Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0641 chromium security update 22 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: chromium Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-21157 CVE-2021-21156 CVE-2021-21155 CVE-2021-21154 CVE-2021-21153 CVE-2021-21152 CVE-2021-21151 CVE-2021-21150 CVE-2021-21149 CVE-2021-21148 Reference: ESB-2021.0581 ESB-2021.0421 Original Bulletin: http://www.debian.org/security/2021/dsa-4858 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4858-1 security@debian.org https://www.debian.org/security/ Michael Gilbert February 19, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157 Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21148 Mattias Buelens discovered a buffer overflow issue in the v8 javascript library. CVE-2021-21149 Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer implementation. CVE-2021-21150 Woojin Oh discovered a use-after-free issue in the file downloader. CVE-2021-21151 Khalil Zhani discovered a use-after-free issue in the payments system. CVE-2021-21152 A buffer overflow was discovered in media handling. CVE-2021-21153 Jan Ruge discovered a stack overflow issue in the GPU process. CVE-2021-21154 Abdulrahman Alqabandi discovered a buffer overflow issue in the Tab Strip implementation. CVE-2021-21155 Khalil Zhani discovered a buffer overflow issue in the Tab Strip implementation. CVE-2021-21156 Sergei Glazunov discovered a buffer overflow issue in the v8 javascript library. CVE-2021-21157 A use-after-free issue was discovered in the Web Sockets implementation. For the stable distribution (buster), these problems have been fixed in version 88.0.4324.182-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmAwc/AACgkQmD40ZYkU ayhBuh//b8m6CI7rJyrqcrz+kZfrqLcTtYXv3o5GHPMW2yFDIikG8v3GfPoTfioP zEbkJjwaj50/jfGrIWFXOdvsXvSrwGOSOaEGujOkm6uKdRL/6WJfrIMmRfABylot dzYYeBhKQD9J3pfCAa9i3GG3HtH7QU8HnA/ixh+CHFbBfkgHqzVudPA9GoEtislq bH8hfjBM+WDYMv2Fjq3BmzFOiBne4SQXQDrOTYIjZ8yLEm6AsjvMoU/fe5kQx00M 6e7cePle65/QCMKk6ETxnuRBLA5FGdtuFtGaRKIv85J0gSzuZxyS/Ni6k0NiRZhr XznAVbNxcbB+J/EQBb1braWnRVjHEQxyaUZkPbDHD4GU2nOk99SM6gTlE9w0JW1Y pyXTgKj8osW3oJdNLYEjXxppt5VDiyBTnRkcAIvFzyfyVORPlxhT1CyUX4ZTig+6 lZQkgO4Los2kZY7vjAYS1+/BHh01x14+Z8Gywzr6+A1Pk2ccBr3TQOWJQLHtWYkR BOWKVUVzWl91DiznEGsnpQYcxhCjc4KhRk+NQjcI5m6IbmZ7CyN2oSlnIZDzCCyn EHrLMSYp0YYz+XygbdqrkxkliCdZn8X2H0e1xFBoS04yxAeNgY/3BySKUexHqW8O GJlRjKYaSXkEgaQfKliCjf3PIN7CY/OdtWMgnhNyykTOE8ufYk7JAmcvelHol1Wz 3I93lBt3jjGuv/wzbjiNgT14TC+Zj/iqOBkDD14qPDsYw7jL1mNxNprcFDJFV7Ox 0Vo/lzt6PMNdQdEcw0ArB47UvwtbaFq+CpPT/BmmNDbqjqgS6bxWPspNtnwYz1BS smFAfMO0fi2ZpaPORawL9ZDRw6L80zDGc9RBIRtTrHI1GfV80G1GRorJTqf0al0n TQmDHj2SSRZhZ7F43TYvUABO9UCzni6Ixr4SjEg7d7r3szSSKR/xFAEAkOq6YvAM sVIGgTOmKLsKtFzDGn0DgtBfF9oAKAnn4DV4V+NwKZwdSrupIbJGJMMfSF/j+xiq dEYItBYIFNQNdX6FuODZcfhAJxZ66iVQSwMNC+FvSsazyp73HKPwukveCSs6wnXg WzWDUSk8LyQlm43xDTwily7FViJfq45H6ZXLSnmSp8Lp3XuTFRBauyzls08tIoCk Fi6oExwdIvX2INZ4Z5N07iL0jZLzvQVDq8/KxRKUCpPR+f25fI+I+d9Kc89dODfc j9vPzWI0DCCpOtJNQYoN1zSsjP5c1VRdVZo0Nx3ptcmROMD7oj2UI/TLiiylXCil TDI8EEXwm0ucMRbNv0vk5SBhhw7xYP65MUx3kVvBZlJFCE77i+9GUZLsWXYOHPGr CjIYDti1IBO/aNh3sYiz8RqlkM4VAw== =Du/1 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYDMIhuNLKJtyKPYoAQjOWxAAlOOn+wOoiDQ2mnx1cYHiCdPFYjyfnydJ U9PY8W5UF8GgWHLCndyoq9zC2rwWuvgc1yh8G45K4uHo+iinsvC59F6qsy32XpHI a5H0zoEicxq07Vwlo2nbhutZfgnp+kTfCe0OuPVzMVU8ctyPo8RhRP2EQuy2TE5v KGQgzno3gjywXMtqypbflR38aBJbsvD1uHVB0QzEslRSa3G7YBw1yiPpmvnSYwr7 fw1YIX+fBKEiMldEhMsD9YNTmmb67xHufLy4o0cTnkaal7Nik4CEv/iIJjEqK/uj RacwT6cBdDnfyg9lZrgI7wK9VSUcJH9288XYcz8dqg2WmWnrfL6kU7F6vVfgQOuH ycU5yk3hZdmQhSl/W9f4CmJpKGEAOEQzmKC2ejx4z4cKFi5GPMdbbRb9dSYReDAB R/xeRHXSH/5yod1l9JZCxk+4R3Pi9M4AlPRi22K/dzQeE+bV7qEjH9g6+Zqsvpce g7VLAZ9UvncvAqpHh+FrWX1HCG1aY9AF68qocpC7bmo/HFn/3u8EYdP9E5HsCJ1p Q54yKRjOPy7I/nP5cGe1s2s0Fh5mRm0x4XIYF1JhwORkW1i+n7xqL7nRRrJIZbC0 YcAoVVvfP7P0b9kXqF5yElCkSXtKk8tZFxVgHc3v6+nJ2dXY3cpFb9/EX9qfq0lF T8uf+u5gLBc= =BKEw -----END PGP SIGNATURE-----