-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1441
                         chromium security update
                               28 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-21226 CVE-2021-21225 CVE-2021-21224
                   CVE-2021-21223 CVE-2021-21222 CVE-2021-21221
                   CVE-2021-21219 CVE-2021-21218 CVE-2021-21217
                   CVE-2021-21216 CVE-2021-21215 CVE-2021-21214
                   CVE-2021-21213 CVE-2021-21212 CVE-2021-21211
                   CVE-2021-21210 CVE-2021-21209 CVE-2021-21208
                   CVE-2021-21207 CVE-2021-21205 CVE-2021-21204
                   CVE-2021-21203 CVE-2021-21202 CVE-2021-21201

Reference:         ASB-2021.0099
                   ESB-2021.1363
                   ESB-2021.1287

Original Bulletin: 
   https://lists.debian.org/debian-security-announce/2021/msg00087.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4906-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
April 27, 2021                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204
                 CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209
                 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213
                 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217
                 CVE-2021-21218 CVE-2021-21219 CVE-2021-21221 CVE-2021-21222
                 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2021-21201

    Gengming Liu and Jianyu Chen discovered a use-after-free issue.

CVE-2021-21202

    David Erceg discovered a use-after-free issue in extensions.

CVE-2021-21203

    asnine discovered a use-after-free issue in Blink/Webkit.

CVE-2021-21204

    Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a
    use-after-free issue in Blink/Webkit.

CVE-2021-21205

    Alison Huffman discovered a policy enforcement error.

CVE-2021-21207

    koocola and Nan Wang discovered a use-after-free in the indexed database.

CVE-2021-21208

    Ahmed Elsobky discovered a data validation error in the QR code scanner.

CVE-2021-21209

    Tom Van Goethem discovered an implementation error in the Storage API.

CVE-2021-21210

    @bananabr discovered an error in the networking implementation.

CVE-2021-21211

    Akash Labade discovered an error in the navigation implementation.

CVE-2021-21212

    Hugo Hue and Sze Yui Chau discovered an error in the network configuration
    user interface.

CVE-2021-21213

    raven discovered a use-after-free issue in the WebMIDI implementation.

CVE-2021-21214

    A use-after-free issue was discovered in the networking implementation.

CVE-2021-21215

    Abdulrahman Alqabandi discovered an error in the Autofill feature.

CVE-2021-21216

    Abdulrahman Alqabandi discovered an error in the Autofill feature.

CVE-2021-21217

    Zhou Aiting discovered use of uninitialized memory in the pdfium library.

CVE-2021-21218

    Zhou Aiting discovered use of uninitialized memory in the pdfium library.

CVE-2021-21219

    Zhou Aiting discovered use of uninitialized memory in the pdfium library.

CVE-2021-21221

    Guang Gong discovered insufficient validation of untrusted input.

CVE-2021-21222

    Guang Gong discovered a buffer overflow issue in the v8 javascript
    library.

CVE-2021-21223

    Guang Gong discovered an integer overflow issue.

CVE-2021-21224

    Jose Martinez discovered a type error in the v8 javascript library.

CVE-2021-21225

    Brendon Tiszka discovered an out-of-bounds memory access issue in the v8
    javascript library.

CVE-2021-21226

    Brendon Tiszka discovered a use-after-free issue in the networking
    implementation.

For the stable distribution (buster), these problems have been fixed in
version 90.0.4430.85-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmCIvYEACgkQmD40ZYkU
ayg9fCAAjphN4kZAOT12EphLMxc0GLIgweQjU9fg9kWba4JlkqevuhI87qfBb1xn
ENC4pz6CDpWExt2qFuSPxHDE88B2EcHVKiCHgKPN4Lxwjd7/WNCskhlOyvEwVDW1
+vylgXzwFem/8aJWSms3Iun/VBpVV0/c9XFTcTzzJtqPaddnQyh2EO1sJJy9sa1R
r030G/KBJtWk3Ng7eoqCZi1ecj+Dnp2YIEXkjruDYo2oX545qsCEkQDFJcpOcApD
oB9g4B696apIhb44th94WjCgfIEGsbNd1b8AKvc/KNNL6vuBH3HGQD0kntOINOXG
xOPEVPWT60jywYfaW6FUxsi/n5TzS3QhTZwymoDD/DiN2RMEx46SaPTo+bjhv54X
JW0avcqXA2qvR5XPb+Y/wqe/XGWg8YOHU+sTXJ58qWZ/q35MK3u7yjpODIXAWSJS
GymgwV7d+T6nl2WIHv9Lmg5M0Dm2qhWtkMss1OdKbYiBqmmYjndZZZByxtMbv+e6
7/2/uyu3iHOC6MLnnCP2Dq9ccXMILsC8TrYkg5tciKRoWAvP/v9z04HXWteM/7zI
6D3u1ZUarSJZPImBOJoqz/1p5rlWSN121jCHyP75a0I62UxU11E36UBQhOS6MAPb
fXj06hkRRZs9pNXBGpBvy9bHRtmtRGm8PfGNUEzCEhwP5CW4YOvjXgV9SqPAJX5i
UitrTmnsTLC4UNjKzoZBXSw+uM/Cw61088vR8IDzT/CsqI8kM400L0o1gNhU0ozZ
GiKzF1Ay/8eFUL7Olt7kUqeinkgc4TidKOsl6DMvOjQBhsK6MtqK4YcHfJ/fRlix
gTWYjbe1leT2ViMRO51E3DjrkPfoFqfqTw4M2V1ba30Gfhy/tFLiIzq5ROnO4eWu
iIviq6rrvCgIKdNg7iNTkws+GoVann+aqnqsYkpO/q+xI2YoxSkDfat+lqbvi4ii
HLzqOD/JeeODu7IjfEga95iGAEEgpCzWuraYJpjoqM37NV6uFrRTiUyuQOHJGcCG
nC6tQK6WZQ9t1V8hV5Sy0DjgmshY61XyYqwawUxzmlhltYsJ3kQbj2+rrtCsJc4p
ePosM1+FvwtE/XpgItBtEQddOQqPNtWZ8YlrSdY4887Rvkkqv4/ZRdD0Qh53DM8q
RsTVp6kCmhcYXHDSX/gPXHIpG1MYhPWcrLHIwKpiQLvNLl/yJ6sWOT1gqyPU7ZNM
uK6QdF4VIqrEKSk+GuzHYQpibkJ1RBEnRQAziwJlExbHsNKcVfL0EGEirMBchcky
Q1W5NlqBPpwMq9cTVnYXzXpC9/ls6pYKy8TXtNV/T6hDU0QNx1fE3qyDjJgaMka/
TefkoRqL5r+yGHJNz/q01LbMk1gbdw==
=Drkg
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIjtLeNLKJtyKPYoAQgGdRAAnvhEjU8dNMpxeI8ygUF5B6iyYWr2wB32
P9vQvqgOvqp030DanaRqOG8X4DXKSaYaZJf3U9CIEb/P1o8+jbr7/807YXKplYu9
s2HdKntIYYOr9Zcqt7c+9VYb93ZZx16K2M0yniRsDd6nvywjlwDH4Z5caxCiv5RS
qsZaR/gGUegwft3LRNMuK7TfALecVP6eTuyS0f89XDT8ei4hsMSzewiXoRJ62RSH
TNCHA9JbFynXpwpct8vvE81FK5clNCumHbDoQ+gHOlkrGbnfUTq4TFScrpqeiPWK
dzDRndbYT+gE0xzqqRxjMAxxAR6JFw8oGOaT7zKK+0O8qNjuhmXmD5C97BSJeroS
EHLvX/3YKY9qjyG3QjWfHWxPsmllIHz5rdRy8PlTbIwRJ7i1wOCfSY65sYHPREwO
ryy4qkylzBaxBptMaamAexSEagp/w8B8Bhdsq0SyQGNgu74zNoPbu4OyCq9gu/sq
tRQZItxU+2rnbAT1BeHdx4tywbMDWa0TeJBkYMqttmI4qLAs8dxLOTbDM/A18ldH
VEGwASVUoxddAocbz+26F1U2burXIfO+imZ0DIr8TUO11N+PU3Jjagbs0BUFk3b+
NSLkJwGrRj/b55+OeMy4MbUA3z66FZsEfzu+WEJdpYxPA07UvnVXu7wqiNy4EGZR
eRca4e9bbxs=
=NCqU
-----END PGP SIGNATURE-----