{"id":"openSUSE-SU-2021:0177-1","summary":"Security update for chromium","details":"This update for chromium fixes the following issues:\n\nChromium was updated to 88.0.4324.96 boo#1181137\n\n- CVE-2021-21117: Insufficient policy enforcement in Cryptohome\n- CVE-2021-21118: Insufficient data validation in V8\n- CVE-2021-21119: Use after free in Media\n- CVE-2021-21120: Use after free in WebSQL\n- CVE-2021-21121: Use after free in Omnibox\n- CVE-2021-21122: Use after free in Blink\n- CVE-2021-21123: Insufficient data validation in File System API\n- CVE-2021-21124: Potential user after free in Speech Recognizer\n- CVE-2021-21125: Insufficient policy enforcement in File System API\n- CVE-2020-16044: Use after free in WebRTC\n- CVE-2021-21126: Insufficient policy enforcement in extensions\n- CVE-2021-21127: Insufficient policy enforcement in extensions\n- CVE-2021-21128: Heap buffer overflow in Blink\n- CVE-2021-21129: Insufficient policy enforcement in File System API\n- CVE-2021-21130: Insufficient policy enforcement in File System API\n- CVE-2021-21131: Insufficient policy enforcement in File System API\n- CVE-2021-21132: Inappropriate implementation in DevTools\n- CVE-2021-21133: Insufficient policy enforcement in Downloads\n- CVE-2021-21134: Incorrect security UI in Page Info\n- CVE-2021-21135: Inappropriate implementation in Performance API\n- CVE-2021-21136: Insufficient policy enforcement in WebView\n- CVE-2021-21137: Inappropriate implementation in DevTools\n- CVE-2021-21138: Use after free in DevTools\n- CVE-2021-21139: Inappropriate implementation in iframe sandbox\n- CVE-2021-21140: Uninitialized Use in USB\n- CVE-2021-21141: Insufficient policy enforcement in File System API\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.","modified":"2026-02-04T04:06:05.674490Z","published":"2021-01-27T19:24:31Z","related":["CVE-2020-16044","CVE-2021-21117","CVE-2021-21118","CVE-2021-21119","CVE-2021-21120","CVE-2021-21121","CVE-2021-21122","CVE-2021-21123","CVE-2021-21124","CVE-2021-21125","CVE-2021-21126","CVE-2021-21127","CVE-2021-21128","CVE-2021-21129","CVE-2021-21130","CVE-2021-21131","CVE-2021-21132","CVE-2021-21133","CVE-2021-21134","CVE-2021-21135","CVE-2021-21136","CVE-2021-21137","CVE-2021-21138","CVE-2021-21139","CVE-2021-21140","CVE-2021-21141"],"upstream":["CVE-2020-16044","CVE-2021-21117","CVE-2021-21118","CVE-2021-21119","CVE-2021-21120","CVE-2021-21121","CVE-2021-21122","CVE-2021-21123","CVE-2021-21124","CVE-2021-21125","CVE-2021-21126","CVE-2021-21127","CVE-2021-21128","CVE-2021-21129","CVE-2021-21130","CVE-2021-21131","CVE-2021-21132","CVE-2021-21133","CVE-2021-21134","CVE-2021-21135","CVE-2021-21136","CVE-2021-21137","CVE-2021-21138","CVE-2021-21139","CVE-2021-21140","CVE-2021-21141"],"references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VTDULA6C5LKSUE5KO6PVLSSHYEEXC2I4/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181137"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16044"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21117"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21118"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21119"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21120"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21121"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21122"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21123"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21124"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21125"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21126"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21127"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21128"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21129"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21130"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21131"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21132"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21133"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21134"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21135"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21136"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21137"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21138"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21139"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21140"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21141"}],"affected":[{"package":{"name":"chromium","ecosystem":"SUSE:Package Hub 15 SP1","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"88.0.4324.96-bp151.3.156.1"}]}],"ecosystem_specific":{"binaries":[{"chromedriver":"88.0.4324.96-bp151.3.156.1","chromium":"88.0.4324.96-bp151.3.156.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0177-1.json"}}],"schema_version":"1.7.3"}