Security Information / 2021 / Security Information -- DSA-4911-1 chromium

Debian Security Advisory

DSA-4911-1 chromium -- security update

Date Reported:

03 May 2021

Affected Packages:

chromium

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2021-21227, CVE-2021-21228, CVE-2021-21229, CVE-2021-21230, CVE-2021-21231, CVE-2021-21232, CVE-2021-21233.

More information:

Several vulnerabilities have been discovered in the chromium web browser.

• CVE-2021-21227

  Gengming Liu discovered a data validation issue in the v8 javascript library.

• CVE-2021-21228

  Rob Wu discovered a policy enforcement error.

• CVE-2021-21229

  Mohit Raj discovered a user interface error in the file downloader.

• CVE-2021-21230

  Manfred Paul discovered use of an incorrect type.

• CVE-2021-21231

  Sergei Glazunov discovered a data validation issue in the v8 javascript library.

• CVE-2021-21232

  Abdulrahman Alqabandi discovered a use-after-free issue in the developer tools.

• CVE-2021-21233

  Omair discovered a buffer overflow issue in the ANGLE library.

For the stable distribution (buster), these problems have been fixed in version 90.0.4430.93-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium