Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0938-1 Final 1 1 2021-06-28T13:09:47Z current 2021-06-28T13:09:47Z 2021-06-28T13:09:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium 91.0.4472.114 (boo#1187481) * CVE-2021-30554: Use after free in WebGL * CVE-2021-30555: Use after free in Sharing * CVE-2021-30556: Use after free in WebAudio * CVE-2021-30557: Use after free in TabGroups * CVE-2021-30544: Use after free in BFCache * CVE-2021-30545: Use after free in Extensions * CVE-2021-30546: Use after free in Autofill * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-30548: Use after free in Loader * CVE-2021-30549: Use after free in Spell check * CVE-2021-30550: Use after free in Accessibility * CVE-2021-30551: Type Confusion in V8 * CVE-2021-30552: Use after free in Extensions * CVE-2021-30553: Use after free in Network service * Fix use-after-free in SendTabToSelfSubMenuModel * Destroy system-token NSSCertDatabase on the IO thread * Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-938 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ E-Mail link for openSUSE-SU-2021:0938-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1187141 SUSE Bug 1187141 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 https://www.suse.com/security/cve/CVE-2021-30544/ SUSE CVE CVE-2021-30544 page https://www.suse.com/security/cve/CVE-2021-30545/ SUSE CVE CVE-2021-30545 page https://www.suse.com/security/cve/CVE-2021-30546/ SUSE CVE CVE-2021-30546 page https://www.suse.com/security/cve/CVE-2021-30547/ SUSE CVE CVE-2021-30547 page https://www.suse.com/security/cve/CVE-2021-30548/ SUSE CVE CVE-2021-30548 page https://www.suse.com/security/cve/CVE-2021-30549/ SUSE CVE CVE-2021-30549 page https://www.suse.com/security/cve/CVE-2021-30550/ SUSE CVE CVE-2021-30550 page https://www.suse.com/security/cve/CVE-2021-30551/ SUSE CVE CVE-2021-30551 page https://www.suse.com/security/cve/CVE-2021-30552/ SUSE CVE CVE-2021-30552 page https://www.suse.com/security/cve/CVE-2021-30553/ SUSE CVE CVE-2021-30553 page https://www.suse.com/security/cve/CVE-2021-30554/ SUSE CVE CVE-2021-30554 page https://www.suse.com/security/cve/CVE-2021-30555/ SUSE CVE CVE-2021-30555 page https://www.suse.com/security/cve/CVE-2021-30556/ SUSE CVE CVE-2021-30556 page https://www.suse.com/security/cve/CVE-2021-30557/ SUSE CVE CVE-2021-30557 page SUSE Package Hub 15 SP3 openSUSE Leap 15.3 chromedriver-91.0.4472.114-bp153.2.13.1 chromium-91.0.4472.114-bp153.2.13.1 chromedriver-91.0.4472.114-bp153.2.13.1 as a component of SUSE Package Hub 15 SP3 chromium-91.0.4472.114-bp153.2.13.1 as a component of SUSE Package Hub 15 SP3 chromedriver-91.0.4472.114-bp153.2.13.1 as a component of openSUSE Leap 15.3 chromium-91.0.4472.114-bp153.2.13.1 as a component of openSUSE Leap 15.3 Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30544 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30544.html CVE-2021-30544 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30545 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30545.html CVE-2021-30545 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30546 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30546.html CVE-2021-30546 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-30547 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30547.html CVE-2021-30547 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 https://bugzilla.suse.com/1188275 SUSE Bug 1188275 Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30548 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30548.html CVE-2021-30548 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30549 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30549.html CVE-2021-30549 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30550 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30550.html CVE-2021-30550 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30551 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30551.html CVE-2021-30551 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30552 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30552.html CVE-2021-30552 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30553 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30553.html CVE-2021-30553 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30554.html CVE-2021-30554 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture. CVE-2021-30555 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30555.html CVE-2021-30555 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30556 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30556.html CVE-2021-30556 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30557 SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1 SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1 openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/ https://www.suse.com/security/cve/CVE-2021-30557.html CVE-2021-30557 https://bugzilla.suse.com/1187481 SUSE Bug 1187481