{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"89.0.4389.72-bp152.2.62.1","chromium":"89.0.4389.72-bp152.2.62.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP2","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"89.0.4389.72-bp152.2.62.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium fixes the following issues:\n\nUpdate to 89.0.4389.72 (boo#1182358, boo#1182960):\n\n- CVE-2021-21159: Heap buffer overflow in TabStrip.\n- CVE-2021-21160: Heap buffer overflow in WebAudio.\n- CVE-2021-21161: Heap buffer overflow in TabStrip.\n- CVE-2021-21162: Use after free in WebRTC.\n- CVE-2021-21163: Insufficient data validation in Reader Mode.\n- CVE-2021-21164: Insufficient data validation in Chrome for iOS.\n- CVE-2021-21165: Object lifecycle issue in audio.\n- CVE-2021-21166: Object lifecycle issue in audio.\n- CVE-2021-21167: Use after free in bookmarks.\n- CVE-2021-21168: Insufficient policy enforcement in appcache.\n- CVE-2021-21169: Out of bounds memory access in V8.\n- CVE-2021-21170: Incorrect security UI in Loader.\n- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.\n- CVE-2021-21172: Insufficient policy enforcement in File System API.\n- CVE-2021-21173: Side-channel information leakage in Network Internals.\n- CVE-2021-21174: Inappropriate implementation in Referrer.\n- CVE-2021-21175: Inappropriate implementation in Site isolation.\n- CVE-2021-21176: Inappropriate implementation in full screen mode.\n- CVE-2021-21177: Insufficient policy enforcement in Autofill.\n- CVE-2021-21178: Inappropriate implementation in Compositing.\n- CVE-2021-21179: Use after free in Network Internals.\n- CVE-2021-21180: Use after free in tab search.\n- CVE-2020-27844: Heap buffer overflow in OpenJPEG.\n- CVE-2021-21181: Side-channel information leakage in autofill.\n- CVE-2021-21182: Insufficient policy enforcement in navigations.\n- CVE-2021-21183: Inappropriate implementation in performance APIs.\n- CVE-2021-21184: Inappropriate implementation in performance APIs.\n- CVE-2021-21185: Insufficient policy enforcement in extensions.\n- CVE-2021-21186: Insufficient policy enforcement in QR scanning.\n- CVE-2021-21187: Insufficient data validation in URL formatting.\n- CVE-2021-21188: Use after free in Blink.\n- CVE-2021-21189: Insufficient policy enforcement in payments.\n- CVE-2021-21190: Uninitialized Use in PDFium.\n- CVE-2021-21149: Stack overflow in Data Transfer.\n- CVE-2021-21150: Use after free in Downloads.\n- CVE-2021-21151: Use after free in Payments.\n- CVE-2021-21152: Heap buffer overflow in Media.\n- CVE-2021-21153: Stack overflow in GPU Process. \n- CVE-2021-21154: Heap buffer overflow in Tab Strip.\n- CVE-2021-21155: Heap buffer overflow in Tab Strip.\n- CVE-2021-21156: Heap buffer overflow in V8.\n- CVE-2021-21157: Use after free in Web Sockets.  \n- Fixed Sandbox with glibc 2.33 (boo#1182233)\n- Fixed an issue where chromium hangs on opening (boo#1182775).\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.","id":"openSUSE-SU-2021:0401-1","modified":"2021-03-09T19:05:08Z","published":"2021-03-09T19:05:08Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182233"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182358"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182775"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27844"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21149"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21150"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21151"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21152"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21153"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21155"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21156"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21157"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21159"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21160"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21161"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21162"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21163"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21164"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21165"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21166"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21167"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21168"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21169"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21170"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21171"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21172"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21173"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21174"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21175"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21176"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21177"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21178"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21179"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21182"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21183"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21184"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21187"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21188"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21189"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21190"}],"related":["CVE-2020-27844","CVE-2021-21149","CVE-2021-21150","CVE-2021-21151","CVE-2021-21152","CVE-2021-21153","CVE-2021-21154","CVE-2021-21155","CVE-2021-21156","CVE-2021-21157","CVE-2021-21159","CVE-2021-21160","CVE-2021-21161","CVE-2021-21162","CVE-2021-21163","CVE-2021-21164","CVE-2021-21165","CVE-2021-21166","CVE-2021-21167","CVE-2021-21168","CVE-2021-21169","CVE-2021-21170","CVE-2021-21171","CVE-2021-21172","CVE-2021-21173","CVE-2021-21174","CVE-2021-21175","CVE-2021-21176","CVE-2021-21177","CVE-2021-21178","CVE-2021-21179","CVE-2021-21180","CVE-2021-21181","CVE-2021-21182","CVE-2021-21183","CVE-2021-21184","CVE-2021-21185","CVE-2021-21186","CVE-2021-21187","CVE-2021-21188","CVE-2021-21189","CVE-2021-21190"],"summary":"Security update for chromium","upstream":["CVE-2020-27844","CVE-2021-21149","CVE-2021-21150","CVE-2021-21151","CVE-2021-21152","CVE-2021-21153","CVE-2021-21154","CVE-2021-21155","CVE-2021-21156","CVE-2021-21157","CVE-2021-21159","CVE-2021-21160","CVE-2021-21161","CVE-2021-21162","CVE-2021-21163","CVE-2021-21164","CVE-2021-21165","CVE-2021-21166","CVE-2021-21167","CVE-2021-21168","CVE-2021-21169","CVE-2021-21170","CVE-2021-21171","CVE-2021-21172","CVE-2021-21173","CVE-2021-21174","CVE-2021-21175","CVE-2021-21176","CVE-2021-21177","CVE-2021-21178","CVE-2021-21179","CVE-2021-21180","CVE-2021-21181","CVE-2021-21182","CVE-2021-21183","CVE-2021-21184","CVE-2021-21185","CVE-2021-21186","CVE-2021-21187","CVE-2021-21188","CVE-2021-21189","CVE-2021-21190"]}