[ASA-202109-6] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-202109-6 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2379 Summary ======= The package chromium before version 93.0.4577.82-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 93.0.4577.82-1. # pacman -Syu "chromium>=93.0.4577.82-1" The problems have been fixed upstream in version 93.0.4577.82. Workaround ========== None. Description =========== - CVE-2021-30625 (arbitrary code execution) A use after free security issue has been found in the Selection API component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30626 (arbitrary code execution) An out of bounds memory access security issue has been found in the ANGLE component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30627 (arbitrary code execution) A type confusion security issue has been found in the Blink layout component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30628 (arbitrary code execution) A stack buffer overflow security issue has been found in the ANGLE component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30629 (arbitrary code execution) A use after free security issue has been found in the Permissions component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30630 (arbitrary code execution) An inappropriate implementation security issue has been found in the Blink component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30631 (arbitrary code execution) A type confusion security issue has been found in the Blink layout component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30632 (arbitrary code execution) An out of bounds write security issue has been found in the V8 component of the Chromium browser engine before version 93.0.4577.82. Google is aware that exploits for this issue exist in the wild. - CVE-2021-30633 (arbitrary code execution) A use after free security issue has been found in the Indexed DB API component of the Chromium browser engine before version 93.0.4577.82. Google is aware that exploits for this issue exist in the wild. Impact ====== A remote attacker could execute arbitrary code through crafted web content. References ========== https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desk... https://crbug.com/1237533 https://crbug.com/1241036 https://crbug.com/1245786 https://crbug.com/1241123 https://crbug.com/1243646 https://crbug.com/1244568 https://crbug.com/1246932 https://crbug.com/1247763 https://crbug.com/1247766 https://security.archlinux.org/CVE-2021-30625 https://security.archlinux.org/CVE-2021-30626 https://security.archlinux.org/CVE-2021-30627 https://security.archlinux.org/CVE-2021-30628 https://security.archlinux.org/CVE-2021-30629 https://security.archlinux.org/CVE-2021-30630 https://security.archlinux.org/CVE-2021-30631 https://security.archlinux.org/CVE-2021-30632 https://security.archlinux.org/CVE-2021-30633
participants (1)
-
Jonas Witschel