Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0840-1 Final 1 1 2021-06-04T13:40:38Z current 2021-06-04T13:40:38Z 2021-06-04T13:40:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium 91.0.4472.77 (boo#1186458): * Support Managed configuration API for Web Applications * WebOTP API: cross-origin iframe support * CSS custom counter styles * Support JSON Modules * Clipboard: read-only files support * Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events * Honor media HTML attribute for link icon * Import Assertions * Class static initializer blocks * Ergonomic brand checks for private fields * Expose WebAssembly SIMD * New Feature: WebTransport * ES Modules for service workers ('module' type option) * Suggested file name and location for the File System Access API * adaptivePTime property for RTCRtpEncodingParameters * Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack * Support WebSockets over HTTP/2 * Support 103 Early Hints for Navigation * CVE-2021-30521: Heap buffer overflow in Autofill * CVE-2021-30522: Use after free in WebAudio * CVE-2021-30523: Use after free in WebRTC * CVE-2021-30524: Use after free in TabStrip * CVE-2021-30525: Use after free in TabGroups * CVE-2021-30526: Out of bounds write in TabStrip * CVE-2021-30527: Use after free in WebUI * CVE-2021-30528: Use after free in WebAuthentication * CVE-2021-30529: Use after free in Bookmarks * CVE-2021-30530: Out of bounds memory access in WebAudio * CVE-2021-30531: Insufficient policy enforcement in Content Security Policy * CVE-2021-30532: Insufficient policy enforcement in Content Security Policy * CVE-2021-30533: Insufficient policy enforcement in PopupBlocker * CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox * CVE-2021-30535: Double free in ICU * CVE-2021-21212: Insufficient data validation in networking * CVE-2021-30536: Out of bounds read in V8 * CVE-2021-30537: Insufficient policy enforcement in cookies * CVE-2021-30538: Insufficient policy enforcement in content security policy * CVE-2021-30539: Insufficient policy enforcement in content security policy * CVE-2021-30540: Incorrect security UI in payments * Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-840 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ E-Mail link for openSUSE-SU-2021:0840-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186458 SUSE Bug 1186458 https://www.suse.com/security/cve/CVE-2021-21212/ SUSE CVE CVE-2021-21212 page https://www.suse.com/security/cve/CVE-2021-30521/ SUSE CVE CVE-2021-30521 page https://www.suse.com/security/cve/CVE-2021-30522/ SUSE CVE CVE-2021-30522 page https://www.suse.com/security/cve/CVE-2021-30523/ SUSE CVE CVE-2021-30523 page https://www.suse.com/security/cve/CVE-2021-30524/ SUSE CVE CVE-2021-30524 page https://www.suse.com/security/cve/CVE-2021-30525/ SUSE CVE CVE-2021-30525 page https://www.suse.com/security/cve/CVE-2021-30526/ SUSE CVE CVE-2021-30526 page https://www.suse.com/security/cve/CVE-2021-30527/ SUSE CVE CVE-2021-30527 page https://www.suse.com/security/cve/CVE-2021-30528/ SUSE CVE CVE-2021-30528 page https://www.suse.com/security/cve/CVE-2021-30529/ SUSE CVE CVE-2021-30529 page https://www.suse.com/security/cve/CVE-2021-30530/ SUSE CVE CVE-2021-30530 page https://www.suse.com/security/cve/CVE-2021-30531/ SUSE CVE CVE-2021-30531 page https://www.suse.com/security/cve/CVE-2021-30532/ SUSE CVE CVE-2021-30532 page https://www.suse.com/security/cve/CVE-2021-30533/ SUSE CVE CVE-2021-30533 page https://www.suse.com/security/cve/CVE-2021-30534/ SUSE CVE CVE-2021-30534 page https://www.suse.com/security/cve/CVE-2021-30535/ SUSE CVE CVE-2021-30535 page https://www.suse.com/security/cve/CVE-2021-30536/ SUSE CVE CVE-2021-30536 page https://www.suse.com/security/cve/CVE-2021-30537/ SUSE CVE CVE-2021-30537 page https://www.suse.com/security/cve/CVE-2021-30538/ SUSE CVE CVE-2021-30538 page https://www.suse.com/security/cve/CVE-2021-30539/ SUSE CVE CVE-2021-30539 page https://www.suse.com/security/cve/CVE-2021-30540/ SUSE CVE CVE-2021-30540 page SUSE Package Hub 15 SP3 openSUSE Leap 15.3 chromedriver-91.0.4472.77-bp153.2.3.1 chromium-91.0.4472.77-bp153.2.3.1 chromedriver-91.0.4472.77-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 chromium-91.0.4472.77-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 chromedriver-91.0.4472.77-bp153.2.3.1 as a component of openSUSE Leap 15.3 chromium-91.0.4472.77-bp153.2.3.1 as a component of openSUSE Leap 15.3 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. CVE-2021-21212 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-21212.html CVE-2021-21212 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2021-30521 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30521.html CVE-2021-30521 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30522 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30522.html CVE-2021-30522 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. CVE-2021-30523 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30523.html CVE-2021-30523 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30524 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30524.html CVE-2021-30524 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30525 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30525.html CVE-2021-30525 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. CVE-2021-30526 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30526.html CVE-2021-30526 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30527 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30527.html CVE-2021-30527 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30528 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30528.html CVE-2021-30528 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30529 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30529.html CVE-2021-30529 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2021-30530 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30530.html CVE-2021-30530 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2021-30531 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30531.html CVE-2021-30531 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2021-30532 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30532.html CVE-2021-30532 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. CVE-2021-30533 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30533.html CVE-2021-30533 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-30534 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30534.html CVE-2021-30534 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30535 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30535.html CVE-2021-30535 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. CVE-2021-30536 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30536.html CVE-2021-30536 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. CVE-2021-30537 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30537.html CVE-2021-30537 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2021-30538 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30538.html CVE-2021-30538 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2021-30539 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30539.html CVE-2021-30539 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2021-30540 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.77-bp153.2.3.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromedriver-91.0.4472.77-bp153.2.3.1 openSUSE Leap 15.3:chromium-91.0.4472.77-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/ https://www.suse.com/security/cve/CVE-2021-30540.html CVE-2021-30540 https://bugzilla.suse.com/1186458 SUSE Bug 1186458