OpenJPEG. - CVE-2021-21181: Side-channel information leakage in autofill. - CVE-2021-21182: Insufficient policy enforcement in navigations. - CVE-2021-21183: Inappropriate implementation in performance APIs. - CVE-2021-21184: Inappropriate implementation in performance APIs. - CVE-2021-21185: Insufficient policy enforcement in extensions. - CVE-2021-21186: Insufficient policy enforcement in QR scanning. - CVE-2021-21187: Insufficient data validation in URL formatting. - CVE-2021-21188: Use after free in Blink. - CVE-2021-21189: Insufficient policy enforcement in payments. - CVE-2021-21190: Uninitialized Use in PDFium. - CVE-2021-21149: Stack overflow in Data Transfer. - CVE-2021-21150: Use after free in Downloads. - CVE-2021-21151: Use after free in Payments. - CVE-2021-21152: Heap buffer overflow in Media. - CVE-2021-21153: Stack overflow in GPU Process. - CVE-2021-21154: Heap buffer overflow in Tab Strip. - CVE-2021-21155: Heap buffer overflow in Tab Strip. - CVE-2021-21156: Heap buffer overflow in V8. - CVE-2021-21157: Use after free in Web Sockets. - Fixed Sandbox with glibc 2.33 (boo#1182233) - Fixed an issue where chromium hangs on opening (boo#1182775). This update was imported from the openSUSE:Leap:15.2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-401 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ E-Mail link for openSUSE-SU-2021:0401-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1182233 SUSE Bug 1182233 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 https://bugzilla.suse.com/1182775 SUSE Bug 1182775 https://www.suse.com/security/cve/CVE-2020-27844/ SUSE CVE CVE-2020-27844 page https://www.suse.com/security/cve/CVE-2021-21149/ SUSE CVE CVE-2021-21149 page https://www.suse.com/security/cve/CVE-2021-21150/ SUSE CVE CVE-2021-21150 page https://www.suse.com/security/cve/CVE-2021-21151/ SUSE CVE CVE-2021-21151 page https://www.suse.com/security/cve/CVE-2021-21152/ SUSE CVE CVE-2021-21152 page https://www.suse.com/security/cve/CVE-2021-21153/ SUSE CVE CVE-2021-21153 page https://www.suse.com/security/cve/CVE-2021-21154/ SUSE CVE CVE-2021-21154 page https://www.suse.com/security/cve/CVE-2021-21155/ SUSE CVE CVE-2021-21155 page https://www.suse.com/security/cve/CVE-2021-21156/ SUSE CVE CVE-2021-21156 page https://www.suse.com/security/cve/CVE-2021-21157/ SUSE CVE CVE-2021-21157 page https://www.suse.com/security/cve/CVE-2021-21159/ SUSE CVE CVE-2021-21159 page https://www.suse.com/security/cve/CVE-2021-21160/ SUSE CVE CVE-2021-21160 page https://www.suse.com/security/cve/CVE-2021-21161/ SUSE CVE CVE-2021-21161 page https://www.suse.com/security/cve/CVE-2021-21162/ SUSE CVE CVE-2021-21162 page https://www.suse.com/security/cve/CVE-2021-21163/ SUSE CVE CVE-2021-21163 page https://www.suse.com/security/cve/CVE-2021-21164/ SUSE CVE CVE-2021-21164 page https://www.suse.com/security/cve/CVE-2021-21165/ SUSE CVE CVE-2021-21165 page https://www.suse.com/security/cve/CVE-2021-21166/ SUSE CVE CVE-2021-21166 page https://www.suse.com/security/cve/CVE-2021-21167/ SUSE CVE CVE-2021-21167 page https://www.suse.com/security/cve/CVE-2021-21168/ SUSE CVE CVE-2021-21168 page https://www.suse.com/security/cve/CVE-2021-21169/ SUSE CVE CVE-2021-21169 page https://www.suse.com/security/cve/CVE-2021-21170/ SUSE CVE CVE-2021-21170 page https://www.suse.com/security/cve/CVE-2021-21171/ SUSE CVE CVE-2021-21171 page https://www.suse.com/security/cve/CVE-2021-21172/ SUSE CVE CVE-2021-21172 page https://www.suse.com/security/cve/CVE-2021-21173/ SUSE CVE CVE-2021-21173 page https://www.suse.com/security/cve/CVE-2021-21174/ SUSE CVE CVE-2021-21174 page https://www.suse.com/security/cve/CVE-2021-21175/ SUSE CVE CVE-2021-21175 page https://www.suse.com/security/cve/CVE-2021-21176/ SUSE CVE CVE-2021-21176 page https://www.suse.com/security/cve/CVE-2021-21177/ SUSE CVE CVE-2021-21177 page https://www.suse.com/security/cve/CVE-2021-21178/ SUSE CVE CVE-2021-21178 page https://www.suse.com/security/cve/CVE-2021-21179/ SUSE CVE CVE-2021-21179 page https://www.suse.com/security/cve/CVE-2021-21180/ SUSE CVE CVE-2021-21180 page https://www.suse.com/security/cve/CVE-2021-21181/ SUSE CVE CVE-2021-21181 page https://www.suse.com/security/cve/CVE-2021-21182/ SUSE CVE CVE-2021-21182 page https://www.suse.com/security/cve/CVE-2021-21183/ SUSE CVE CVE-2021-21183 page https://www.suse.com/security/cve/CVE-2021-21184/ SUSE CVE CVE-2021-21184 page https://www.suse.com/security/cve/CVE-2021-21185/ SUSE CVE CVE-2021-21185 page https://www.suse.com/security/cve/CVE-2021-21186/ SUSE CVE CVE-2021-21186 page https://www.suse.com/security/cve/CVE-2021-21187/ SUSE CVE CVE-2021-21187 page https://www.suse.com/security/cve/CVE-2021-21188/ SUSE CVE CVE-2021-21188 page https://www.suse.com/security/cve/CVE-2021-21189/ SUSE CVE CVE-2021-21189 page https://www.suse.com/security/cve/CVE-2021-21190/ SUSE CVE CVE-2021-21190 page SUSE Package Hub 15 SP2 chromedriver-89.0.4389.72-bp152.2.62.1 chromium-89.0.4389.72-bp152.2.62.1 chromedriver-89.0.4389.72-bp152.2.62.1 as a component of SUSE Package Hub 15 SP2 chromium-89.0.4389.72-bp152.2.62.1 as a component of SUSE Package Hub 15 SP2 A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-27844 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2020-27844.html CVE-2020-27844 https://bugzilla.suse.com/1180045 SUSE Bug 1180045 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2021-21149 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21149.html CVE-2021-21149 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21150 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21150.html CVE-2021-21150 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21151 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21151.html CVE-2021-21151 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21152 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21152.html CVE-2021-21152 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-21153 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21153.html CVE-2021-21153 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21154 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21154.html CVE-2021-21154 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21155 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21155.html CVE-2021-21155 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. CVE-2021-21156 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21156.html CVE-2021-21156 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21157 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21157.html CVE-2021-21157 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21159 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21159.html CVE-2021-21159 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21160 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21160.html CVE-2021-21160 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21161 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21161.html CVE-2021-21161 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21162 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21162.html CVE-2021-21162 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. CVE-2021-21163 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21163.html CVE-2021-21163 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21164 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21164.html CVE-2021-21164 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21165 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21165.html CVE-2021-21165 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21166.html CVE-2021-21166 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21167 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21167.html CVE-2021-21167 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-21168 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21168.html CVE-2021-21168 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-21169 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21169.html CVE-2021-21169 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-21170 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21170.html CVE-2021-21170 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-21171 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21171.html CVE-2021-21171 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21172 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21172.html CVE-2021-21172 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21173 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21173.html CVE-2021-21173 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-21174 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21174.html CVE-2021-21174 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21175 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21175.html CVE-2021-21175 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-21176 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21176.html CVE-2021-21176 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-21177 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21177.html CVE-2021-21177 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-21178 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21178.html CVE-2021-21178 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21179 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21179.html CVE-2021-21179 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21180 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21180.html CVE-2021-21180 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-21181 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21181.html CVE-2021-21181 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. CVE-2021-21182 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21182.html CVE-2021-21182 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21183 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21183.html CVE-2021-21183 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21184 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21184.html CVE-2021-21184 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. CVE-2021-21185 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21185.html CVE-2021-21185 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. CVE-2021-21186 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21186.html CVE-2021-21186 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2021-21187 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21187.html CVE-2021-21187 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21188 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21188.html CVE-2021-21188 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-21189 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21189.html CVE-2021-21189 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. CVE-2021-21190 SUSE Package Hub 15 SP2:chromedriver-89.0.4389.72-bp152.2.62.1 SUSE Package Hub 15 SP2:chromium-89.0.4389.72-bp152.2.62.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/ https://www.suse.com/security/cve/CVE-2021-21190.html CVE-2021-21190 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514