{"id":"openSUSE-SU-2021:0392-1","summary":"Security update for chromium","details":"This update for chromium fixes the following issues:\n\nUpdate to 89.0.4389.72 (boo#1182358, boo#1182960):\n\n- CVE-2021-21159: Heap buffer overflow in TabStrip.\n- CVE-2021-21160: Heap buffer overflow in WebAudio.\n- CVE-2021-21161: Heap buffer overflow in TabStrip.\n- CVE-2021-21162: Use after free in WebRTC.\n- CVE-2021-21163: Insufficient data validation in Reader Mode.\n- CVE-2021-21164: Insufficient data validation in Chrome for iOS.\n- CVE-2021-21165: Object lifecycle issue in audio.\n- CVE-2021-21166: Object lifecycle issue in audio.\n- CVE-2021-21167: Use after free in bookmarks.\n- CVE-2021-21168: Insufficient policy enforcement in appcache.\n- CVE-2021-21169: Out of bounds memory access in V8.\n- CVE-2021-21170: Incorrect security UI in Loader.\n- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.\n- CVE-2021-21172: Insufficient policy enforcement in File System API.\n- CVE-2021-21173: Side-channel information leakage in Network Internals.\n- CVE-2021-21174: Inappropriate implementation in Referrer.\n- CVE-2021-21175: Inappropriate implementation in Site isolation.\n- CVE-2021-21176: Inappropriate implementation in full screen mode.\n- CVE-2021-21177: Insufficient policy enforcement in Autofill.\n- CVE-2021-21178: Inappropriate implementation in Compositing.\n- CVE-2021-21179: Use after free in Network Internals.\n- CVE-2021-21180: Use after free in tab search.\n- CVE-2020-27844: Heap buffer overflow in OpenJPEG.\n- CVE-2021-21181: Side-channel information leakage in autofill.\n- CVE-2021-21182: Insufficient policy enforcement in navigations.\n- CVE-2021-21183: Inappropriate implementation in performance APIs.\n- CVE-2021-21184: Inappropriate implementation in performance APIs.\n- CVE-2021-21185: Insufficient policy enforcement in extensions.\n- CVE-2021-21186: Insufficient policy enforcement in QR scanning.\n- CVE-2021-21187: Insufficient data validation in URL formatting.\n- CVE-2021-21188: Use after free in Blink.\n- CVE-2021-21189: Insufficient policy enforcement in payments.\n- CVE-2021-21190: Uninitialized Use in PDFium.\n- CVE-2021-21149: Stack overflow in Data Transfer.\n- CVE-2021-21150: Use after free in Downloads.\n- CVE-2021-21151: Use after free in Payments.\n- CVE-2021-21152: Heap buffer overflow in Media.\n- CVE-2021-21153: Stack overflow in GPU Process. \n- CVE-2021-21154: Heap buffer overflow in Tab Strip.\n- CVE-2021-21155: Heap buffer overflow in Tab Strip.\n- CVE-2021-21156: Heap buffer overflow in V8.\n- CVE-2021-21157: Use after free in Web Sockets.  \n- Fixed Sandbox with glibc 2.33 (boo#1182233)\n- Fixed an issue where chromium hangs on opening (boo#1182775).\n","modified":"2026-02-04T03:34:17.553987Z","published":"2021-03-08T07:13:12Z","related":["CVE-2020-27844","CVE-2021-21149","CVE-2021-21150","CVE-2021-21151","CVE-2021-21152","CVE-2021-21153","CVE-2021-21154","CVE-2021-21155","CVE-2021-21156","CVE-2021-21157","CVE-2021-21159","CVE-2021-21160","CVE-2021-21161","CVE-2021-21162","CVE-2021-21163","CVE-2021-21164","CVE-2021-21165","CVE-2021-21166","CVE-2021-21167","CVE-2021-21168","CVE-2021-21169","CVE-2021-21170","CVE-2021-21171","CVE-2021-21172","CVE-2021-21173","CVE-2021-21174","CVE-2021-21175","CVE-2021-21176","CVE-2021-21177","CVE-2021-21178","CVE-2021-21179","CVE-2021-21180","CVE-2021-21181","CVE-2021-21182","CVE-2021-21183","CVE-2021-21184","CVE-2021-21185","CVE-2021-21186","CVE-2021-21187","CVE-2021-21188","CVE-2021-21189","CVE-2021-21190"],"upstream":["CVE-2020-27844","CVE-2021-21149","CVE-2021-21150","CVE-2021-21151","CVE-2021-21152","CVE-2021-21153","CVE-2021-21154","CVE-2021-21155","CVE-2021-21156","CVE-2021-21157","CVE-2021-21159","CVE-2021-21160","CVE-2021-21161","CVE-2021-21162","CVE-2021-21163","CVE-2021-21164","CVE-2021-21165","CVE-2021-21166","CVE-2021-21167","CVE-2021-21168","CVE-2021-21169","CVE-2021-21170","CVE-2021-21171","CVE-2021-21172","CVE-2021-21173","CVE-2021-21174","CVE-2021-21175","CVE-2021-21176","CVE-2021-21177","CVE-2021-21178","CVE-2021-21179","CVE-2021-21180","CVE-2021-21181","CVE-2021-21182","CVE-2021-21183","CVE-2021-21184","CVE-2021-21185","CVE-2021-21186","CVE-2021-21187","CVE-2021-21188","CVE-2021-21189","CVE-2021-21190"],"references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S66YPMC4VLRMKQGSTL3XFAVYDCVH7ADY/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182233"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182358"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182775"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27844"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21149"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21150"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21151"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21152"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21153"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21155"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21156"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21157"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21159"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21160"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21161"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21162"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21163"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21164"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21165"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21166"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21167"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21168"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21169"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21170"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21171"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21172"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21173"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21174"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21175"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21176"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21177"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21178"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21179"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21182"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21183"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21184"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21187"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21188"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21189"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21190"}],"affected":[{"package":{"name":"chromium","ecosystem":"openSUSE:Leap 15.2","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"89.0.4389.72-lp152.2.77.1"}]}],"ecosystem_specific":{"binaries":[{"chromedriver":"89.0.4389.72-lp152.2.77.1","chromium":"89.0.4389.72-lp152.2.77.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0392-1.json"}}],"schema_version":"1.7.3"}