Vulnerability from csaf_opensuse
Published
2021-03-08 07:13
Modified
2021-03-08 07:13
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium fixes the following issues:
Update to 89.0.4389.72 (boo#1182358, boo#1182960):
- CVE-2021-21159: Heap buffer overflow in TabStrip.
- CVE-2021-21160: Heap buffer overflow in WebAudio.
- CVE-2021-21161: Heap buffer overflow in TabStrip.
- CVE-2021-21162: Use after free in WebRTC.
- CVE-2021-21163: Insufficient data validation in Reader Mode.
- CVE-2021-21164: Insufficient data validation in Chrome for iOS.
- CVE-2021-21165: Object lifecycle issue in audio.
- CVE-2021-21166: Object lifecycle issue in audio.
- CVE-2021-21167: Use after free in bookmarks.
- CVE-2021-21168: Insufficient policy enforcement in appcache.
- CVE-2021-21169: Out of bounds memory access in V8.
- CVE-2021-21170: Incorrect security UI in Loader.
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
- CVE-2021-21172: Insufficient policy enforcement in File System API.
- CVE-2021-21173: Side-channel information leakage in Network Internals.
- CVE-2021-21174: Inappropriate implementation in Referrer.
- CVE-2021-21175: Inappropriate implementation in Site isolation.
- CVE-2021-21176: Inappropriate implementation in full screen mode.
- CVE-2021-21177: Insufficient policy enforcement in Autofill.
- CVE-2021-21178: Inappropriate implementation in Compositing.
- CVE-2021-21179: Use after free in Network Internals.
- CVE-2021-21180: Use after free in tab search.
- CVE-2020-27844: Heap buffer overflow in OpenJPEG.
- CVE-2021-21181: Side-channel information leakage in autofill.
- CVE-2021-21182: Insufficient policy enforcement in navigations.
- CVE-2021-21183: Inappropriate implementation in performance APIs.
- CVE-2021-21184: Inappropriate implementation in performance APIs.
- CVE-2021-21185: Insufficient policy enforcement in extensions.
- CVE-2021-21186: Insufficient policy enforcement in QR scanning.
- CVE-2021-21187: Insufficient data validation in URL formatting.
- CVE-2021-21188: Use after free in Blink.
- CVE-2021-21189: Insufficient policy enforcement in payments.
- CVE-2021-21190: Uninitialized Use in PDFium.
- CVE-2021-21149: Stack overflow in Data Transfer.
- CVE-2021-21150: Use after free in Downloads.
- CVE-2021-21151: Use after free in Payments.
- CVE-2021-21152: Heap buffer overflow in Media.
- CVE-2021-21153: Stack overflow in GPU Process.
- CVE-2021-21154: Heap buffer overflow in Tab Strip.
- CVE-2021-21155: Heap buffer overflow in Tab Strip.
- CVE-2021-21156: Heap buffer overflow in V8.
- CVE-2021-21157: Use after free in Web Sockets.
- Fixed Sandbox with glibc 2.33 (boo#1182233)
- Fixed an issue where chromium hangs on opening (boo#1182775).
Patchnames
openSUSE-2021-392
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nUpdate to 89.0.4389.72 (boo#1182358, boo#1182960):\n\n- CVE-2021-21159: Heap buffer overflow in TabStrip.\n- CVE-2021-21160: Heap buffer overflow in WebAudio.\n- CVE-2021-21161: Heap buffer overflow in TabStrip.\n- CVE-2021-21162: Use after free in WebRTC.\n- CVE-2021-21163: Insufficient data validation in Reader Mode.\n- CVE-2021-21164: Insufficient data validation in Chrome for iOS.\n- CVE-2021-21165: Object lifecycle issue in audio.\n- CVE-2021-21166: Object lifecycle issue in audio.\n- CVE-2021-21167: Use after free in bookmarks.\n- CVE-2021-21168: Insufficient policy enforcement in appcache.\n- CVE-2021-21169: Out of bounds memory access in V8.\n- CVE-2021-21170: Incorrect security UI in Loader.\n- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.\n- CVE-2021-21172: Insufficient policy enforcement in File System API.\n- CVE-2021-21173: Side-channel information leakage in Network Internals.\n- CVE-2021-21174: Inappropriate implementation in Referrer.\n- CVE-2021-21175: Inappropriate implementation in Site isolation.\n- CVE-2021-21176: Inappropriate implementation in full screen mode.\n- CVE-2021-21177: Insufficient policy enforcement in Autofill.\n- CVE-2021-21178: Inappropriate implementation in Compositing.\n- CVE-2021-21179: Use after free in Network Internals.\n- CVE-2021-21180: Use after free in tab search.\n- CVE-2020-27844: Heap buffer overflow in OpenJPEG.\n- CVE-2021-21181: Side-channel information leakage in autofill.\n- CVE-2021-21182: Insufficient policy enforcement in navigations.\n- CVE-2021-21183: Inappropriate implementation in performance APIs.\n- CVE-2021-21184: Inappropriate implementation in performance APIs.\n- CVE-2021-21185: Insufficient policy enforcement in extensions.\n- CVE-2021-21186: Insufficient policy enforcement in QR scanning.\n- CVE-2021-21187: Insufficient data validation in URL formatting.\n- CVE-2021-21188: Use after free in Blink.\n- CVE-2021-21189: Insufficient policy enforcement in payments.\n- CVE-2021-21190: Uninitialized Use in PDFium.\n- CVE-2021-21149: Stack overflow in Data Transfer.\n- CVE-2021-21150: Use after free in Downloads.\n- CVE-2021-21151: Use after free in Payments.\n- CVE-2021-21152: Heap buffer overflow in Media.\n- CVE-2021-21153: Stack overflow in GPU Process. \n- CVE-2021-21154: Heap buffer overflow in Tab Strip.\n- CVE-2021-21155: Heap buffer overflow in Tab Strip.\n- CVE-2021-21156: Heap buffer overflow in V8.\n- CVE-2021-21157: Use after free in Web Sockets. \n- Fixed Sandbox with glibc 2.33 (boo#1182233)\n- Fixed an issue where chromium hangs on opening (boo#1182775).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-392",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0392-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0392-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S66YPMC4VLRMKQGSTL3XFAVYDCVH7ADY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0392-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S66YPMC4VLRMKQGSTL3XFAVYDCVH7ADY/"
},
{
"category": "self",
"summary": "SUSE Bug 1182233",
"url": "https://bugzilla.suse.com/1182233"
},
{
"category": "self",
"summary": "SUSE Bug 1182358",
"url": "https://bugzilla.suse.com/1182358"
},
{
"category": "self",
"summary": "SUSE Bug 1182775",
"url": "https://bugzilla.suse.com/1182775"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27844 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21149 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21150 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21151 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21152 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21153 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21154 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21155 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21156 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21157 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21159 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21160 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21161 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21162 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21163 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21164 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21165 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21166 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21167 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21168 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21169 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21170 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21171 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21171/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21172 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21173 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21174 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21175 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21176 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21177 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21178 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21179 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21180 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21181 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21182 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21183 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21184 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21185 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21186 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21187 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21188 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21189 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21190 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21190/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-03-08T07:13:12Z",
"generator": {
"date": "2021-03-08T07:13:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0392-1",
"initial_release_date": "2021-03-08T07:13:12Z",
"revision_history": [
{
"date": "2021-03-08T07:13:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"product": {
"name": "chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"product_id": "chromedriver-89.0.4389.72-lp152.2.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-89.0.4389.72-lp152.2.77.1.x86_64",
"product": {
"name": "chromium-89.0.4389.72-lp152.2.77.1.x86_64",
"product_id": "chromium-89.0.4389.72-lp152.2.77.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-89.0.4389.72-lp152.2.77.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64"
},
"product_reference": "chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-89.0.4389.72-lp152.2.77.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
},
"product_reference": "chromium-89.0.4389.72-lp152.2.77.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27844"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in openjpeg\u0027s src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27844",
"url": "https://www.suse.com/security/cve/CVE-2020-27844"
},
{
"category": "external",
"summary": "SUSE Bug 1180045 for CVE-2020-27844",
"url": "https://bugzilla.suse.com/1180045"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2020-27844",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2020-27844",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2020-27844"
},
{
"cve": "CVE-2021-21149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21149"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21149",
"url": "https://www.suse.com/security/cve/CVE-2021-21149"
},
{
"category": "external",
"summary": "SUSE Bug 1182358 for CVE-2021-21149",
"url": "https://bugzilla.suse.com/1182358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21149"
},
{
"cve": "CVE-2021-21150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21150"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21150",
"url": "https://www.suse.com/security/cve/CVE-2021-21150"
},
{
"category": "external",
"summary": "SUSE Bug 1182358 for CVE-2021-21150",
"url": "https://bugzilla.suse.com/1182358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21150"
},
{
"cve": "CVE-2021-21151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21151"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21151",
"url": "https://www.suse.com/security/cve/CVE-2021-21151"
},
{
"category": "external",
"summary": "SUSE Bug 1182358 for CVE-2021-21151",
"url": "https://bugzilla.suse.com/1182358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21151"
},
{
"cve": "CVE-2021-21152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21152"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21152",
"url": "https://www.suse.com/security/cve/CVE-2021-21152"
},
{
"category": "external",
"summary": "SUSE Bug 1182358 for CVE-2021-21152",
"url": "https://bugzilla.suse.com/1182358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21152"
},
{
"cve": "CVE-2021-21153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21153"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21153",
"url": "https://www.suse.com/security/cve/CVE-2021-21153"
},
{
"category": "external",
"summary": "SUSE Bug 1182358 for CVE-2021-21153",
"url": "https://bugzilla.suse.com/1182358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21153"
},
{
"cve": "CVE-2021-21154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21154"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21154",
"url": "https://www.suse.com/security/cve/CVE-2021-21154"
},
{
"category": "external",
"summary": "SUSE Bug 1182358 for CVE-2021-21154",
"url": "https://bugzilla.suse.com/1182358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21154"
},
{
"cve": "CVE-2021-21155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21155"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21155",
"url": "https://www.suse.com/security/cve/CVE-2021-21155"
},
{
"category": "external",
"summary": "SUSE Bug 1182358 for CVE-2021-21155",
"url": "https://bugzilla.suse.com/1182358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21155"
},
{
"cve": "CVE-2021-21156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21156"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21156",
"url": "https://www.suse.com/security/cve/CVE-2021-21156"
},
{
"category": "external",
"summary": "SUSE Bug 1182358 for CVE-2021-21156",
"url": "https://bugzilla.suse.com/1182358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21156"
},
{
"cve": "CVE-2021-21157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21157"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21157",
"url": "https://www.suse.com/security/cve/CVE-2021-21157"
},
{
"category": "external",
"summary": "SUSE Bug 1182358 for CVE-2021-21157",
"url": "https://bugzilla.suse.com/1182358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21157"
},
{
"cve": "CVE-2021-21159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21159"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21159",
"url": "https://www.suse.com/security/cve/CVE-2021-21159"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21159",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21159",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21159"
},
{
"cve": "CVE-2021-21160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21160"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21160",
"url": "https://www.suse.com/security/cve/CVE-2021-21160"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21160",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21160",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21160"
},
{
"cve": "CVE-2021-21161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21161"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21161",
"url": "https://www.suse.com/security/cve/CVE-2021-21161"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21161",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21161",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21161"
},
{
"cve": "CVE-2021-21162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21162"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21162",
"url": "https://www.suse.com/security/cve/CVE-2021-21162"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21162",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21162",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21162"
},
{
"cve": "CVE-2021-21163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21163"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21163",
"url": "https://www.suse.com/security/cve/CVE-2021-21163"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21163",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21163",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21163"
},
{
"cve": "CVE-2021-21164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21164"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21164",
"url": "https://www.suse.com/security/cve/CVE-2021-21164"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21164",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21164",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "moderate"
}
],
"title": "CVE-2021-21164"
},
{
"cve": "CVE-2021-21165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21165"
}
],
"notes": [
{
"category": "general",
"text": "Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21165",
"url": "https://www.suse.com/security/cve/CVE-2021-21165"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21165",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21165",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21165"
},
{
"cve": "CVE-2021-21166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21166"
}
],
"notes": [
{
"category": "general",
"text": "Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21166",
"url": "https://www.suse.com/security/cve/CVE-2021-21166"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21166",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21166",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21166"
},
{
"cve": "CVE-2021-21167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21167"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21167",
"url": "https://www.suse.com/security/cve/CVE-2021-21167"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21167",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21167",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21167"
},
{
"cve": "CVE-2021-21168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21168"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21168",
"url": "https://www.suse.com/security/cve/CVE-2021-21168"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21168",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21168",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21168"
},
{
"cve": "CVE-2021-21169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21169"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21169",
"url": "https://www.suse.com/security/cve/CVE-2021-21169"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21169",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21169",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21169"
},
{
"cve": "CVE-2021-21170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21170"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21170",
"url": "https://www.suse.com/security/cve/CVE-2021-21170"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21170",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21170",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21170"
},
{
"cve": "CVE-2021-21171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21171"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21171",
"url": "https://www.suse.com/security/cve/CVE-2021-21171"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21171",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21171",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21171"
},
{
"cve": "CVE-2021-21172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21172"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21172",
"url": "https://www.suse.com/security/cve/CVE-2021-21172"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21172",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21172",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21172"
},
{
"cve": "CVE-2021-21173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21173"
}
],
"notes": [
{
"category": "general",
"text": "Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21173",
"url": "https://www.suse.com/security/cve/CVE-2021-21173"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21173",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21173",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21173"
},
{
"cve": "CVE-2021-21174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21174"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21174",
"url": "https://www.suse.com/security/cve/CVE-2021-21174"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21174",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21174",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21174"
},
{
"cve": "CVE-2021-21175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21175"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21175",
"url": "https://www.suse.com/security/cve/CVE-2021-21175"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21175",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21175",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21175"
},
{
"cve": "CVE-2021-21176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21176"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21176",
"url": "https://www.suse.com/security/cve/CVE-2021-21176"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21176",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21176",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21176"
},
{
"cve": "CVE-2021-21177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21177"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21177",
"url": "https://www.suse.com/security/cve/CVE-2021-21177"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21177",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21177",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21177"
},
{
"cve": "CVE-2021-21178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21178"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21178",
"url": "https://www.suse.com/security/cve/CVE-2021-21178"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21178",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21178",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21178"
},
{
"cve": "CVE-2021-21179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21179"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21179",
"url": "https://www.suse.com/security/cve/CVE-2021-21179"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21179",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21179",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21179"
},
{
"cve": "CVE-2021-21180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21180"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21180",
"url": "https://www.suse.com/security/cve/CVE-2021-21180"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21180",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21180",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21180"
},
{
"cve": "CVE-2021-21181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21181"
}
],
"notes": [
{
"category": "general",
"text": "Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21181",
"url": "https://www.suse.com/security/cve/CVE-2021-21181"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21181",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21181",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21181"
},
{
"cve": "CVE-2021-21182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21182"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21182",
"url": "https://www.suse.com/security/cve/CVE-2021-21182"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21182",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21182",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21182"
},
{
"cve": "CVE-2021-21183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21183"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21183",
"url": "https://www.suse.com/security/cve/CVE-2021-21183"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21183",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21183",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21183"
},
{
"cve": "CVE-2021-21184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21184"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21184",
"url": "https://www.suse.com/security/cve/CVE-2021-21184"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21184",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21184",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21184"
},
{
"cve": "CVE-2021-21185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21185"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21185",
"url": "https://www.suse.com/security/cve/CVE-2021-21185"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21185",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21185",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21185"
},
{
"cve": "CVE-2021-21186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21186"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21186",
"url": "https://www.suse.com/security/cve/CVE-2021-21186"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21186",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21186",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21186"
},
{
"cve": "CVE-2021-21187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21187"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21187",
"url": "https://www.suse.com/security/cve/CVE-2021-21187"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21187",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21187",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21187"
},
{
"cve": "CVE-2021-21188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21188"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21188",
"url": "https://www.suse.com/security/cve/CVE-2021-21188"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21188",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21188",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21188"
},
{
"cve": "CVE-2021-21189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21189"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21189",
"url": "https://www.suse.com/security/cve/CVE-2021-21189"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21189",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21189",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21189"
},
{
"cve": "CVE-2021-21190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21190"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21190",
"url": "https://www.suse.com/security/cve/CVE-2021-21190"
},
{
"category": "external",
"summary": "SUSE Bug 1182960 for CVE-2021-21190",
"url": "https://bugzilla.suse.com/1182960"
},
{
"category": "external",
"summary": "SUSE Bug 1183514 for CVE-2021-21190",
"url": "https://bugzilla.suse.com/1183514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-89.0.4389.72-lp152.2.77.1.x86_64",
"openSUSE Leap 15.2:chromium-89.0.4389.72-lp152.2.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-08T07:13:12Z",
"details": "important"
}
],
"title": "CVE-2021-21190"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.