Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-16044 (GCVE-0-2020-16044)
Vulnerability from cvelistv5 – Published: 2021-02-09 13:55 – Updated: 2024-08-04 13:37
VLAI
EPSS
Summary
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
Severity
8.8 (High)
CWE
- Use after free
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://crbug.com/1163228 | x_refsource_MISC |
| https://chromereleases.googleblog.com/2021/01/sta… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1163228"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "88.0.4324.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T13:55:54.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1163228"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-16044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "88.0.4324.96"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1163228",
"refsource": "MISC",
"url": "https://crbug.com/1163228"
},
{
"name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-16044",
"datePublished": "2021-02-09T13:55:54.000Z",
"dateReserved": "2020-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:53.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-16044",
"date": "2026-06-08",
"epss": "0.00377",
"percentile": "0.59599"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"88.0.4324.96\", \"matchCriteriaId\": \"565ED6B8-8F41-4E79-A280-33CB321E607F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.\"}, {\"lang\": \"es\", \"value\": \"Un uso de la memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 88.0.4324.96, permit\\u00eda a un atacante remoto explotar potencialmente una corrupci\\u00f3n de la memoria por medio de un paquete SCTP dise\\u00f1ado\"}]",
"id": "CVE-2020-16044",
"lastModified": "2024-11-21T05:06:44.207",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-02-09T14:15:14.450",
"references": "[{\"url\": \"https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1163228\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1163228\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}, {\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-16044\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2021-02-09T14:15:14.450\",\"lastModified\":\"2024-11-21T05:06:44.207\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.\"},{\"lang\":\"es\",\"value\":\"Un uso de la memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 88.0.4324.96, permit\u00eda a un atacante remoto explotar potencialmente una corrupci\u00f3n de la memoria por medio de un paquete SCTP dise\u00f1ado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"88.0.4324.96\",\"matchCriteriaId\":\"565ED6B8-8F41-4E79-A280-33CB321E607F\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1163228\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1163228\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]}]}}"
}
}
GHSA-3GX6-9G98-G4W5
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
{
"affected": [],
"aliases": [
"CVE-2020-16044"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-09T14:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"id": "GHSA-3gx6-9g98-g4w5",
"modified": "2022-05-24T17:41:24Z",
"published": "2022-05-24T17:41:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16044"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1163228"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-16044
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-16044",
"description": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"id": "GSD-2020-16044",
"references": [
"https://www.suse.com/security/cve/CVE-2020-16044.html",
"https://www.debian.org/security/2021/dsa-4846",
"https://www.debian.org/security/2021/dsa-4842",
"https://www.debian.org/security/2021/dsa-4827",
"https://access.redhat.com/errata/RHSA-2021:0160",
"https://access.redhat.com/errata/RHSA-2021:0089",
"https://access.redhat.com/errata/RHSA-2021:0088",
"https://access.redhat.com/errata/RHSA-2021:0087",
"https://access.redhat.com/errata/RHSA-2021:0055",
"https://access.redhat.com/errata/RHSA-2021:0054",
"https://access.redhat.com/errata/RHSA-2021:0053",
"https://access.redhat.com/errata/RHSA-2021:0052",
"https://ubuntu.com/security/CVE-2020-16044",
"https://advisories.mageia.org/CVE-2020-16044.html",
"https://security.archlinux.org/CVE-2020-16044",
"https://linux.oracle.com/cve/CVE-2020-16044.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-16044"
],
"details": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"id": "GSD-2020-16044",
"modified": "2023-12-13T01:21:46.660625Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-16044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "88.0.4324.96"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1163228",
"refsource": "MISC",
"url": "https://crbug.com/1163228"
},
{
"name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-16044"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.6.1"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "84.0.2"
}
]
}
},
{
"product_name": "Firefox for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "84.1.3"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.6.1"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.6.1, Firefox \u003c 84.0.2, Firefox for Android \u003c 84.1.3, and Firefox ESR \u003c 78.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-02/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-01/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1683964"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "88.0.4324.96",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-16044"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
},
{
"name": "https://crbug.com/1163228",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://crbug.com/1163228"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-07-21T11:39Z",
"publishedDate": "2021-02-09T14:15Z"
}
}
}
OPENSUSE-SU-2021:0056-1
Vulnerability from csaf_opensuse - Published: 2021-01-13 17:12 - Updated: 2021-01-13 17:12Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.1 ESR
* Fixed: Critical security issue MFSA 2021-01 (bsc#1180623)
* CVE-2020-16044
Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-56
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-78.6.1-lp152.2.40.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.6.1 ESR\n * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623)\n * CVE-2020-16044\n Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-56",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0056-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0056-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MWW23OVUF57OUUNFOOBPRID66YRCNBPH/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0056-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MWW23OVUF57OUUNFOOBPRID66YRCNBPH/"
},
{
"category": "self",
"summary": "SUSE Bug 1180623",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2021-01-13T17:12:59Z",
"generator": {
"date": "2021-01-13T17:12:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0056-1",
"initial_release_date": "2021-01-13T17:12:59Z",
"revision_history": [
{
"date": "2021-01-13T17:12:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.6.1-lp152.2.40.1.x86_64",
"product": {
"name": "MozillaFirefox-78.6.1-lp152.2.40.1.x86_64",
"product_id": "MozillaFirefox-78.6.1-lp152.2.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64",
"product_id": "MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.6.1-lp152.2.40.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-78.6.1-lp152.2.40.1.x86_64"
},
"product_reference": "MozillaFirefox-78.6.1-lp152.2.40.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.6.1-lp152.2.40.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.6.1-lp152.2.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-13T17:12:59Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
}
]
}
OPENSUSE-SU-2021:0063-1
Vulnerability from csaf_opensuse - Published: 2021-01-15 08:20 - Updated: 2021-01-15 08:20Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.6.1 ESR
* Fixed: Critical security issue MFSA 2021-01 (bsc#1180623)
* CVE-2020-16044
Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-63
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-78.6.1-lp151.2.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.6.1 ESR\n * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623)\n * CVE-2020-16044\n Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-63",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0063-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0063-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R64OG7KLB7DVCRVNOYE46AZ266XQ2F23/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0063-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R64OG7KLB7DVCRVNOYE46AZ266XQ2F23/"
},
{
"category": "self",
"summary": "SUSE Bug 1180623",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2021-01-15T08:20:08Z",
"generator": {
"date": "2021-01-15T08:20:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0063-1",
"initial_release_date": "2021-01-15T08:20:08Z",
"revision_history": [
{
"date": "2021-01-15T08:20:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.6.1-lp151.2.85.1.x86_64",
"product": {
"name": "MozillaFirefox-78.6.1-lp151.2.85.1.x86_64",
"product_id": "MozillaFirefox-78.6.1-lp151.2.85.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64",
"product_id": "MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.6.1-lp151.2.85.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-78.6.1-lp151.2.85.1.x86_64"
},
"product_reference": "MozillaFirefox-78.6.1-lp151.2.85.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.6.1-lp151.2.85.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.6.1-lp151.2.85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-15T08:20:08Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
}
]
}
OPENSUSE-SU-2021:0093-1
Vulnerability from csaf_opensuse - Published: 2021-01-16 18:54 - Updated: 2021-01-16 18:54Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 78.6.1
* changed: MailExtensions: browserAction, composeAction, and
messageDisplayAction toolbar buttons now support label and
default_label properties (bmo#1583478)
* fixed: Running a quicksearch that returned no results did not
offer to re-run as a global search (bmo#1663153)
* fixed: Message search toolbar fixes (bmo#1681010)
* fixed: Very long subject lines distorted the message compose
and display windows, making them unusable (bmo#77806)
* fixed: Compose window: Recipient addresses that had not yet
been autocompleted were lost when clicking Send button
(bmo#1674054)
* fixed: Compose window: New message is no longer marked as
'changed' just from tabbing out of the recipient field
without editing anything (bmo#1681389)
* fixed: Account autodiscover fixes when using MS Exchange
servers (bmo#1679759)
* fixed: LDAP address book stability fix (bmo#1680914)
* fixed: Messages with invalid vcard attachments were not
marked as read when viewed in the preview window
(bmo#1680468)
* fixed: Chat: Could not add TLS certificate exceptions for
XMPP connections (bmo#1590471)
* fixed: Calendar: System timezone was not always properly
detected (bmo#1678839)
* fixed: Calendar: Descriptions were sometimes blank when
editing a single occurrence of a repeating event
(bmo#1664731)
* fixed: Various printing bugfixes (bmo#1676166)
* fixed: Visual consistency and theme improvements
(bmo#1682808)
MFSA 2021-02 (bsc#1180623)
* CVE-2020-16044 (bmo#1683964)
Use-after-free write when handling a malicious COOKIE-ECHO
SCTP chunk
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-93
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird 78.6.1\n * changed: MailExtensions: browserAction, composeAction, and\n messageDisplayAction toolbar buttons now support label and\n default_label properties (bmo#1583478)\n * fixed: Running a quicksearch that returned no results did not\n offer to re-run as a global search (bmo#1663153)\n * fixed: Message search toolbar fixes (bmo#1681010)\n * fixed: Very long subject lines distorted the message compose\n and display windows, making them unusable (bmo#77806)\n * fixed: Compose window: Recipient addresses that had not yet\n been autocompleted were lost when clicking Send button\n (bmo#1674054)\n * fixed: Compose window: New message is no longer marked as\n \u0027changed\u0027 just from tabbing out of the recipient field\n without editing anything (bmo#1681389)\n * fixed: Account autodiscover fixes when using MS Exchange\n servers (bmo#1679759)\n * fixed: LDAP address book stability fix (bmo#1680914)\n * fixed: Messages with invalid vcard attachments were not\n marked as read when viewed in the preview window\n (bmo#1680468)\n * fixed: Chat: Could not add TLS certificate exceptions for\n XMPP connections (bmo#1590471)\n * fixed: Calendar: System timezone was not always properly\n detected (bmo#1678839)\n * fixed: Calendar: Descriptions were sometimes blank when\n editing a single occurrence of a repeating event\n (bmo#1664731)\n * fixed: Various printing bugfixes (bmo#1676166)\n * fixed: Visual consistency and theme improvements\n (bmo#1682808)\n MFSA 2021-02 (bsc#1180623)\n * CVE-2020-16044 (bmo#1683964)\n Use-after-free write when handling a malicious COOKIE-ECHO\n SCTP chunk\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-93",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0093-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0093-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/72PBD5PFZIW6WZ7R65QRFVISRDWYC6WO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0093-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/72PBD5PFZIW6WZ7R65QRFVISRDWYC6WO/"
},
{
"category": "self",
"summary": "SUSE Bug 1180623",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2021-01-16T18:54:46Z",
"generator": {
"date": "2021-01-16T18:54:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0093-1",
"initial_release_date": "2021-01-16T18:54:46Z",
"revision_history": [
{
"date": "2021-01-16T18:54:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64",
"product": {
"name": "MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64",
"product_id": "MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64"
},
"product_reference": "MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.6.1-lp152.2.26.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-16T18:54:46Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
}
]
}
OPENSUSE-SU-2021:0127-1
Vulnerability from csaf_opensuse - Published: 2021-01-20 15:22 - Updated: 2021-01-20 15:22Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 78.6.1
* changed: MailExtensions: browserAction, composeAction, and
messageDisplayAction toolbar buttons now support label and
default_label properties (bmo#1583478)
* fixed: Running a quicksearch that returned no results did not
offer to re-run as a global search (bmo#1663153)
* fixed: Message search toolbar fixes (bmo#1681010)
* fixed: Very long subject lines distorted the message compose
and display windows, making them unusable (bmo#77806)
* fixed: Compose window: Recipient addresses that had not yet
been autocompleted were lost when clicking Send button
(bmo#1674054)
* fixed: Compose window: New message is no longer marked as
'changed' just from tabbing out of the recipient field
without editing anything (bmo#1681389)
* fixed: Account autodiscover fixes when using MS Exchange
servers (bmo#1679759)
* fixed: LDAP address book stability fix (bmo#1680914)
* fixed: Messages with invalid vcard attachments were not
marked as read when viewed in the preview window
(bmo#1680468)
* fixed: Chat: Could not add TLS certificate exceptions for
XMPP connections (bmo#1590471)
* fixed: Calendar: System timezone was not always properly
detected (bmo#1678839)
* fixed: Calendar: Descriptions were sometimes blank when
editing a single occurrence of a repeating event
(bmo#1664731)
* fixed: Various printing bugfixes (bmo#1676166)
* fixed: Visual consistency and theme improvements
(bmo#1682808)
MFSA 2021-02 (bsc#1180623)
* CVE-2020-16044 (bmo#1683964)
Use-after-free write when handling a malicious COOKIE-ECHO
SCTP chunk
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-127
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird 78.6.1\n * changed: MailExtensions: browserAction, composeAction, and\n messageDisplayAction toolbar buttons now support label and\n default_label properties (bmo#1583478)\n * fixed: Running a quicksearch that returned no results did not\n offer to re-run as a global search (bmo#1663153)\n * fixed: Message search toolbar fixes (bmo#1681010)\n * fixed: Very long subject lines distorted the message compose\n and display windows, making them unusable (bmo#77806)\n * fixed: Compose window: Recipient addresses that had not yet\n been autocompleted were lost when clicking Send button\n (bmo#1674054)\n * fixed: Compose window: New message is no longer marked as\n \u0027changed\u0027 just from tabbing out of the recipient field\n without editing anything (bmo#1681389)\n * fixed: Account autodiscover fixes when using MS Exchange\n servers (bmo#1679759)\n * fixed: LDAP address book stability fix (bmo#1680914)\n * fixed: Messages with invalid vcard attachments were not\n marked as read when viewed in the preview window\n (bmo#1680468)\n * fixed: Chat: Could not add TLS certificate exceptions for\n XMPP connections (bmo#1590471)\n * fixed: Calendar: System timezone was not always properly\n detected (bmo#1678839)\n * fixed: Calendar: Descriptions were sometimes blank when\n editing a single occurrence of a repeating event\n (bmo#1664731)\n * fixed: Various printing bugfixes (bmo#1676166)\n * fixed: Visual consistency and theme improvements\n (bmo#1682808)\n MFSA 2021-02 (bsc#1180623)\n * CVE-2020-16044 (bmo#1683964)\n Use-after-free write when handling a malicious COOKIE-ECHO\n SCTP chunk\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-127",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0127-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0127-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3236IRHAJFLO3NB3KMMBI5XYZOZFL6S7/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0127-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3236IRHAJFLO3NB3KMMBI5XYZOZFL6S7/"
},
{
"category": "self",
"summary": "SUSE Bug 1180623",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2021-01-20T15:22:40Z",
"generator": {
"date": "2021-01-20T15:22:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0127-1",
"initial_release_date": "2021-01-20T15:22:40Z",
"revision_history": [
{
"date": "2021-01-20T15:22:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64",
"product": {
"name": "MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64",
"product_id": "MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64"
},
"product_reference": "MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.6.1-lp151.2.66.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.6.1-lp151.2.66.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.6.1-lp151.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-20T15:22:40Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
}
]
}
OPENSUSE-SU-2021:0166-1
Vulnerability from csaf_opensuse - Published: 2021-01-26 09:23 - Updated: 2021-01-26 09:23Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Chromium was updated to 88.0.4324.96 boo#1181137
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome
- CVE-2021-21118: Insufficient data validation in V8
- CVE-2021-21119: Use after free in Media
- CVE-2021-21120: Use after free in WebSQL
- CVE-2021-21121: Use after free in Omnibox
- CVE-2021-21122: Use after free in Blink
- CVE-2021-21123: Insufficient data validation in File System API
- CVE-2021-21124: Potential user after free in Speech Recognizer
- CVE-2021-21125: Insufficient policy enforcement in File System API
- CVE-2020-16044: Use after free in WebRTC
- CVE-2021-21126: Insufficient policy enforcement in extensions
- CVE-2021-21127: Insufficient policy enforcement in extensions
- CVE-2021-21128: Heap buffer overflow in Blink
- CVE-2021-21129: Insufficient policy enforcement in File System API
- CVE-2021-21130: Insufficient policy enforcement in File System API
- CVE-2021-21131: Insufficient policy enforcement in File System API
- CVE-2021-21132: Inappropriate implementation in DevTools
- CVE-2021-21133: Insufficient policy enforcement in Downloads
- CVE-2021-21134: Incorrect security UI in Page Info
- CVE-2021-21135: Inappropriate implementation in Performance API
- CVE-2021-21136: Insufficient policy enforcement in WebView
- CVE-2021-21137: Inappropriate implementation in DevTools
- CVE-2021-21138: Use after free in DevTools
- CVE-2021-21139: Inappropriate implementation in iframe sandbox
- CVE-2021-21140: Uninitialized Use in USB
- CVE-2021-21141: Insufficient policy enforcement in File System API
Patchnames: openSUSE-2021-166
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.6 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.8 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
84 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium was updated to 88.0.4324.96 boo#1181137\n\n- CVE-2021-21117: Insufficient policy enforcement in Cryptohome\n- CVE-2021-21118: Insufficient data validation in V8\n- CVE-2021-21119: Use after free in Media\n- CVE-2021-21120: Use after free in WebSQL\n- CVE-2021-21121: Use after free in Omnibox\n- CVE-2021-21122: Use after free in Blink\n- CVE-2021-21123: Insufficient data validation in File System API\n- CVE-2021-21124: Potential user after free in Speech Recognizer\n- CVE-2021-21125: Insufficient policy enforcement in File System API\n- CVE-2020-16044: Use after free in WebRTC\n- CVE-2021-21126: Insufficient policy enforcement in extensions\n- CVE-2021-21127: Insufficient policy enforcement in extensions\n- CVE-2021-21128: Heap buffer overflow in Blink\n- CVE-2021-21129: Insufficient policy enforcement in File System API\n- CVE-2021-21130: Insufficient policy enforcement in File System API\n- CVE-2021-21131: Insufficient policy enforcement in File System API\n- CVE-2021-21132: Inappropriate implementation in DevTools\n- CVE-2021-21133: Insufficient policy enforcement in Downloads\n- CVE-2021-21134: Incorrect security UI in Page Info\n- CVE-2021-21135: Inappropriate implementation in Performance API\n- CVE-2021-21136: Insufficient policy enforcement in WebView\n- CVE-2021-21137: Inappropriate implementation in DevTools\n- CVE-2021-21138: Use after free in DevTools\n- CVE-2021-21139: Inappropriate implementation in iframe sandbox\n- CVE-2021-21140: Uninitialized Use in USB\n- CVE-2021-21141: Insufficient policy enforcement in File System API\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-166",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0166-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0166-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UJLGW3JAYRVM7Z2KD5X5WM5BVADC7BWN/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0166-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UJLGW3JAYRVM7Z2KD5X5WM5BVADC7BWN/"
},
{
"category": "self",
"summary": "SUSE Bug 1181137",
"url": "https://bugzilla.suse.com/1181137"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21117 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21118 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21119 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21120 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21121 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21124 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21126 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21127 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21128 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21129 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21130 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21131 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21132 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21133 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21134 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21135 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21136 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21137 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21139 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21140 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21141 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21141/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-01-26T09:23:18Z",
"generator": {
"date": "2021-01-26T09:23:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0166-1",
"initial_release_date": "2021-01-26T09:23:18Z",
"revision_history": [
{
"date": "2021-01-26T09:23:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"product": {
"name": "chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"product_id": "chromedriver-88.0.4324.96-lp151.2.171.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-88.0.4324.96-lp151.2.171.1.x86_64",
"product": {
"name": "chromium-88.0.4324.96-lp151.2.171.1.x86_64",
"product_id": "chromium-88.0.4324.96-lp151.2.171.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-88.0.4324.96-lp151.2.171.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64"
},
"product_reference": "chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-88.0.4324.96-lp151.2.171.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
},
"product_reference": "chromium-88.0.4324.96-lp151.2.171.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
},
{
"cve": "CVE-2021-21117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21117"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21117",
"url": "https://www.suse.com/security/cve/CVE-2021-21117"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21117",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21117"
},
{
"cve": "CVE-2021-21118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21118"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21118",
"url": "https://www.suse.com/security/cve/CVE-2021-21118"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21118",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21118"
},
{
"cve": "CVE-2021-21119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21119"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21119",
"url": "https://www.suse.com/security/cve/CVE-2021-21119"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21119",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21119"
},
{
"cve": "CVE-2021-21120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21120"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21120",
"url": "https://www.suse.com/security/cve/CVE-2021-21120"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21120",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21120"
},
{
"cve": "CVE-2021-21121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21121"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21121",
"url": "https://www.suse.com/security/cve/CVE-2021-21121"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21121",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21121"
},
{
"cve": "CVE-2021-21122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21122"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21122",
"url": "https://www.suse.com/security/cve/CVE-2021-21122"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21122",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21122"
},
{
"cve": "CVE-2021-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21123"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21123",
"url": "https://www.suse.com/security/cve/CVE-2021-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21123",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21123"
},
{
"cve": "CVE-2021-21124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21124"
}
],
"notes": [
{
"category": "general",
"text": "Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21124",
"url": "https://www.suse.com/security/cve/CVE-2021-21124"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21124",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21124"
},
{
"cve": "CVE-2021-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21125"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21125",
"url": "https://www.suse.com/security/cve/CVE-2021-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21125",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21125"
},
{
"cve": "CVE-2021-21126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21126"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21126",
"url": "https://www.suse.com/security/cve/CVE-2021-21126"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21126",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21126"
},
{
"cve": "CVE-2021-21127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21127"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21127",
"url": "https://www.suse.com/security/cve/CVE-2021-21127"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21127",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21127"
},
{
"cve": "CVE-2021-21128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21128"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21128",
"url": "https://www.suse.com/security/cve/CVE-2021-21128"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21128",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21128"
},
{
"cve": "CVE-2021-21129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21129"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21129",
"url": "https://www.suse.com/security/cve/CVE-2021-21129"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21129",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21129"
},
{
"cve": "CVE-2021-21130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21130"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21130",
"url": "https://www.suse.com/security/cve/CVE-2021-21130"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21130",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21130"
},
{
"cve": "CVE-2021-21131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21131"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21131",
"url": "https://www.suse.com/security/cve/CVE-2021-21131"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21131",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21131"
},
{
"cve": "CVE-2021-21132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21132"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21132",
"url": "https://www.suse.com/security/cve/CVE-2021-21132"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21132",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21132"
},
{
"cve": "CVE-2021-21133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21133"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21133",
"url": "https://www.suse.com/security/cve/CVE-2021-21133"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21133",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21133"
},
{
"cve": "CVE-2021-21134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21134"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21134",
"url": "https://www.suse.com/security/cve/CVE-2021-21134"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21134",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21134"
},
{
"cve": "CVE-2021-21135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21135"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21135",
"url": "https://www.suse.com/security/cve/CVE-2021-21135"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21135",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21135"
},
{
"cve": "CVE-2021-21136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21136"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21136",
"url": "https://www.suse.com/security/cve/CVE-2021-21136"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21136",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21136"
},
{
"cve": "CVE-2021-21137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21137"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21137",
"url": "https://www.suse.com/security/cve/CVE-2021-21137"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21137",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21137"
},
{
"cve": "CVE-2021-21138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21138"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21138",
"url": "https://www.suse.com/security/cve/CVE-2021-21138"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21138",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21138"
},
{
"cve": "CVE-2021-21139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21139"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21139",
"url": "https://www.suse.com/security/cve/CVE-2021-21139"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21139",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21139"
},
{
"cve": "CVE-2021-21140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21140"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21140",
"url": "https://www.suse.com/security/cve/CVE-2021-21140"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21140",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21140"
},
{
"cve": "CVE-2021-21141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21141"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21141",
"url": "https://www.suse.com/security/cve/CVE-2021-21141"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21141",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-88.0.4324.96-lp151.2.171.1.x86_64",
"openSUSE Leap 15.1:chromium-88.0.4324.96-lp151.2.171.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-26T09:23:18Z",
"details": "critical"
}
],
"title": "CVE-2021-21141"
}
]
}
OPENSUSE-SU-2021:0173-1
Vulnerability from csaf_opensuse - Published: 2021-01-27 13:37 - Updated: 2021-01-27 13:37Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
chromium was updated to 88.0.4324.96 boo#1181137
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome
- CVE-2021-21118: Insufficient data validation in V8
- CVE-2021-21119: Use after free in Media
- CVE-2021-21120: Use after free in WebSQL
- CVE-2021-21121: Use after free in Omnibox
- CVE-2021-21122: Use after free in Blink
- CVE-2021-21123: Insufficient data validation in File System API
- CVE-2021-21124: Potential user after free in Speech Recognizer
- CVE-2021-21125: Insufficient policy enforcement in File System API
- CVE-2020-16044: Use after free in WebRTC
- CVE-2021-21126: Insufficient policy enforcement in extensions
- CVE-2021-21127: Insufficient policy enforcement in extensions
- CVE-2021-21128: Heap buffer overflow in Blink
- CVE-2021-21129: Insufficient policy enforcement in File System API
- CVE-2021-21130: Insufficient policy enforcement in File System API
- CVE-2021-21131: Insufficient policy enforcement in File System API
- CVE-2021-21132: Inappropriate implementation in DevTools
- CVE-2021-21133: Insufficient policy enforcement in Downloads
- CVE-2021-21134: Incorrect security UI in Page Info
- CVE-2021-21135: Inappropriate implementation in Performance API
- CVE-2021-21136: Insufficient policy enforcement in WebView
- CVE-2021-21137: Inappropriate implementation in DevTools
- CVE-2021-21138: Use after free in DevTools
- CVE-2021-21139: Inappropriate implementation in iframe sandbox
- CVE-2021-21140: Uninitialized Use in USB
- CVE-2021-21141: Insufficient policy enforcement in File System API
Patchnames: openSUSE-2021-173
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.6 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.8 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
84 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nchromium was updated to 88.0.4324.96 boo#1181137\n\n- CVE-2021-21117: Insufficient policy enforcement in Cryptohome\n- CVE-2021-21118: Insufficient data validation in V8\n- CVE-2021-21119: Use after free in Media\n- CVE-2021-21120: Use after free in WebSQL\n- CVE-2021-21121: Use after free in Omnibox\n- CVE-2021-21122: Use after free in Blink\n- CVE-2021-21123: Insufficient data validation in File System API\n- CVE-2021-21124: Potential user after free in Speech Recognizer\n- CVE-2021-21125: Insufficient policy enforcement in File System API\n- CVE-2020-16044: Use after free in WebRTC\n- CVE-2021-21126: Insufficient policy enforcement in extensions\n- CVE-2021-21127: Insufficient policy enforcement in extensions\n- CVE-2021-21128: Heap buffer overflow in Blink\n- CVE-2021-21129: Insufficient policy enforcement in File System API\n- CVE-2021-21130: Insufficient policy enforcement in File System API\n- CVE-2021-21131: Insufficient policy enforcement in File System API\n- CVE-2021-21132: Inappropriate implementation in DevTools\n- CVE-2021-21133: Insufficient policy enforcement in Downloads\n- CVE-2021-21134: Incorrect security UI in Page Info\n- CVE-2021-21135: Inappropriate implementation in Performance API\n- CVE-2021-21136: Insufficient policy enforcement in WebView\n- CVE-2021-21137: Inappropriate implementation in DevTools\n- CVE-2021-21138: Use after free in DevTools\n- CVE-2021-21139: Inappropriate implementation in iframe sandbox\n- CVE-2021-21140: Uninitialized Use in USB\n- CVE-2021-21141: Insufficient policy enforcement in File System API\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-173",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0173-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0173-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GKJ4GOW4YBBVDHM3PN6ELURRBVPFRRJA/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0173-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GKJ4GOW4YBBVDHM3PN6ELURRBVPFRRJA/"
},
{
"category": "self",
"summary": "SUSE Bug 1181137",
"url": "https://bugzilla.suse.com/1181137"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21117 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21118 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21119 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21120 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21121 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21124 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21126 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21127 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21128 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21129 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21130 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21131 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21132 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21133 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21134 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21135 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21136 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21137 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21139 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21140 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21141 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21141/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-01-27T13:37:23Z",
"generator": {
"date": "2021-01-27T13:37:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0173-1",
"initial_release_date": "2021-01-27T13:37:23Z",
"revision_history": [
{
"date": "2021-01-27T13:37:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"product": {
"name": "chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"product_id": "chromedriver-88.0.4324.96-lp152.2.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-88.0.4324.96-lp152.2.66.1.x86_64",
"product": {
"name": "chromium-88.0.4324.96-lp152.2.66.1.x86_64",
"product_id": "chromium-88.0.4324.96-lp152.2.66.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-88.0.4324.96-lp152.2.66.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64"
},
"product_reference": "chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-88.0.4324.96-lp152.2.66.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
},
"product_reference": "chromium-88.0.4324.96-lp152.2.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
},
{
"cve": "CVE-2021-21117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21117"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21117",
"url": "https://www.suse.com/security/cve/CVE-2021-21117"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21117",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21117"
},
{
"cve": "CVE-2021-21118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21118"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21118",
"url": "https://www.suse.com/security/cve/CVE-2021-21118"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21118",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21118"
},
{
"cve": "CVE-2021-21119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21119"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21119",
"url": "https://www.suse.com/security/cve/CVE-2021-21119"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21119",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21119"
},
{
"cve": "CVE-2021-21120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21120"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21120",
"url": "https://www.suse.com/security/cve/CVE-2021-21120"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21120",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21120"
},
{
"cve": "CVE-2021-21121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21121"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21121",
"url": "https://www.suse.com/security/cve/CVE-2021-21121"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21121",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21121"
},
{
"cve": "CVE-2021-21122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21122"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21122",
"url": "https://www.suse.com/security/cve/CVE-2021-21122"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21122",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21122"
},
{
"cve": "CVE-2021-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21123"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21123",
"url": "https://www.suse.com/security/cve/CVE-2021-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21123",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21123"
},
{
"cve": "CVE-2021-21124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21124"
}
],
"notes": [
{
"category": "general",
"text": "Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21124",
"url": "https://www.suse.com/security/cve/CVE-2021-21124"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21124",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21124"
},
{
"cve": "CVE-2021-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21125"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21125",
"url": "https://www.suse.com/security/cve/CVE-2021-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21125",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21125"
},
{
"cve": "CVE-2021-21126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21126"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21126",
"url": "https://www.suse.com/security/cve/CVE-2021-21126"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21126",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21126"
},
{
"cve": "CVE-2021-21127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21127"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21127",
"url": "https://www.suse.com/security/cve/CVE-2021-21127"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21127",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21127"
},
{
"cve": "CVE-2021-21128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21128"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21128",
"url": "https://www.suse.com/security/cve/CVE-2021-21128"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21128",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21128"
},
{
"cve": "CVE-2021-21129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21129"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21129",
"url": "https://www.suse.com/security/cve/CVE-2021-21129"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21129",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21129"
},
{
"cve": "CVE-2021-21130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21130"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21130",
"url": "https://www.suse.com/security/cve/CVE-2021-21130"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21130",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21130"
},
{
"cve": "CVE-2021-21131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21131"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21131",
"url": "https://www.suse.com/security/cve/CVE-2021-21131"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21131",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21131"
},
{
"cve": "CVE-2021-21132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21132"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21132",
"url": "https://www.suse.com/security/cve/CVE-2021-21132"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21132",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21132"
},
{
"cve": "CVE-2021-21133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21133"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21133",
"url": "https://www.suse.com/security/cve/CVE-2021-21133"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21133",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21133"
},
{
"cve": "CVE-2021-21134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21134"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21134",
"url": "https://www.suse.com/security/cve/CVE-2021-21134"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21134",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21134"
},
{
"cve": "CVE-2021-21135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21135"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21135",
"url": "https://www.suse.com/security/cve/CVE-2021-21135"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21135",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21135"
},
{
"cve": "CVE-2021-21136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21136"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21136",
"url": "https://www.suse.com/security/cve/CVE-2021-21136"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21136",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21136"
},
{
"cve": "CVE-2021-21137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21137"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21137",
"url": "https://www.suse.com/security/cve/CVE-2021-21137"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21137",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21137"
},
{
"cve": "CVE-2021-21138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21138"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21138",
"url": "https://www.suse.com/security/cve/CVE-2021-21138"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21138",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21138"
},
{
"cve": "CVE-2021-21139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21139"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21139",
"url": "https://www.suse.com/security/cve/CVE-2021-21139"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21139",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21139"
},
{
"cve": "CVE-2021-21140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21140"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21140",
"url": "https://www.suse.com/security/cve/CVE-2021-21140"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21140",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21140"
},
{
"cve": "CVE-2021-21141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21141"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21141",
"url": "https://www.suse.com/security/cve/CVE-2021-21141"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21141",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-88.0.4324.96-lp152.2.66.1.x86_64",
"openSUSE Leap 15.2:chromium-88.0.4324.96-lp152.2.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T13:37:23Z",
"details": "critical"
}
],
"title": "CVE-2021-21141"
}
]
}
OPENSUSE-SU-2021:0177-1
Vulnerability from csaf_opensuse - Published: 2021-01-27 19:24 - Updated: 2021-01-27 19:24Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Chromium was updated to 88.0.4324.96 boo#1181137
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome
- CVE-2021-21118: Insufficient data validation in V8
- CVE-2021-21119: Use after free in Media
- CVE-2021-21120: Use after free in WebSQL
- CVE-2021-21121: Use after free in Omnibox
- CVE-2021-21122: Use after free in Blink
- CVE-2021-21123: Insufficient data validation in File System API
- CVE-2021-21124: Potential user after free in Speech Recognizer
- CVE-2021-21125: Insufficient policy enforcement in File System API
- CVE-2020-16044: Use after free in WebRTC
- CVE-2021-21126: Insufficient policy enforcement in extensions
- CVE-2021-21127: Insufficient policy enforcement in extensions
- CVE-2021-21128: Heap buffer overflow in Blink
- CVE-2021-21129: Insufficient policy enforcement in File System API
- CVE-2021-21130: Insufficient policy enforcement in File System API
- CVE-2021-21131: Insufficient policy enforcement in File System API
- CVE-2021-21132: Inappropriate implementation in DevTools
- CVE-2021-21133: Insufficient policy enforcement in Downloads
- CVE-2021-21134: Incorrect security UI in Page Info
- CVE-2021-21135: Inappropriate implementation in Performance API
- CVE-2021-21136: Insufficient policy enforcement in WebView
- CVE-2021-21137: Inappropriate implementation in DevTools
- CVE-2021-21138: Use after free in DevTools
- CVE-2021-21139: Inappropriate implementation in iframe sandbox
- CVE-2021-21140: Uninitialized Use in USB
- CVE-2021-21141: Insufficient policy enforcement in File System API
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames: openSUSE-2021-177
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
84 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium was updated to 88.0.4324.96 boo#1181137\n\n- CVE-2021-21117: Insufficient policy enforcement in Cryptohome\n- CVE-2021-21118: Insufficient data validation in V8\n- CVE-2021-21119: Use after free in Media\n- CVE-2021-21120: Use after free in WebSQL\n- CVE-2021-21121: Use after free in Omnibox\n- CVE-2021-21122: Use after free in Blink\n- CVE-2021-21123: Insufficient data validation in File System API\n- CVE-2021-21124: Potential user after free in Speech Recognizer\n- CVE-2021-21125: Insufficient policy enforcement in File System API\n- CVE-2020-16044: Use after free in WebRTC\n- CVE-2021-21126: Insufficient policy enforcement in extensions\n- CVE-2021-21127: Insufficient policy enforcement in extensions\n- CVE-2021-21128: Heap buffer overflow in Blink\n- CVE-2021-21129: Insufficient policy enforcement in File System API\n- CVE-2021-21130: Insufficient policy enforcement in File System API\n- CVE-2021-21131: Insufficient policy enforcement in File System API\n- CVE-2021-21132: Inappropriate implementation in DevTools\n- CVE-2021-21133: Insufficient policy enforcement in Downloads\n- CVE-2021-21134: Incorrect security UI in Page Info\n- CVE-2021-21135: Inappropriate implementation in Performance API\n- CVE-2021-21136: Insufficient policy enforcement in WebView\n- CVE-2021-21137: Inappropriate implementation in DevTools\n- CVE-2021-21138: Use after free in DevTools\n- CVE-2021-21139: Inappropriate implementation in iframe sandbox\n- CVE-2021-21140: Uninitialized Use in USB\n- CVE-2021-21141: Insufficient policy enforcement in File System API\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-177",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0177-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0177-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VTDULA6C5LKSUE5KO6PVLSSHYEEXC2I4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0177-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VTDULA6C5LKSUE5KO6PVLSSHYEEXC2I4/"
},
{
"category": "self",
"summary": "SUSE Bug 1181137",
"url": "https://bugzilla.suse.com/1181137"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21117 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21118 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21119 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21120 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21121 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21124 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21126 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21127 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21128 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21129 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21130 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21131 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21132 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21133 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21134 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21135 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21136 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21137 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21139 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21140 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21141 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21141/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-01-27T19:24:31Z",
"generator": {
"date": "2021-01-27T19:24:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0177-1",
"initial_release_date": "2021-01-27T19:24:31Z",
"revision_history": [
{
"date": "2021-01-27T19:24:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"product": {
"name": "chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"product_id": "chromedriver-88.0.4324.96-bp151.3.156.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"product": {
"name": "chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"product_id": "chromium-88.0.4324.96-bp151.3.156.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"product": {
"name": "chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"product_id": "chromedriver-88.0.4324.96-bp151.3.156.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-88.0.4324.96-bp151.3.156.1.x86_64",
"product": {
"name": "chromium-88.0.4324.96-bp151.3.156.1.x86_64",
"product_id": "chromium-88.0.4324.96-bp151.3.156.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-88.0.4324.96-bp151.3.156.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64"
},
"product_reference": "chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-88.0.4324.96-bp151.3.156.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64"
},
"product_reference": "chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-88.0.4324.96-bp151.3.156.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64"
},
"product_reference": "chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-88.0.4324.96-bp151.3.156.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
},
"product_reference": "chromium-88.0.4324.96-bp151.3.156.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
},
{
"cve": "CVE-2021-21117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21117"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21117",
"url": "https://www.suse.com/security/cve/CVE-2021-21117"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21117",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21117"
},
{
"cve": "CVE-2021-21118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21118"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21118",
"url": "https://www.suse.com/security/cve/CVE-2021-21118"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21118",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21118"
},
{
"cve": "CVE-2021-21119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21119"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21119",
"url": "https://www.suse.com/security/cve/CVE-2021-21119"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21119",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21119"
},
{
"cve": "CVE-2021-21120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21120"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21120",
"url": "https://www.suse.com/security/cve/CVE-2021-21120"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21120",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21120"
},
{
"cve": "CVE-2021-21121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21121"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21121",
"url": "https://www.suse.com/security/cve/CVE-2021-21121"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21121",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21121"
},
{
"cve": "CVE-2021-21122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21122"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21122",
"url": "https://www.suse.com/security/cve/CVE-2021-21122"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21122",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21122"
},
{
"cve": "CVE-2021-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21123"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21123",
"url": "https://www.suse.com/security/cve/CVE-2021-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21123",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21123"
},
{
"cve": "CVE-2021-21124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21124"
}
],
"notes": [
{
"category": "general",
"text": "Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21124",
"url": "https://www.suse.com/security/cve/CVE-2021-21124"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21124",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21124"
},
{
"cve": "CVE-2021-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21125"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21125",
"url": "https://www.suse.com/security/cve/CVE-2021-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21125",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21125"
},
{
"cve": "CVE-2021-21126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21126"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21126",
"url": "https://www.suse.com/security/cve/CVE-2021-21126"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21126",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21126"
},
{
"cve": "CVE-2021-21127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21127"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21127",
"url": "https://www.suse.com/security/cve/CVE-2021-21127"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21127",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21127"
},
{
"cve": "CVE-2021-21128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21128"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21128",
"url": "https://www.suse.com/security/cve/CVE-2021-21128"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21128",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21128"
},
{
"cve": "CVE-2021-21129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21129"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21129",
"url": "https://www.suse.com/security/cve/CVE-2021-21129"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21129",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21129"
},
{
"cve": "CVE-2021-21130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21130"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21130",
"url": "https://www.suse.com/security/cve/CVE-2021-21130"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21130",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21130"
},
{
"cve": "CVE-2021-21131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21131"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21131",
"url": "https://www.suse.com/security/cve/CVE-2021-21131"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21131",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21131"
},
{
"cve": "CVE-2021-21132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21132"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21132",
"url": "https://www.suse.com/security/cve/CVE-2021-21132"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21132",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21132"
},
{
"cve": "CVE-2021-21133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21133"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21133",
"url": "https://www.suse.com/security/cve/CVE-2021-21133"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21133",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21133"
},
{
"cve": "CVE-2021-21134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21134"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21134",
"url": "https://www.suse.com/security/cve/CVE-2021-21134"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21134",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21134"
},
{
"cve": "CVE-2021-21135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21135"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21135",
"url": "https://www.suse.com/security/cve/CVE-2021-21135"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21135",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21135"
},
{
"cve": "CVE-2021-21136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21136"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21136",
"url": "https://www.suse.com/security/cve/CVE-2021-21136"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21136",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21136"
},
{
"cve": "CVE-2021-21137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21137"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21137",
"url": "https://www.suse.com/security/cve/CVE-2021-21137"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21137",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21137"
},
{
"cve": "CVE-2021-21138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21138"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21138",
"url": "https://www.suse.com/security/cve/CVE-2021-21138"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21138",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21138"
},
{
"cve": "CVE-2021-21139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21139"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21139",
"url": "https://www.suse.com/security/cve/CVE-2021-21139"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21139",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21139"
},
{
"cve": "CVE-2021-21140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21140"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21140",
"url": "https://www.suse.com/security/cve/CVE-2021-21140"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21140",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21140"
},
{
"cve": "CVE-2021-21141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21141"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21141",
"url": "https://www.suse.com/security/cve/CVE-2021-21141"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21141",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-88.0.4324.96-bp151.3.156.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-88.0.4324.96-bp151.3.156.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-27T19:24:31Z",
"details": "critical"
}
],
"title": "CVE-2021-21141"
}
]
}
OPENSUSE-SU-2021:0186-1
Vulnerability from csaf_opensuse - Published: 2021-01-28 23:26 - Updated: 2021-01-28 23:26Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
chromium was updated to 88.0.4324.96 boo#1181137
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome
- CVE-2021-21118: Insufficient data validation in V8
- CVE-2021-21119: Use after free in Media
- CVE-2021-21120: Use after free in WebSQL
- CVE-2021-21121: Use after free in Omnibox
- CVE-2021-21122: Use after free in Blink
- CVE-2021-21123: Insufficient data validation in File System API
- CVE-2021-21124: Potential user after free in Speech Recognizer
- CVE-2021-21125: Insufficient policy enforcement in File System API
- CVE-2020-16044: Use after free in WebRTC
- CVE-2021-21126: Insufficient policy enforcement in extensions
- CVE-2021-21127: Insufficient policy enforcement in extensions
- CVE-2021-21128: Heap buffer overflow in Blink
- CVE-2021-21129: Insufficient policy enforcement in File System API
- CVE-2021-21130: Insufficient policy enforcement in File System API
- CVE-2021-21131: Insufficient policy enforcement in File System API
- CVE-2021-21132: Inappropriate implementation in DevTools
- CVE-2021-21133: Insufficient policy enforcement in Downloads
- CVE-2021-21134: Incorrect security UI in Page Info
- CVE-2021-21135: Inappropriate implementation in Performance API
- CVE-2021-21136: Insufficient policy enforcement in WebView
- CVE-2021-21137: Inappropriate implementation in DevTools
- CVE-2021-21138: Use after free in DevTools
- CVE-2021-21139: Inappropriate implementation in iframe sandbox
- CVE-2021-21140: Uninitialized Use in USB
- CVE-2021-21141: Insufficient policy enforcement in File System API
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patchnames: openSUSE-2021-186
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
84 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nchromium was updated to 88.0.4324.96 boo#1181137\n\n- CVE-2021-21117: Insufficient policy enforcement in Cryptohome\n- CVE-2021-21118: Insufficient data validation in V8\n- CVE-2021-21119: Use after free in Media\n- CVE-2021-21120: Use after free in WebSQL\n- CVE-2021-21121: Use after free in Omnibox\n- CVE-2021-21122: Use after free in Blink\n- CVE-2021-21123: Insufficient data validation in File System API\n- CVE-2021-21124: Potential user after free in Speech Recognizer\n- CVE-2021-21125: Insufficient policy enforcement in File System API\n- CVE-2020-16044: Use after free in WebRTC\n- CVE-2021-21126: Insufficient policy enforcement in extensions\n- CVE-2021-21127: Insufficient policy enforcement in extensions\n- CVE-2021-21128: Heap buffer overflow in Blink\n- CVE-2021-21129: Insufficient policy enforcement in File System API\n- CVE-2021-21130: Insufficient policy enforcement in File System API\n- CVE-2021-21131: Insufficient policy enforcement in File System API\n- CVE-2021-21132: Inappropriate implementation in DevTools\n- CVE-2021-21133: Insufficient policy enforcement in Downloads\n- CVE-2021-21134: Incorrect security UI in Page Info\n- CVE-2021-21135: Inappropriate implementation in Performance API\n- CVE-2021-21136: Insufficient policy enforcement in WebView\n- CVE-2021-21137: Inappropriate implementation in DevTools\n- CVE-2021-21138: Use after free in DevTools\n- CVE-2021-21139: Inappropriate implementation in iframe sandbox\n- CVE-2021-21140: Uninitialized Use in USB\n- CVE-2021-21141: Insufficient policy enforcement in File System API\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-186",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0186-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0186-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0186-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TOOA23IRO3YBKSJ5CXVBQQVXGGHUF7QV/"
},
{
"category": "self",
"summary": "SUSE Bug 1181137",
"url": "https://bugzilla.suse.com/1181137"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21117 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21118 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21119 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21120 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21121 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21124 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21126 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21127 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21128 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21129 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21130 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21131 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21132 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21133 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21134 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21135 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21136 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21137 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21139 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21140 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21141 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21141/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-01-28T23:26:27Z",
"generator": {
"date": "2021-01-28T23:26:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0186-1",
"initial_release_date": "2021-01-28T23:26:27Z",
"revision_history": [
{
"date": "2021-01-28T23:26:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"product": {
"name": "chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"product_id": "chromedriver-88.0.4324.96-bp152.2.53.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"product": {
"name": "chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"product_id": "chromium-88.0.4324.96-bp152.2.53.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"product": {
"name": "chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"product_id": "chromedriver-88.0.4324.96-bp152.2.53.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-88.0.4324.96-bp152.2.53.1.x86_64",
"product": {
"name": "chromium-88.0.4324.96-bp152.2.53.1.x86_64",
"product_id": "chromium-88.0.4324.96-bp152.2.53.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP2",
"product": {
"name": "SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-88.0.4324.96-bp152.2.53.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64"
},
"product_reference": "chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-88.0.4324.96-bp152.2.53.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64"
},
"product_reference": "chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-88.0.4324.96-bp152.2.53.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64"
},
"product_reference": "chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-88.0.4324.96-bp152.2.53.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
},
"product_reference": "chromium-88.0.4324.96-bp152.2.53.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
},
{
"cve": "CVE-2021-21117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21117"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21117",
"url": "https://www.suse.com/security/cve/CVE-2021-21117"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21117",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21117"
},
{
"cve": "CVE-2021-21118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21118"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21118",
"url": "https://www.suse.com/security/cve/CVE-2021-21118"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21118",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21118"
},
{
"cve": "CVE-2021-21119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21119"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21119",
"url": "https://www.suse.com/security/cve/CVE-2021-21119"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21119",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21119"
},
{
"cve": "CVE-2021-21120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21120"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21120",
"url": "https://www.suse.com/security/cve/CVE-2021-21120"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21120",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21120"
},
{
"cve": "CVE-2021-21121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21121"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21121",
"url": "https://www.suse.com/security/cve/CVE-2021-21121"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21121",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21121"
},
{
"cve": "CVE-2021-21122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21122"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21122",
"url": "https://www.suse.com/security/cve/CVE-2021-21122"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21122",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21122"
},
{
"cve": "CVE-2021-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21123"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21123",
"url": "https://www.suse.com/security/cve/CVE-2021-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21123",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21123"
},
{
"cve": "CVE-2021-21124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21124"
}
],
"notes": [
{
"category": "general",
"text": "Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21124",
"url": "https://www.suse.com/security/cve/CVE-2021-21124"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21124",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21124"
},
{
"cve": "CVE-2021-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21125"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21125",
"url": "https://www.suse.com/security/cve/CVE-2021-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21125",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21125"
},
{
"cve": "CVE-2021-21126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21126"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21126",
"url": "https://www.suse.com/security/cve/CVE-2021-21126"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21126",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21126"
},
{
"cve": "CVE-2021-21127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21127"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21127",
"url": "https://www.suse.com/security/cve/CVE-2021-21127"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21127",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21127"
},
{
"cve": "CVE-2021-21128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21128"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21128",
"url": "https://www.suse.com/security/cve/CVE-2021-21128"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21128",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21128"
},
{
"cve": "CVE-2021-21129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21129"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21129",
"url": "https://www.suse.com/security/cve/CVE-2021-21129"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21129",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21129"
},
{
"cve": "CVE-2021-21130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21130"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21130",
"url": "https://www.suse.com/security/cve/CVE-2021-21130"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21130",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21130"
},
{
"cve": "CVE-2021-21131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21131"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21131",
"url": "https://www.suse.com/security/cve/CVE-2021-21131"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21131",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21131"
},
{
"cve": "CVE-2021-21132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21132"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21132",
"url": "https://www.suse.com/security/cve/CVE-2021-21132"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21132",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21132"
},
{
"cve": "CVE-2021-21133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21133"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21133",
"url": "https://www.suse.com/security/cve/CVE-2021-21133"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21133",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21133"
},
{
"cve": "CVE-2021-21134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21134"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21134",
"url": "https://www.suse.com/security/cve/CVE-2021-21134"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21134",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21134"
},
{
"cve": "CVE-2021-21135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21135"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21135",
"url": "https://www.suse.com/security/cve/CVE-2021-21135"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21135",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21135"
},
{
"cve": "CVE-2021-21136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21136"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21136",
"url": "https://www.suse.com/security/cve/CVE-2021-21136"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21136",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21136"
},
{
"cve": "CVE-2021-21137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21137"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21137",
"url": "https://www.suse.com/security/cve/CVE-2021-21137"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21137",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21137"
},
{
"cve": "CVE-2021-21138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21138"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21138",
"url": "https://www.suse.com/security/cve/CVE-2021-21138"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21138",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21138"
},
{
"cve": "CVE-2021-21139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21139"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21139",
"url": "https://www.suse.com/security/cve/CVE-2021-21139"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21139",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21139"
},
{
"cve": "CVE-2021-21140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21140"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21140",
"url": "https://www.suse.com/security/cve/CVE-2021-21140"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21140",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21140"
},
{
"cve": "CVE-2021-21141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21141"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21141",
"url": "https://www.suse.com/security/cve/CVE-2021-21141"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2021-21141",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromedriver-88.0.4324.96-bp152.2.53.1.x86_64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.aarch64",
"SUSE Package Hub 15 SP2:chromium-88.0.4324.96-bp152.2.53.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T23:26:27Z",
"details": "critical"
}
],
"title": "CVE-2021-21141"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…