{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"96.0.4664.110-lp152.2.143.1","chromium":"96.0.4664.110-lp152.2.143.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"chromium","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"96.0.4664.110-lp152.2.143.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium fixes the following issues:\n\nChromium 96.0.4664.110 (boo#1193713):\n\n* CVE-2021-4098: Insufficient data validation in Mojo\n* CVE-2021-4099: Use after free in Swiftshader\n* CVE-2021-4100: Object lifecycle issue in ANGLE\n* CVE-2021-4101: Heap buffer overflow in Swiftshader\n* CVE-2021-4102: Use after free in V8\n\nLord of the Browsers: The Two Compilers:\n\n* Go back to GCC\n* GCC: LTO removes needed assembly symbols\n* Clang: issues with libstdc++\n\nChromium 96.0.4664.93 (boo#1193519):\n\n* CVE-2021-4052: Use after free in web apps\n* CVE-2021-4053: Use after free in UI\n* CVE-2021-4079: Out of bounds write in WebRTC\n* CVE-2021-4054: Incorrect security UI in autofill\n* CVE-2021-4078: Type confusion in V8\n* CVE-2021-4055: Heap buffer overflow in extensions\n* CVE-2021-4056: Type Confusion in loader\n* CVE-2021-4057: Use after free in file API\n* CVE-2021-4058: Heap buffer overflow in ANGLE\n* CVE-2021-4059: Insufficient data validation in loader\n* CVE-2021-4061: Type Confusion in V8\n* CVE-2021-4062: Heap buffer overflow in BFCache\n* CVE-2021-4063: Use after free in developer tools\n* CVE-2021-4064: Use after free in screen capture\n* CVE-2021-4065: Use after free in autofill\n* CVE-2021-4066: Integer underflow in ANGLE\n* CVE-2021-4067: Use after free in window manager\n* CVE-2021-4068: Insufficient validation of untrusted input in new tab page\n\nChromium 96.0.4664.45 (boo#1192734):\n\n* CVE-2021-38007: Type Confusion in V8\n* CVE-2021-38008: Use after free in media\n* CVE-2021-38009: Inappropriate implementation in cache\n* CVE-2021-38006: Use after free in storage foundation\n* CVE-2021-38005: Use after free in loader\n* CVE-2021-38010: Inappropriate implementation in service workers\n* CVE-2021-38011: Use after free in storage foundation\n* CVE-2021-38012: Type Confusion in V8\n* CVE-2021-38013: Heap buffer overflow in fingerprint recognition\n* CVE-2021-38014: Out of bounds write in Swiftshader\n* CVE-2021-38015: Inappropriate implementation in input\n* CVE-2021-38016: Insufficient policy enforcement in background fetch\n* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox\n* CVE-2021-38018: Inappropriate implementation in navigation\n* CVE-2021-38019: Insufficient policy enforcement in CORS\n* CVE-2021-38020: Insufficient policy enforcement in contacts picker\n* CVE-2021-38021: Inappropriate implementation in referrer\n* CVE-2021-38022: Inappropriate implementation in WebAuthentication\n","id":"openSUSE-SU-2021:1632-1","modified":"2021-12-28T07:45:13Z","published":"2021-12-28T07:45:13Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DUJZLITO4GTLR5FP75FBCLDYZMUY2AFI/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1192310"},{"type":"REPORT","url":"https://bugzilla.suse.com/1192734"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193519"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193713"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38005"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38006"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38007"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38008"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38009"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38010"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38011"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38012"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38013"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38014"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38015"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38016"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38017"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38018"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38019"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38020"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38021"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38022"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4052"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4053"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4054"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4055"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4056"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4057"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4058"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4059"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4061"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4062"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4063"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4064"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4065"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4066"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4067"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4068"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4078"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4079"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4098"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4099"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4100"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4102"}],"related":["CVE-2021-38005","CVE-2021-38006","CVE-2021-38007","CVE-2021-38008","CVE-2021-38009","CVE-2021-38010","CVE-2021-38011","CVE-2021-38012","CVE-2021-38013","CVE-2021-38014","CVE-2021-38015","CVE-2021-38016","CVE-2021-38017","CVE-2021-38018","CVE-2021-38019","CVE-2021-38020","CVE-2021-38021","CVE-2021-38022","CVE-2021-4052","CVE-2021-4053","CVE-2021-4054","CVE-2021-4055","CVE-2021-4056","CVE-2021-4057","CVE-2021-4058","CVE-2021-4059","CVE-2021-4061","CVE-2021-4062","CVE-2021-4063","CVE-2021-4064","CVE-2021-4065","CVE-2021-4066","CVE-2021-4067","CVE-2021-4068","CVE-2021-4078","CVE-2021-4079","CVE-2021-4098","CVE-2021-4099","CVE-2021-4100","CVE-2021-4101","CVE-2021-4102"],"summary":"Security update for chromium","upstream":["CVE-2021-38005","CVE-2021-38006","CVE-2021-38007","CVE-2021-38008","CVE-2021-38009","CVE-2021-38010","CVE-2021-38011","CVE-2021-38012","CVE-2021-38013","CVE-2021-38014","CVE-2021-38015","CVE-2021-38016","CVE-2021-38017","CVE-2021-38018","CVE-2021-38019","CVE-2021-38020","CVE-2021-38021","CVE-2021-38022","CVE-2021-4052","CVE-2021-4053","CVE-2021-4054","CVE-2021-4055","CVE-2021-4056","CVE-2021-4057","CVE-2021-4058","CVE-2021-4059","CVE-2021-4061","CVE-2021-4062","CVE-2021-4063","CVE-2021-4064","CVE-2021-4065","CVE-2021-4066","CVE-2021-4067","CVE-2021-4068","CVE-2021-4078","CVE-2021-4079","CVE-2021-4098","CVE-2021-4099","CVE-2021-4100","CVE-2021-4101","CVE-2021-4102"]}