Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-30555 (GCVE-0-2021-30555)
Vulnerability from cvelistv5 – Published: 2021-07-02 18:45 – Updated: 2024-08-03 22:32
VLAI
EPSS
Summary
Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.
Severity
No CVSS data available.
CWE
- Use after free
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://chromereleases.googleblog.com/2021/06/sta… | x_refsource_MISC |
| https://crbug.com/1215029 | x_refsource_MISC |
| https://security.gentoo.org/glsa/202107-06 | vendor-advisoryx_refsource_GENTOO |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1215029"
},
{
"name": "GLSA-202107-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-06"
},
{
"name": "FEDORA-2021-f94dadff78",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"name": "FEDORA-2021-ca58c57bdf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "91.0.4472.114",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-18T02:06:31.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1215029"
},
{
"name": "GLSA-202107-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-06"
},
{
"name": "FEDORA-2021-f94dadff78",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"name": "FEDORA-2021-ca58c57bdf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-30555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.0.4472.114"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html"
},
{
"name": "https://crbug.com/1215029",
"refsource": "MISC",
"url": "https://crbug.com/1215029"
},
{
"name": "GLSA-202107-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-06"
},
{
"name": "FEDORA-2021-f94dadff78",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"name": "FEDORA-2021-ca58c57bdf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2021-30555",
"datePublished": "2021-07-02T18:45:17.000Z",
"dateReserved": "2021-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:41.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-30555",
"date": "2026-05-27",
"epss": "0.00294",
"percentile": "0.52807"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-30555\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2021-07-02T19:15:07.943\",\"lastModified\":\"2024-11-21T06:04:10.390\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.\"},{\"lang\":\"es\",\"value\":\"Un uso de memoria previamente liberada en Sharing en Google Chrome versiones anteriores a 91.0.4472.114, permit\u00eda a un atacante que convenci\u00f3 a un usuario de instalar una extensi\u00f3n maliciosa explotar potencialmente la corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada y un gesto del usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"91.0.4472.114\",\"matchCriteriaId\":\"8DDC3077-9717-45B8-A457-576AC13DCDCF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1215029\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/202107-06\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1215029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
BDU:2021-03576
Vulnerability from fstec - Published: 01.06.2021
VLAI
Title
Уязвимость расширения Screen Sharing браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость расширения Screen Sharing браузера Google Chrome связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании с помощью специально созданной HTML-страницы
Severity
Vendor
ООО «РусБИТех-Астра», Novell Inc., Fedora Project, Google Inc, Microsoft Corp, АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Fedora, Google Chrome, Microsoft Edge, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 15.2 (OpenSUSE Leap), 33 (Fedora), 15.2 NonFree (OpenSUSE Leap), 34 (Fedora), 15.3 (OpenSUSE Leap), до 91.0.4472.114 (Google Chrome), до 91.0.864.54 (Microsoft Edge), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (Альт 8 СП), до 2.3 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Google Chrome:
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/
https://bodhi.fedoraproject.org/updates/FEDORA-2021-689d9fd1dc
Для Microsoft Edge:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555
Для продуктов Novell Inc.:
https://www.suse.com/zh-cn/security/cve/CVE-2021-30555/
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для ОСОН Основа:
Обновление программного обеспечения chromium до версии 94.0.4606.81+repack-1osnova1.1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
https://crbug.com/1215029
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/
https://security.gentoo.org/glsa/202107-06
https://xakep.ru/2021/06/18/cve-2021-30554/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555
https://nvd.nist.gov/vuln/detail/CVE-2021-30555
https://bugzilla.redhat.com/show_bug.cgi?id=1973548
https://bugzilla.redhat.com/show_bug.cgi?id=1973551
https://bodhi.fedoraproject.org/updates/FEDORA-2021-689d9fd1dc
https://www.suse.com/zh-cn/security/cve/CVE-2021-30555/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.3/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Fedora Project, Google Inc, Microsoft Corp, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.2 (OpenSUSE Leap), 33 (Fedora), 15.2 NonFree (OpenSUSE Leap), 34 (Fedora), 15.3 (OpenSUSE Leap), \u0434\u043e 91.0.4472.114 (Google Chrome), \u0434\u043e 91.0.864.54 (Microsoft Edge), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.3 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/\t\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2021-689d9fd1dc\n\n\u0414\u043b\u044f Microsoft Edge:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/zh-cn/security/cve/CVE-2021-30555/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 94.0.4606.81+repack-1osnova1.1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.06.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.07.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03576",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-30555",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Fedora, Google Chrome, Microsoft Edge, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.2 , Fedora Project Fedora 33 , Novell Inc. OpenSUSE Leap 15.2 NonFree , Fedora Project Fedora 34 , Novell Inc. OpenSUSE Leap 15.3 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f Screen Sharing \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f Screen Sharing \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\t\nhttps://crbug.com/1215029\t\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/\t\nhttps://security.gentoo.org/glsa/202107-06\nhttps://xakep.ru/2021/06/18/cve-2021-30554/\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30555\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1973548\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1973551\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2021-689d9fd1dc\nhttps://www.suse.com/zh-cn/security/cve/CVE-2021-30555/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.3/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CERTFR-2021-AVI-473
Vulnerability from certfr_avis - Published: 2021-06-18 - Updated: 2023-01-11
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 91.0.4472.114",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30556"
},
{
"name": "CVE-2021-30555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30555"
},
{
"name": "CVE-2021-30557",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30557"
},
{
"name": "CVE-2021-30554",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30554"
}
],
"initial_release_date": "2021-06-18T00:00:00",
"last_revision_date": "2023-01-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 17 juin 2021",
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html"
}
],
"reference": "CERTFR-2021-AVI-473",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-18T00:00:00.000000"
},
{
"description": "suppression de la CVE CVE-2021-21997 qui n\u0027est pas li\u00e9e \u00e0 ce produit.",
"revision_date": "2021-06-21T00:00:00.000000"
},
{
"description": "Correction coquille.",
"revision_date": "2023-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 17 juin 2021",
"url": null
}
]
}
CERTFR-2021-AVI-476
Vulnerability from certfr_avis - Published: 2021-06-21 - Updated: 2021-06-21
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge (Chromium-based) versions ant\u00e9rieures \u00e0 91.0.864.54",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30556"
},
{
"name": "CVE-2021-30555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30555"
},
{
"name": "CVE-2021-30557",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30557"
},
{
"name": "CVE-2021-30554",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30554"
}
],
"initial_release_date": "2021-06-21T00:00:00",
"last_revision_date": "2021-06-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-476",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-30555 du 18 juin 2021",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-30557 du 18 juin 2021",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30557"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-30554 du 18 juin 2021",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30554"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-30556 du 18 juin 2021",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30556"
}
]
}
CNVD-2021-45148
Vulnerability from cnvd - Published: 2021-06-26
VLAI
Title
Google Chrome释放后重用漏洞(CNVD-2021-45148)
Description
Chrome是由Google开发的一款设计简单、高效的Web浏览工具,其特点是简洁、快速。
Google Chrome 91.0.4472.114之前版本中的Sharing存在释放后重用漏洞。目前没有详细的漏洞细节提供。
Severity
高
Patch Name
Google Chrome释放后重用漏洞(CNVD-2021-45148)的补丁
Patch Description
Chrome是由Google开发的一款设计简单、高效的Web浏览工具,其特点是简洁、快速。
Google Chrome 91.0.4472.114之前版本中的Sharing存在释放后重用漏洞。目前没有详细的漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
Reference
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
Impacted products
| Name | Google Chrome <91.0.4472.114 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-30555",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-30555"
}
},
"description": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\n\nGoogle Chrome 91.0.4472.114\u4e4b\u524d\u7248\u672c\u4e2d\u7684Sharing\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-45148",
"openTime": "2021-06-26",
"patchDescription": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\r\n\r\nGoogle Chrome 91.0.4472.114\u4e4b\u524d\u7248\u672c\u4e2d\u7684Sharing\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff08CNVD-2021-45148\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c91.0.4472.114"
},
"referenceLink": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html",
"serverity": "\u9ad8",
"submitTime": "2021-06-18",
"title": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff08CNVD-2021-45148\uff09"
}
FKIE_CVE-2021-30555
Vulnerability from fkie_nvd - Published: 2021-07-02 19:15 - Updated: 2024-11-21 06:04
Severity
Summary
Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDC3077-9717-45B8-A457-576AC13DCDCF",
"versionEndExcluding": "91.0.4472.114",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture."
},
{
"lang": "es",
"value": "Un uso de memoria previamente liberada en Sharing en Google Chrome versiones anteriores a 91.0.4472.114, permit\u00eda a un atacante que convenci\u00f3 a un usuario de instalar una extensi\u00f3n maliciosa explotar potencialmente la corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada y un gesto del usuario"
}
],
"id": "CVE-2021-30555",
"lastModified": "2024-11-21T06:04:10.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-02T19:15:07.943",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1215029"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1215029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-06"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-P563-P765-777J
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details
Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.
{
"affected": [],
"aliases": [
"CVE-2021-30555"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-02T19:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.",
"id": "GHSA-p563-p765-777j",
"modified": "2022-05-24T19:06:50Z",
"published": "2022-05-24T19:06:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30555"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1215029"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-06"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2021-30555
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-30555",
"description": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.",
"id": "GSD-2021-30555",
"references": [
"https://www.suse.com/security/cve/CVE-2021-30555.html",
"https://security.archlinux.org/CVE-2021-30555"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-30555"
],
"details": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.",
"id": "GSD-2021-30555",
"modified": "2023-12-13T01:23:31.703766Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-30555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.0.4472.114"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html"
},
{
"name": "https://crbug.com/1215029",
"refsource": "MISC",
"url": "https://crbug.com/1215029"
},
{
"name": "GLSA-202107-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-06"
},
{
"name": "FEDORA-2021-f94dadff78",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"name": "FEDORA-2021-ca58c57bdf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "91.0.4472.114",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-30555"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1215029",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1215029"
},
{
"name": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html"
},
{
"name": "GLSA-202107-06",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-06"
},
{
"name": "FEDORA-2021-f94dadff78",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/"
},
{
"name": "FEDORA-2021-ca58c57bdf",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-09-20T18:55Z",
"publishedDate": "2021-07-02T19:15Z"
}
}
}
OPENSUSE-SU-2021:0898-1
Vulnerability from csaf_opensuse - Published: 2021-06-21 13:58 - Updated: 2021-06-21 13:58Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Chromium 91.0.4472.114 (boo#1187481)
* CVE-2021-30554: Use after free in WebGL
* CVE-2021-30555: Use after free in Sharing
* CVE-2021-30556: Use after free in WebAudio
* CVE-2021-30557: Use after free in TabGroups
Chromium 91.0.4472.106
* Fix use-after-free in SendTabToSelfSubMenuModel
* Destroy system-token NSSCertDatabase on the IO thread
Patchnames: openSUSE-2021-898
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium 91.0.4472.114 (boo#1187481)\n\n* CVE-2021-30554: Use after free in WebGL\n* CVE-2021-30555: Use after free in Sharing\n* CVE-2021-30556: Use after free in WebAudio\n* CVE-2021-30557: Use after free in TabGroups\n\nChromium 91.0.4472.106\n\n* Fix use-after-free in SendTabToSelfSubMenuModel\n* Destroy system-token NSSCertDatabase on the IO thread\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-898",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0898-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0898-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JRQS6E56EGURN6VSX6LRCTP5WHICGNXR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0898-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JRQS6E56EGURN6VSX6LRCTP5WHICGNXR/"
},
{
"category": "self",
"summary": "SUSE Bug 1187481",
"url": "https://bugzilla.suse.com/1187481"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30554 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30555 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30556 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30557 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30557/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-06-21T13:58:27Z",
"generator": {
"date": "2021-06-21T13:58:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0898-1",
"initial_release_date": "2021-06-21T13:58:27Z",
"revision_history": [
{
"date": "2021-06-21T13:58:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"product": {
"name": "chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"product_id": "chromedriver-91.0.4472.114-lp152.2.107.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-91.0.4472.114-lp152.2.107.1.x86_64",
"product": {
"name": "chromium-91.0.4472.114-lp152.2.107.1.x86_64",
"product_id": "chromium-91.0.4472.114-lp152.2.107.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-91.0.4472.114-lp152.2.107.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64"
},
"product_reference": "chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-91.0.4472.114-lp152.2.107.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
},
"product_reference": "chromium-91.0.4472.114-lp152.2.107.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30554"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30554",
"url": "https://www.suse.com/security/cve/CVE-2021-30554"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30554",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-21T13:58:27Z",
"details": "important"
}
],
"title": "CVE-2021-30554"
},
{
"cve": "CVE-2021-30555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30555"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30555",
"url": "https://www.suse.com/security/cve/CVE-2021-30555"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30555",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-21T13:58:27Z",
"details": "important"
}
],
"title": "CVE-2021-30555"
},
{
"cve": "CVE-2021-30556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30556"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30556",
"url": "https://www.suse.com/security/cve/CVE-2021-30556"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30556",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-21T13:58:27Z",
"details": "important"
}
],
"title": "CVE-2021-30556"
},
{
"cve": "CVE-2021-30557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30557"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30557",
"url": "https://www.suse.com/security/cve/CVE-2021-30557"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30557",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-91.0.4472.114-lp152.2.107.1.x86_64",
"openSUSE Leap 15.2:chromium-91.0.4472.114-lp152.2.107.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-21T13:58:27Z",
"details": "important"
}
],
"title": "CVE-2021-30557"
}
]
}
OPENSUSE-SU-2021:0938-1
Vulnerability from csaf_opensuse - Published: 2021-06-28 13:09 - Updated: 2021-06-28 13:09Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Chromium 91.0.4472.114 (boo#1187481)
* CVE-2021-30554: Use after free in WebGL
* CVE-2021-30555: Use after free in Sharing
* CVE-2021-30556: Use after free in WebAudio
* CVE-2021-30557: Use after free in TabGroups
* CVE-2021-30544: Use after free in BFCache
* CVE-2021-30545: Use after free in Extensions
* CVE-2021-30546: Use after free in Autofill
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-30548: Use after free in Loader
* CVE-2021-30549: Use after free in Spell check
* CVE-2021-30550: Use after free in Accessibility
* CVE-2021-30551: Type Confusion in V8
* CVE-2021-30552: Use after free in Extensions
* CVE-2021-30553: Use after free in Network service
* Fix use-after-free in SendTabToSelfSubMenuModel
* Destroy system-token NSSCertDatabase on the IO thread
* Various fixes from internal audits, fuzzing and other initiatives
Patchnames: openSUSE-2021-938
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium 91.0.4472.114 (boo#1187481)\n\n* CVE-2021-30554: Use after free in WebGL\n* CVE-2021-30555: Use after free in Sharing\n* CVE-2021-30556: Use after free in WebAudio\n* CVE-2021-30557: Use after free in TabGroups\n* CVE-2021-30544: Use after free in BFCache\n* CVE-2021-30545: Use after free in Extensions\n* CVE-2021-30546: Use after free in Autofill\n* CVE-2021-30547: Out of bounds write in ANGLE\n* CVE-2021-30548: Use after free in Loader\n* CVE-2021-30549: Use after free in Spell check\n* CVE-2021-30550: Use after free in Accessibility\n* CVE-2021-30551: Type Confusion in V8\n* CVE-2021-30552: Use after free in Extensions\n* CVE-2021-30553: Use after free in Network service\n* Fix use-after-free in SendTabToSelfSubMenuModel\n* Destroy system-token NSSCertDatabase on the IO thread\n* Various fixes from internal audits, fuzzing and other initiatives\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-938",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0938-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0938-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0938-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/"
},
{
"category": "self",
"summary": "SUSE Bug 1187141",
"url": "https://bugzilla.suse.com/1187141"
},
{
"category": "self",
"summary": "SUSE Bug 1187481",
"url": "https://bugzilla.suse.com/1187481"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30544 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30545 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30546 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30547 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30548 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30549 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30550 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30551 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30551/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30552 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30553 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30554 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30555 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30556 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30557 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30557/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-06-28T13:09:47Z",
"generator": {
"date": "2021-06-28T13:09:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0938-1",
"initial_release_date": "2021-06-28T13:09:47Z",
"revision_history": [
{
"date": "2021-06-28T13:09:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"product": {
"name": "chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"product_id": "chromedriver-91.0.4472.114-bp153.2.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"product": {
"name": "chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"product_id": "chromium-91.0.4472.114-bp153.2.13.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"product": {
"name": "chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"product_id": "chromedriver-91.0.4472.114-bp153.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"product": {
"name": "chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"product_id": "chromium-91.0.4472.114-bp153.2.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64"
},
"product_reference": "chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64"
},
"product_reference": "chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-91.0.4472.114-bp153.2.13.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64"
},
"product_reference": "chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-91.0.4472.114-bp153.2.13.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
},
"product_reference": "chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-91.0.4472.114-bp153.2.13.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64"
},
"product_reference": "chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-91.0.4472.114-bp153.2.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64"
},
"product_reference": "chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-91.0.4472.114-bp153.2.13.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64"
},
"product_reference": "chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-91.0.4472.114-bp153.2.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
},
"product_reference": "chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30544"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30544",
"url": "https://www.suse.com/security/cve/CVE-2021-30544"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30544",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30544"
},
{
"cve": "CVE-2021-30545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30545"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30545",
"url": "https://www.suse.com/security/cve/CVE-2021-30545"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30545",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30545"
},
{
"cve": "CVE-2021-30546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30546"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30546",
"url": "https://www.suse.com/security/cve/CVE-2021-30546"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30546",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30546"
},
{
"cve": "CVE-2021-30547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30547"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30547",
"url": "https://www.suse.com/security/cve/CVE-2021-30547"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1187141"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30547"
},
{
"cve": "CVE-2021-30548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30548"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30548",
"url": "https://www.suse.com/security/cve/CVE-2021-30548"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30548",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30548"
},
{
"cve": "CVE-2021-30549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30549"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30549",
"url": "https://www.suse.com/security/cve/CVE-2021-30549"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30549",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30549"
},
{
"cve": "CVE-2021-30550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30550"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30550",
"url": "https://www.suse.com/security/cve/CVE-2021-30550"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30550",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30550"
},
{
"cve": "CVE-2021-30551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30551"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30551",
"url": "https://www.suse.com/security/cve/CVE-2021-30551"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30551",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30551"
},
{
"cve": "CVE-2021-30552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30552"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30552",
"url": "https://www.suse.com/security/cve/CVE-2021-30552"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30552",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30552"
},
{
"cve": "CVE-2021-30553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30553"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30553",
"url": "https://www.suse.com/security/cve/CVE-2021-30553"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30553",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30553"
},
{
"cve": "CVE-2021-30554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30554"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30554",
"url": "https://www.suse.com/security/cve/CVE-2021-30554"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30554",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30554"
},
{
"cve": "CVE-2021-30555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30555"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30555",
"url": "https://www.suse.com/security/cve/CVE-2021-30555"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30555",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30555"
},
{
"cve": "CVE-2021-30556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30556"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30556",
"url": "https://www.suse.com/security/cve/CVE-2021-30556"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30556",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30556"
},
{
"cve": "CVE-2021-30557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30557"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30557",
"url": "https://www.suse.com/security/cve/CVE-2021-30557"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30557",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromedriver-91.0.4472.114-bp153.2.13.1.x86_64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.aarch64",
"openSUSE Leap 15.3:chromium-91.0.4472.114-bp153.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:09:47Z",
"details": "important"
}
],
"title": "CVE-2021-30557"
}
]
}
OPENSUSE-SU-2021:0948-1
Vulnerability from csaf_opensuse - Published: 2021-07-01 10:06 - Updated: 2021-07-01 10:06Summary
Security update for opera
Severity
Important
Notes
Title of the patch: Security update for opera
Description of the patch: This update for opera fixes the following issues:
Update to version 77.0.4054.146
- CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114
- DNA-92171 Create active linkdiscovery service
- DNA-92388 Fix and unskip WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible
- DNA-93101 Tabs are being snoozed when tab snoozing is disabled
- DNA-93386 Update pinboard view when item changes
- DNA-93448 Make browser ready for Developer release
- DNA-93491 Fix failing tests after enabling #pinboard flag
- DNA-93498 Add additional music services
- DNA-93503 Blank popup on clicking toolbar icon with popup open
- DNA-93561 Do not allow zoom different from 100% in Pinboard popup
- DNA-93637 ctrl+9 shortcut is inconsistent with other browsers
- DNA-93644 Create route for `import open tabs` to `pinboard`
- DNA-93664 Adapt popup to design
- DNA-93702 Turn on flags on developer
- DNA-93737 [Pinboard] Remove Mock API
- DNA-93745 Unable to open the popup after opening it several times
- DNA-93776 Popup closes and reopens when clicking the toolbar button
- DNA-93786 DCHECK after opening popup
- DNA-93802 Crash at views::Widget::GetNativeView() const
- DNA-93810 Add pinboard icon to sidebar
- DNA-93825 Add pinboard to Opera menu
- DNA-93833 [Player] Implement seeking for new services
- DNA-93845 Do not log output of snapcraft on console
- DNA-93864 Create feature flag for start page sync banner
- DNA-93865 Implement start page banner
- DNA-93867 Use version from package instead of repository
- DNA-93878 [Player] Crash when current player service becomes
unavailable when user location changes
- DNA-93953 ‘Send image to Pinboard’ has the wrong position
in the context menu
- DNA-93987 Disable zooming popup contents like in other popups
- DNA-93989 Change internal URL to opera://pinboards
- DNA-93990 Update strings to reflect new standards
- DNA-93992 Add Pinboards to Opera settings
- DNA-93993 Pinboard translations from Master
- DNA-94011 Enable feature flags for Reborn 5 on stable
- DNA-94019 Add a direct link to settings
- DNA-94088 Internal pages provoke not saving other pages to
the Pinboard
- DNA-94111 [O77] Sidebar setup does not open
- DNA-94139 Crash at
opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget()
- The update to chromium 91.0.4472.114 fixes following issues:
CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557
CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547,
CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551,
CVE-2021-30552, CVE-2021-30553
Patchnames: openSUSE-2021-948
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
47 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\nUpdate to version 77.0.4054.146\n\n - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114\n - DNA-92171 Create active linkdiscovery service\n - DNA-92388 Fix and unskip WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible\n - DNA-93101 Tabs are being snoozed when tab snoozing is disabled\n - DNA-93386 Update pinboard view when item changes\n - DNA-93448 Make browser ready for Developer release\n - DNA-93491 Fix failing tests after enabling #pinboard flag\n - DNA-93498 Add additional music services\n - DNA-93503 Blank popup on clicking toolbar icon with popup open\n - DNA-93561 Do not allow zoom different from 100% in Pinboard popup\n - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers\n - DNA-93644 Create route for `import open tabs` to `pinboard`\n - DNA-93664 Adapt popup to design\n - DNA-93702 Turn on flags on developer\n - DNA-93737 [Pinboard] Remove Mock API\n - DNA-93745 Unable to open the popup after opening it several times\n - DNA-93776 Popup closes and reopens when clicking the toolbar button\n - DNA-93786 DCHECK after opening popup\n - DNA-93802 Crash at views::Widget::GetNativeView() const\n - DNA-93810 Add pinboard icon to sidebar\n - DNA-93825 Add pinboard to Opera menu\n - DNA-93833 [Player] Implement seeking for new services\n - DNA-93845 Do not log output of snapcraft on console\n - DNA-93864 Create feature flag for start page sync banner\n - DNA-93865 Implement start page banner\n - DNA-93867 Use version from package instead of repository\n - DNA-93878 [Player] Crash when current player service becomes\n unavailable when user location changes\n - DNA-93953 \u2018Send image to Pinboard\u2019 has the wrong position\n in the context menu\n - DNA-93987 Disable zooming popup contents like in other popups\n - DNA-93989 Change internal URL to opera://pinboards\n - DNA-93990 Update strings to reflect new standards\n - DNA-93992 Add Pinboards to Opera settings\n - DNA-93993 Pinboard translations from Master\n - DNA-94011 Enable feature flags for Reborn 5 on stable\n - DNA-94019 Add a direct link to settings\n - DNA-94088 Internal pages provoke not saving other pages to\n the Pinboard\n - DNA-94111 [O77] Sidebar setup does not open\n - DNA-94139 Crash at \n opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget()\n- The update to chromium 91.0.4472.114 fixes following issues:\n CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557\n CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547, \n CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551,\n CVE-2021-30552, CVE-2021-30553\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-948",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0948-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0948-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0948-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30544 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30545 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30546 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30547 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30548 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30549 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30550 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30551 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30551/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30552 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30553 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30554 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30555 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30556 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30557 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30557/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2021-07-01T10:06:32Z",
"generator": {
"date": "2021-07-01T10:06:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0948-1",
"initial_release_date": "2021-07-01T10:06:32Z",
"revision_history": [
{
"date": "2021-07-01T10:06:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-77.0.4054.146-lp153.2.6.1.x86_64",
"product": {
"name": "opera-77.0.4054.146-lp153.2.6.1.x86_64",
"product_id": "opera-77.0.4054.146-lp153.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3 NonFree",
"product": {
"name": "openSUSE Leap 15.3 NonFree",
"product_id": "openSUSE Leap 15.3 NonFree",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-77.0.4054.146-lp153.2.6.1.x86_64 as component of openSUSE Leap 15.3 NonFree",
"product_id": "openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
},
"product_reference": "opera-77.0.4054.146-lp153.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30544"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30544",
"url": "https://www.suse.com/security/cve/CVE-2021-30544"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30544",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30544"
},
{
"cve": "CVE-2021-30545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30545"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30545",
"url": "https://www.suse.com/security/cve/CVE-2021-30545"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30545",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30545"
},
{
"cve": "CVE-2021-30546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30546"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30546",
"url": "https://www.suse.com/security/cve/CVE-2021-30546"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30546",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30546"
},
{
"cve": "CVE-2021-30547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30547"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30547",
"url": "https://www.suse.com/security/cve/CVE-2021-30547"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1187141"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30547"
},
{
"cve": "CVE-2021-30548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30548"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30548",
"url": "https://www.suse.com/security/cve/CVE-2021-30548"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30548",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30548"
},
{
"cve": "CVE-2021-30549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30549"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30549",
"url": "https://www.suse.com/security/cve/CVE-2021-30549"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30549",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30549"
},
{
"cve": "CVE-2021-30550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30550"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30550",
"url": "https://www.suse.com/security/cve/CVE-2021-30550"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30550",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30550"
},
{
"cve": "CVE-2021-30551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30551"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30551",
"url": "https://www.suse.com/security/cve/CVE-2021-30551"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30551",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30551"
},
{
"cve": "CVE-2021-30552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30552"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30552",
"url": "https://www.suse.com/security/cve/CVE-2021-30552"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30552",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30552"
},
{
"cve": "CVE-2021-30553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30553"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30553",
"url": "https://www.suse.com/security/cve/CVE-2021-30553"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30553",
"url": "https://bugzilla.suse.com/1187141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30553"
},
{
"cve": "CVE-2021-30554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30554"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30554",
"url": "https://www.suse.com/security/cve/CVE-2021-30554"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30554",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30554"
},
{
"cve": "CVE-2021-30555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30555"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30555",
"url": "https://www.suse.com/security/cve/CVE-2021-30555"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30555",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30555"
},
{
"cve": "CVE-2021-30556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30556"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30556",
"url": "https://www.suse.com/security/cve/CVE-2021-30556"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30556",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30556"
},
{
"cve": "CVE-2021-30557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30557"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30557",
"url": "https://www.suse.com/security/cve/CVE-2021-30557"
},
{
"category": "external",
"summary": "SUSE Bug 1187481 for CVE-2021-30557",
"url": "https://bugzilla.suse.com/1187481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-01T10:06:32Z",
"details": "important"
}
],
"title": "CVE-2021-30557"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…