-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.0203
                         chromium security update
                              17 January 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-0120 CVE-2022-0118 CVE-2022-0117
                   CVE-2022-0116 CVE-2022-0115 CVE-2022-0114
                   CVE-2022-0113 CVE-2022-0112 CVE-2022-0111
                   CVE-2022-0110 CVE-2022-0109 CVE-2022-0108
                   CVE-2022-0107 CVE-2022-0106 CVE-2022-0105
                   CVE-2022-0104 CVE-2022-0103 CVE-2022-0102
                   CVE-2022-0101 CVE-2022-0100 CVE-2022-0099
                   CVE-2022-0098 CVE-2022-0097 CVE-2022-0096
                   CVE-2021-38022 CVE-2021-38021 CVE-2021-38020
                   CVE-2021-38019 CVE-2021-38018 CVE-2021-38017
                   CVE-2021-38016 CVE-2021-38015 CVE-2021-38014
                   CVE-2021-38013 CVE-2021-38012 CVE-2021-38011
                   CVE-2021-38010 CVE-2021-38009 CVE-2021-38008
                   CVE-2021-38007 CVE-2021-38006 CVE-2021-38005
                   CVE-2021-38004 CVE-2021-38003 CVE-2021-38002
                   CVE-2021-38001 CVE-2021-38000 CVE-2021-37999
                   CVE-2021-37998 CVE-2021-37997 CVE-2021-37996
                   CVE-2021-37995 CVE-2021-37994 CVE-2021-37993
                   CVE-2021-37992 CVE-2021-37991 CVE-2021-37990
                   CVE-2021-37989 CVE-2021-37988 CVE-2021-37987
                   CVE-2021-37986 CVE-2021-37985 CVE-2021-37984
                   CVE-2021-37983 CVE-2021-37982 CVE-2021-37981
                   CVE-2021-37980 CVE-2021-37979 CVE-2021-37978
                   CVE-2021-37977 CVE-2021-37976 CVE-2021-37975
                   CVE-2021-37974 CVE-2021-37973 CVE-2021-37972
                   CVE-2021-37971 CVE-2021-37970 CVE-2021-37969
                   CVE-2021-37968 CVE-2021-37967 CVE-2021-37966
                   CVE-2021-37965 CVE-2021-37964 CVE-2021-37963
                   CVE-2021-37962 CVE-2021-37961 CVE-2021-37959
                   CVE-2021-37958 CVE-2021-37957 CVE-2021-37956
                   CVE-2021-4102 CVE-2021-4101 CVE-2021-4100
                   CVE-2021-4099 CVE-2021-4098 CVE-2021-4079
                   CVE-2021-4078 CVE-2021-4068 CVE-2021-4067
                   CVE-2021-4066 CVE-2021-4065 CVE-2021-4064
                   CVE-2021-4063 CVE-2021-4062 CVE-2021-4061
                   CVE-2021-4059 CVE-2021-4058 CVE-2021-4057
                   CVE-2021-4056 CVE-2021-4055 CVE-2021-4054
                   CVE-2021-4053 CVE-2021-4052 

Reference:         ASB-2022.0001
                   ASB-2021.0187
                   ESB-2022.0049

Original Bulletin: 
   http://www.debian.org/security/2022/dsa-5046

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5046-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 14, 2022                      https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 
                 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 
                 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 
                 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 
                 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 
                 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2021-37956 
                 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37961 
                 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 
                 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 
                 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 CVE-2021-37973 
                 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 
                 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 CVE-2021-37981 
                 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 
                 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 
                 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 
                 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 CVE-2021-37997 
                 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 
                 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38005 
                 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 
                 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 
                 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 
                 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 
                 CVE-2021-38022 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 
                 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 
                 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 
                 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 
                 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 
                 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 
                 CVE-2022-0120

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the oldstable distribution (buster), security support for Chromium
has been discontinued due to toolchain issues which no longer allow to
build current Chromium releases on buster. You can either upgrade to
the stable release (bullseye) or switch to a browser which continues
to receive security supports in buster (firefox-esr or browsers based
on webkit2gtk)

For the stable distribution (bullseye), these problems have been fixed in
version 97.0.4692.71-0.1~deb11u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmHhz14ACgkQEMKTtsN8
Tjbj2Q//bm0VCcB/mVCsnctTVEr1j8cd+cUkezz1/Vr1t+l2cdmDFTO6zLYOofWB
RrlyBgjbZMaH/5OHb4KFSUA4r7yFAIYUgYCUU2GaQ6hJG3b8KSJlBAA9w1LxDE15
CipV2YKkIkbe4fmt2DYptI1Eg5O2oSXs3NfD/1zX84oJ42Ubz7lStCqZNt4KMgUg
SEZyVNZ0ELnlhMjWFxFAR3henyWE6zz/Az7lMiWHZk9ZQdygXAa+EQS1mJPf23Ty
Isw5P+/eEyFeKktGjynGYEvkvYz3/NNw888JTGNmI2KLWWoBP8h5s7HWcDSP+K27
8BFaGypjtIavnaw+bJSGgirv0DIlXohjSD65OcC3xvVmKC6CJnMUDGHiho2KUpi1
QAXPzU/m7YOEayuJTWUAlDtt9nQ/bL0ffVyuXVRyvWJKLTVNkbqqZxIir8rQg/yp
VthwWjt3vnhc+K2MBe8wl5XfCuK0FPJ3iQ6gwYLzefGHz5MerYaxG18QIhA3mGCo
rCAYkR7U8diw6nl0JRHyHlqU99mN0D1j74Myz/Wy2zQWpLj/MCu7kfAEGh62ly0s
7uwVUzRoG2eFx/GSvI81T2ha9gazRu/Sa7tQ36ffe3U1NpRfF515HQkEXmXrr/N6
Tvnr//s62oFiTfdH8aZKuvPQ4GxHYP15kkqRcSF2MBTxV+9MMcE=
=qu0K
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYeSvWuNLKJtyKPYoAQjrwBAAjtJRIegJcQZrN3wc4+djZUNbJFjVoHLe
uWbLug5AocVodI/clfGdLDJ6CdvU6gO7A4SSVazeRtEz+KHexM7XKMazMfw8qO3N
eSuHKXs7pR7p3qqHCqO7LIno+enigl1WXYrYbG3fcjBHSBEoMUACtruvgRTy4Pqq
A0+sAgcSkJEWfq8RmpiHGpmVBQE0H6tI2DxqQj9Wx3FEhLF0HmcfjjZdUHdAC3Ca
VlWsHuYgClQCWavIEtohnImVF1dcr/LTRSYOXeyFKPjZr0Zjur/EBV1OfyZRFgQ4
xIxDQ0gIQP+PmWKTw96oz4W0MtwkuvR3GMhmTdN3tBlw/5ayWTKHDBQVxd8nofv9
rwoZb+WKPtkC3ZYDjKyguoID+9KQ2Z6DVGAPeErBER6vDKJY88DBJ6j30tdRk42W
3XCHutlqlFhF43AveGnlpQTtoWT8nahUb2HkvVsRTKulSbzSjNpUrE/0fLvUVe6G
wlTAbo0RrhSGkK7/OJgLe8Hfs152DG9EDthOhuPFg2flKjXOmcn9MVfeMyq+8G2z
dTaBJOw9n9xVSsl7FXHpdikcJv6EGb7X0tb0cPlXFkOmRR9PXKv7sYSxclS2uWKZ
JjOOAq+WKE/hkFgVrheWbrmURF1i+Kjkr/fAuV3466RP8XnHtW/+4d2ouy6FYBAN
M45AL5PzHVE=
=IXyD
-----END PGP SIGNATURE-----