Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1144-1 Final 1 1 2021-08-10T22:40:35Z current 2021-08-10T22:40:35Z 2021-08-10T22:40:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium 92.0.4515.131 (boo#1189006) * CVE-2021-30590: Heap buffer overflow in Bookmarks * CVE-2021-30591: Use after free in File System API * CVE-2021-30592: Out of bounds write in Tab Groups * CVE-2021-30593: Out of bounds read in Tab Strip * CVE-2021-30594: Use after free in Page Info UI * CVE-2021-30596: Incorrect security UI in Navigation * CVE-2021-30597: Use after free in Browser UI Chromium 92.0.4515.107 (boo#1188590) * CVE-2021-30565: Out of bounds write in Tab Groups * CVE-2021-30566: Stack buffer overflow in Printing * CVE-2021-30567: Use after free in DevTools * CVE-2021-30568: Heap buffer overflow in WebGL * CVE-2021-30569: Use after free in sqlite * CVE-2021-30571: Insufficient policy enforcement in DevTools * CVE-2021-30572: Use after free in Autofill * CVE-2021-30573: Use after free in GPU * CVE-2021-30574: Use after free in protocol handling * CVE-2021-30575: Out of bounds read in Autofill * CVE-2021-30576: Use after free in DevTools * CVE-2021-30577: Insufficient policy enforcement in Installer * CVE-2021-30578: Uninitialized Use in Media * CVE-2021-30579: Use after free in UI framework * CVE-2021-30581: Use after free in DevTools * CVE-2021-30582: Inappropriate implementation in Animation * CVE-2021-30584: Incorrect security UI in Downloads * CVE-2021-30585: Use after free in sensor handling * CVE-2021-30588: Type Confusion in V8 * CVE-2021-30589: Insufficient validation of untrusted input in Sharing The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1144 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ E-Mail link for openSUSE-SU-2021:1144-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1188590 SUSE Bug 1188590 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 https://www.suse.com/security/cve/CVE-2021-30565/ SUSE CVE CVE-2021-30565 page https://www.suse.com/security/cve/CVE-2021-30566/ SUSE CVE CVE-2021-30566 page https://www.suse.com/security/cve/CVE-2021-30567/ SUSE CVE CVE-2021-30567 page https://www.suse.com/security/cve/CVE-2021-30568/ SUSE CVE CVE-2021-30568 page https://www.suse.com/security/cve/CVE-2021-30569/ SUSE CVE CVE-2021-30569 page https://www.suse.com/security/cve/CVE-2021-30571/ SUSE CVE CVE-2021-30571 page https://www.suse.com/security/cve/CVE-2021-30572/ SUSE CVE CVE-2021-30572 page https://www.suse.com/security/cve/CVE-2021-30573/ SUSE CVE CVE-2021-30573 page https://www.suse.com/security/cve/CVE-2021-30574/ SUSE CVE CVE-2021-30574 page https://www.suse.com/security/cve/CVE-2021-30575/ SUSE CVE CVE-2021-30575 page https://www.suse.com/security/cve/CVE-2021-30576/ SUSE CVE CVE-2021-30576 page https://www.suse.com/security/cve/CVE-2021-30577/ SUSE CVE CVE-2021-30577 page https://www.suse.com/security/cve/CVE-2021-30578/ SUSE CVE CVE-2021-30578 page https://www.suse.com/security/cve/CVE-2021-30579/ SUSE CVE CVE-2021-30579 page https://www.suse.com/security/cve/CVE-2021-30581/ SUSE CVE CVE-2021-30581 page https://www.suse.com/security/cve/CVE-2021-30582/ SUSE CVE CVE-2021-30582 page https://www.suse.com/security/cve/CVE-2021-30584/ SUSE CVE CVE-2021-30584 page https://www.suse.com/security/cve/CVE-2021-30585/ SUSE CVE CVE-2021-30585 page https://www.suse.com/security/cve/CVE-2021-30588/ SUSE CVE CVE-2021-30588 page https://www.suse.com/security/cve/CVE-2021-30589/ SUSE CVE CVE-2021-30589 page https://www.suse.com/security/cve/CVE-2021-30590/ SUSE CVE CVE-2021-30590 page https://www.suse.com/security/cve/CVE-2021-30591/ SUSE CVE CVE-2021-30591 page https://www.suse.com/security/cve/CVE-2021-30592/ SUSE CVE CVE-2021-30592 page https://www.suse.com/security/cve/CVE-2021-30593/ SUSE CVE CVE-2021-30593 page https://www.suse.com/security/cve/CVE-2021-30594/ SUSE CVE CVE-2021-30594 page https://www.suse.com/security/cve/CVE-2021-30596/ SUSE CVE CVE-2021-30596 page https://www.suse.com/security/cve/CVE-2021-30597/ SUSE CVE CVE-2021-30597 page SUSE Package Hub 15 SP3 openSUSE Leap 15.3 chromedriver-92.0.4515.131-bp153.2.19.1 chromium-92.0.4515.131-bp153.2.19.1 chromedriver-92.0.4515.131-bp153.2.19.1 as a component of SUSE Package Hub 15 SP3 chromium-92.0.4515.131-bp153.2.19.1 as a component of SUSE Package Hub 15 SP3 chromedriver-92.0.4515.131-bp153.2.19.1 as a component of openSUSE Leap 15.3 chromium-92.0.4515.131-bp153.2.19.1 as a component of openSUSE Leap 15.3 Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. CVE-2021-30565 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30565.html CVE-2021-30565 Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page. CVE-2021-30566 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30566.html CVE-2021-30566 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. CVE-2021-30567 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30567.html CVE-2021-30567 Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30568 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30568.html CVE-2021-30568 Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30569 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30569.html CVE-2021-30569 Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-30571 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30571.html CVE-2021-30571 Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30572 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30572.html CVE-2021-30572 Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30573 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30573.html CVE-2021-30573 Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30574 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30574.html CVE-2021-30574 Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30575 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30575.html CVE-2021-30575 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30576 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30576.html CVE-2021-30576 Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. CVE-2021-30577 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30577.html CVE-2021-30577 Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2021-30578 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30578.html CVE-2021-30578 Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30579 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30579.html CVE-2021-30579 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30581 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30581.html CVE-2021-30581 Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-30582 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30582.html CVE-2021-30582 Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2021-30584 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30584.html CVE-2021-30584 Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30585 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30585.html CVE-2021-30585 Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30588 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30588.html CVE-2021-30588 Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. CVE-2021-30589 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30589.html CVE-2021-30589 Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30590 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30590.html CVE-2021-30590 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30591 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30591.html CVE-2021-30591 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. CVE-2021-30592 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30592.html CVE-2021-30592 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. CVE-2021-30593 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30593.html CVE-2021-30593 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. CVE-2021-30594 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30594.html CVE-2021-30594 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-30596 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30596.html CVE-2021-30596 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. CVE-2021-30597 SUSE Package Hub 15 SP3:chromedriver-92.0.4515.131-bp153.2.19.1 SUSE Package Hub 15 SP3:chromium-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromedriver-92.0.4515.131-bp153.2.19.1 openSUSE Leap 15.3:chromium-92.0.4515.131-bp153.2.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/ https://www.suse.com/security/cve/CVE-2021-30597.html CVE-2021-30597 https://bugzilla.suse.com/1189006 SUSE Bug 1189006