Debian Security Advisory

DSA-4846-1 chromium -- security update

Date Reported:
07 Feb 2021
Affected Packages:
chromium
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2020-16044, CVE-2021-21117, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE-2021-21123, CVE-2021-21124, CVE-2021-21125, CVE-2021-21126, CVE-2021-21127, CVE-2021-21128, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21134, CVE-2021-21135, CVE-2021-21136, CVE-2021-21137, CVE-2021-21138, CVE-2021-21139, CVE-2021-21140, CVE-2021-21141, CVE-2021-21142, CVE-2021-21143, CVE-2021-21144, CVE-2021-21145, CVE-2021-21146, CVE-2021-21147.
More information:

Several vulnerabilities have been discovered in the chromium web browser.

  • CVE-2020-16044

    Ned Williamson discovered a use-after-free issue in the WebRTC implementation.

  • CVE-2021-21117

    Rory McNamara discovered a policy enforcement issue in Cryptohome.

  • CVE-2021-21118

    Tyler Nighswander discovered a data validation issue in the v8 javascript library.

  • CVE-2021-21119

    A use-after-free issue was discovered in media handling.

  • CVE-2021-21120

    Nan Wang and Guang Gong discovered a use-after-free issue in the WebSQL implementation.

  • CVE-2021-21121

    Leecraso and Guang Gong discovered a use-after-free issue in the Omnibox.

  • CVE-2021-21122

    Renata Hodovan discovered a use-after-free issue in Blink/WebKit.

  • CVE-2021-21123

    Maciej Pulikowski discovered a data validation issue.

  • CVE-2021-21124

    Chaoyang Ding discovered a use-after-free issue in the speech recognizer.

  • CVE-2021-21125

    Ron Masas discovered a policy enforcement issue.

  • CVE-2021-21126

    David Erceg discovered a policy enforcement issue in extensions.

  • CVE-2021-21127

    Jasminder Pal Singh discovered a policy enforcement issue in extensions.

  • CVE-2021-21128

    Liang Dong discovered a buffer overflow issue in Blink/WebKit.

  • CVE-2021-21129

    Maciej Pulikowski discovered a policy enforcement issue.

  • CVE-2021-21130

    Maciej Pulikowski discovered a policy enforcement issue.

  • CVE-2021-21131

    Maciej Pulikowski discovered a policy enforcement issue.

  • CVE-2021-21132

    David Erceg discovered an implementation error in the developer tools.

  • CVE-2021-21133

    wester0x01 discovered a policy enforcement issue.

  • CVE-2021-21134

    wester0x01 discovered a user interface error.

  • CVE-2021-21135

    ndevtk discovered an implementation error in the Performance API.

  • CVE-2021-21136

    Shiv Sahni, Movnavinothan V, and Imdad Mohammed discovered a policy enforcement error.

  • CVE-2021-21137

    bobbybear discovered an implementation error in the developer tools.

  • CVE-2021-21138

    Weipeng Jiang discovered a use-after-free issue in the developer tools.

  • CVE-2021-21139

    Jun Kokatsu discovered an implementation error in the iframe sandbox.

  • CVE-2021-21140

    David Manouchehri discovered uninitialized memory in the USB implementation.

  • CVE-2021-21141

    Maciej Pulikowski discovered a policy enforcement error.

  • CVE-2021-21142

    Khalil Zhani discovered a use-after-free issue.

  • CVE-2021-21143

    Allen Parker and Alex Morgan discovered a buffer overflow issue in extensions.

  • CVE-2021-21144

    Leecraso and Guang Gong discovered a buffer overflow issue.

  • CVE-2021-21145

    A use-after-free issue was discovered.

  • CVE-2021-21146

    Alison Huffman and Choongwoo Han discovered a use-after-free issue.

  • CVE-2021-21147

    Roman Starkov discovered an implementation error in the skia library.

For the stable distribution (buster), these problems have been fixed in version 88.0.4324.146-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium