SUSE Package Hub - openSUSE-2021-840

Update Info

openSUSE-2021-840

Security update for chromium

Type: security

Severity: important

Issued: 2021-06-04

Description:

This update for chromium fixes the following issues:

Chromium 91.0.4472.77 (boo#1186458):

* Support Managed configuration API for Web Applications
* WebOTP API: cross-origin iframe support
* CSS custom counter styles
* Support JSON Modules
* Clipboard: read-only files support
* Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events
* Honor media HTML attribute for link icon
* Import Assertions
* Class static initializer blocks
* Ergonomic brand checks for private fields
* Expose WebAssembly SIMD
* New Feature: WebTransport
* ES Modules for service workers ('module' type option)
* Suggested file name and location for the File System Access API
* adaptivePTime property for RTCRtpEncodingParameters
* Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack
* Support WebSockets over HTTP/2
* Support 103 Early Hints for Navigation
* CVE-2021-30521: Heap buffer overflow in Autofill
* CVE-2021-30522: Use after free in WebAudio
* CVE-2021-30523: Use after free in WebRTC
* CVE-2021-30524: Use after free in TabStrip
* CVE-2021-30525: Use after free in TabGroups
* CVE-2021-30526: Out of bounds write in TabStrip
* CVE-2021-30527: Use after free in WebUI
* CVE-2021-30528: Use after free in WebAuthentication
* CVE-2021-30529: Use after free in Bookmarks
* CVE-2021-30530: Out of bounds memory access in WebAudio
* CVE-2021-30531: Insufficient policy enforcement in Content Security Policy
* CVE-2021-30532: Insufficient policy enforcement in Content Security Policy
* CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
* CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
* CVE-2021-30535: Double free in ICU
* CVE-2021-21212: Insufficient data validation in networking
* CVE-2021-30536: Out of bounds read in V8
* CVE-2021-30537: Insufficient policy enforcement in cookies
* CVE-2021-30538: Insufficient policy enforcement in content security policy
* CVE-2021-30539: Insufficient policy enforcement in content security policy
* CVE-2021-30540: Incorrect security UI in payments
* Various fixes from internal audits, fuzzing and other initiatives

References

CVE: CVE-2021-30540
CVE: CVE-2021-30539
CVE: CVE-2021-30538
CVE: CVE-2021-30537
CVE: CVE-2021-30536
CVE: CVE-2021-30535
CVE: CVE-2021-30534
CVE: CVE-2021-30533
CVE: CVE-2021-30532
CVE: CVE-2021-30531
CVE: CVE-2021-30530
CVE: CVE-2021-30529
CVE: CVE-2021-30528
CVE: CVE-2021-30527
CVE: CVE-2021-30526
CVE: CVE-2021-30525
CVE: CVE-2021-30524
CVE: CVE-2021-30523
CVE: CVE-2021-30522
CVE: CVE-2021-30521
CVE: CVE-2021-21212
Bugzilla: 1186458 VUL-0: chromium: multiple security issues fixed in 91.0.4472.77

Packages

chromium-91.0.4472.77-bp153.2.3.1