Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian: Security Advisory for chromium (DSA-4906-1)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

1 year ago

Modified

Modified

1 year ago

Summary

The remote host is missing an update for the 'chromium' package(s) announced via the DSA-4906-1 advisory.

Insight

Insight

Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue. CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions. CVE-2021-21203 asnine discovered a use-after-free issue in Blink/Webkit. CVE-2021-21204 Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a use-after-free issue in Blink/Webkit. CVE-2021-21205 Alison Huffman discovered a policy enforcement error. CVE-2021-21207 koocola and Nan Wang discovered a use-after-free in the indexed database. CVE-2021-21208 Ahmed Elsobky discovered a data validation error in the QR code scanner. CVE-2021-21209 Tom Van Goethem discovered an implementation error in the Storage API. CVE-2021-21210 @bananabr discovered an error in the networking implementation. CVE-2021-21211 Akash Labade discovered an error in the navigation implementation. CVE-2021-21212 Hugo Hue and Sze Yui Chau discovered an error in the network configuration user interface. CVE-2021-21213 raven discovered a use-after-free issue in the WebMIDI implementation. CVE-2021-21214 A use-after-free issue was discovered in the networking implementation. CVE-2021-21215 Abdulrahman Alqabandi discovered an error in the Autofill feature. CVE-2021-21216 Abdulrahman Alqabandi discovered an error in the Autofill feature. CVE-2021-21217 Zhou Aiting discovered use of uninitialized memory in the pdfium library. CVE-2021-21218 Zhou Aiting discovered use of uninitialized memory in the pdfium library. CVE-2021-21219 Zhou Aiting discovered use of uninitialized memory in the pdfium library. CVE-2021-21221 Guang Gong discovered insufficient validation of untrusted input. CVE-2021-21222 Guang Gong discovered a buffer overflow issue in the v8 javascript library. CVE-2021-21223 Guang Gong discovered an integer overflow issue. CVE-2021-21224 Jose Martinez discovered a type error in the v8 javascript library. CVE-2021-21225 Brendon Tiszka discovered an out-of-bounds memory access issue in the v8 javascript library. CVE-2021-21226 Brendon Tiszka discovered a use-after-free issue in the networking implementation.

Affected Software

Affected Software

'chromium' package(s) on Debian Linux.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

For the stable distribution (buster), these problems have been fixed in version 90.0.4430.85-1~deb10u1. We recommend that you upgrade your chromium packages.