Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0641
chromium security update
22 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: chromium
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-21157 CVE-2021-21156 CVE-2021-21155
CVE-2021-21154 CVE-2021-21153 CVE-2021-21152
CVE-2021-21151 CVE-2021-21150 CVE-2021-21149
CVE-2021-21148
Reference: ESB-2021.0581
ESB-2021.0421
Original Bulletin:
http://www.debian.org/security/2021/dsa-4858
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4858-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
February 19, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151
CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155
CVE-2021-21156 CVE-2021-21157
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2021-21148
Mattias Buelens discovered a buffer overflow issue in the v8 javascript
library.
CVE-2021-21149
Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer
implementation.
CVE-2021-21150
Woojin Oh discovered a use-after-free issue in the file downloader.
CVE-2021-21151
Khalil Zhani discovered a use-after-free issue in the payments system.
CVE-2021-21152
A buffer overflow was discovered in media handling.
CVE-2021-21153
Jan Ruge discovered a stack overflow issue in the GPU process.
CVE-2021-21154
Abdulrahman Alqabandi discovered a buffer overflow issue in the Tab Strip
implementation.
CVE-2021-21155
Khalil Zhani discovered a buffer overflow issue in the Tab Strip
implementation.
CVE-2021-21156
Sergei Glazunov discovered a buffer overflow issue in the v8 javascript
library.
CVE-2021-21157
A use-after-free issue was discovered in the Web Sockets implementation.
For the stable distribution (buster), these problems have been fixed in
version 88.0.4324.182-1~deb10u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmAwc/AACgkQmD40ZYkU
ayhBuh//b8m6CI7rJyrqcrz+kZfrqLcTtYXv3o5GHPMW2yFDIikG8v3GfPoTfioP
zEbkJjwaj50/jfGrIWFXOdvsXvSrwGOSOaEGujOkm6uKdRL/6WJfrIMmRfABylot
dzYYeBhKQD9J3pfCAa9i3GG3HtH7QU8HnA/ixh+CHFbBfkgHqzVudPA9GoEtislq
bH8hfjBM+WDYMv2Fjq3BmzFOiBne4SQXQDrOTYIjZ8yLEm6AsjvMoU/fe5kQx00M
6e7cePle65/QCMKk6ETxnuRBLA5FGdtuFtGaRKIv85J0gSzuZxyS/Ni6k0NiRZhr
XznAVbNxcbB+J/EQBb1braWnRVjHEQxyaUZkPbDHD4GU2nOk99SM6gTlE9w0JW1Y
pyXTgKj8osW3oJdNLYEjXxppt5VDiyBTnRkcAIvFzyfyVORPlxhT1CyUX4ZTig+6
lZQkgO4Los2kZY7vjAYS1+/BHh01x14+Z8Gywzr6+A1Pk2ccBr3TQOWJQLHtWYkR
BOWKVUVzWl91DiznEGsnpQYcxhCjc4KhRk+NQjcI5m6IbmZ7CyN2oSlnIZDzCCyn
EHrLMSYp0YYz+XygbdqrkxkliCdZn8X2H0e1xFBoS04yxAeNgY/3BySKUexHqW8O
GJlRjKYaSXkEgaQfKliCjf3PIN7CY/OdtWMgnhNyykTOE8ufYk7JAmcvelHol1Wz
3I93lBt3jjGuv/wzbjiNgT14TC+Zj/iqOBkDD14qPDsYw7jL1mNxNprcFDJFV7Ox
0Vo/lzt6PMNdQdEcw0ArB47UvwtbaFq+CpPT/BmmNDbqjqgS6bxWPspNtnwYz1BS
smFAfMO0fi2ZpaPORawL9ZDRw6L80zDGc9RBIRtTrHI1GfV80G1GRorJTqf0al0n
TQmDHj2SSRZhZ7F43TYvUABO9UCzni6Ixr4SjEg7d7r3szSSKR/xFAEAkOq6YvAM
sVIGgTOmKLsKtFzDGn0DgtBfF9oAKAnn4DV4V+NwKZwdSrupIbJGJMMfSF/j+xiq
dEYItBYIFNQNdX6FuODZcfhAJxZ66iVQSwMNC+FvSsazyp73HKPwukveCSs6wnXg
WzWDUSk8LyQlm43xDTwily7FViJfq45H6ZXLSnmSp8Lp3XuTFRBauyzls08tIoCk
Fi6oExwdIvX2INZ4Z5N07iL0jZLzvQVDq8/KxRKUCpPR+f25fI+I+d9Kc89dODfc
j9vPzWI0DCCpOtJNQYoN1zSsjP5c1VRdVZo0Nx3ptcmROMD7oj2UI/TLiiylXCil
TDI8EEXwm0ucMRbNv0vk5SBhhw7xYP65MUx3kVvBZlJFCE77i+9GUZLsWXYOHPGr
CjIYDti1IBO/aNh3sYiz8RqlkM4VAw==
=Du/1
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYDMIhuNLKJtyKPYoAQjOWxAAlOOn+wOoiDQ2mnx1cYHiCdPFYjyfnydJ
U9PY8W5UF8GgWHLCndyoq9zC2rwWuvgc1yh8G45K4uHo+iinsvC59F6qsy32XpHI
a5H0zoEicxq07Vwlo2nbhutZfgnp+kTfCe0OuPVzMVU8ctyPo8RhRP2EQuy2TE5v
KGQgzno3gjywXMtqypbflR38aBJbsvD1uHVB0QzEslRSa3G7YBw1yiPpmvnSYwr7
fw1YIX+fBKEiMldEhMsD9YNTmmb67xHufLy4o0cTnkaal7Nik4CEv/iIJjEqK/uj
RacwT6cBdDnfyg9lZrgI7wK9VSUcJH9288XYcz8dqg2WmWnrfL6kU7F6vVfgQOuH
ycU5yk3hZdmQhSl/W9f4CmJpKGEAOEQzmKC2ejx4z4cKFi5GPMdbbRb9dSYReDAB
R/xeRHXSH/5yod1l9JZCxk+4R3Pi9M4AlPRi22K/dzQeE+bV7qEjH9g6+Zqsvpce
g7VLAZ9UvncvAqpHh+FrWX1HCG1aY9AF68qocpC7bmo/HFn/3u8EYdP9E5HsCJ1p
Q54yKRjOPy7I/nP5cGe1s2s0Fh5mRm0x4XIYF1JhwORkW1i+n7xqL7nRRrJIZbC0
YcAoVVvfP7P0b9kXqF5yElCkSXtKk8tZFxVgHc3v6+nJ2dXY3cpFb9/EX9qfq0lF
T8uf+u5gLBc=
=BKEw
-----END PGP SIGNATURE-----