Vulnerability from csaf_opensuse
Published
2021-12-28 07:45
Modified
2021-12-28 07:45
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium fixes the following issues:
Chromium 96.0.4664.110 (boo#1193713):
* CVE-2021-4098: Insufficient data validation in Mojo
* CVE-2021-4099: Use after free in Swiftshader
* CVE-2021-4100: Object lifecycle issue in ANGLE
* CVE-2021-4101: Heap buffer overflow in Swiftshader
* CVE-2021-4102: Use after free in V8
Lord of the Browsers: The Two Compilers:
* Go back to GCC
* GCC: LTO removes needed assembly symbols
* Clang: issues with libstdc++
Chromium 96.0.4664.93 (boo#1193519):
* CVE-2021-4052: Use after free in web apps
* CVE-2021-4053: Use after free in UI
* CVE-2021-4079: Out of bounds write in WebRTC
* CVE-2021-4054: Incorrect security UI in autofill
* CVE-2021-4078: Type confusion in V8
* CVE-2021-4055: Heap buffer overflow in extensions
* CVE-2021-4056: Type Confusion in loader
* CVE-2021-4057: Use after free in file API
* CVE-2021-4058: Heap buffer overflow in ANGLE
* CVE-2021-4059: Insufficient data validation in loader
* CVE-2021-4061: Type Confusion in V8
* CVE-2021-4062: Heap buffer overflow in BFCache
* CVE-2021-4063: Use after free in developer tools
* CVE-2021-4064: Use after free in screen capture
* CVE-2021-4065: Use after free in autofill
* CVE-2021-4066: Integer underflow in ANGLE
* CVE-2021-4067: Use after free in window manager
* CVE-2021-4068: Insufficient validation of untrusted input in new tab page
Chromium 96.0.4664.45 (boo#1192734):
* CVE-2021-38007: Type Confusion in V8
* CVE-2021-38008: Use after free in media
* CVE-2021-38009: Inappropriate implementation in cache
* CVE-2021-38006: Use after free in storage foundation
* CVE-2021-38005: Use after free in loader
* CVE-2021-38010: Inappropriate implementation in service workers
* CVE-2021-38011: Use after free in storage foundation
* CVE-2021-38012: Type Confusion in V8
* CVE-2021-38013: Heap buffer overflow in fingerprint recognition
* CVE-2021-38014: Out of bounds write in Swiftshader
* CVE-2021-38015: Inappropriate implementation in input
* CVE-2021-38016: Insufficient policy enforcement in background fetch
* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
* CVE-2021-38018: Inappropriate implementation in navigation
* CVE-2021-38019: Insufficient policy enforcement in CORS
* CVE-2021-38020: Insufficient policy enforcement in contacts picker
* CVE-2021-38021: Inappropriate implementation in referrer
* CVE-2021-38022: Inappropriate implementation in WebAuthentication
Patchnames
openSUSE-2021-1632
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for chromium", title: "Title of the patch", }, { category: "description", text: "This update for chromium fixes the following issues:\n\nChromium 96.0.4664.110 (boo#1193713):\n\n* CVE-2021-4098: Insufficient data validation in Mojo\n* CVE-2021-4099: Use after free in Swiftshader\n* CVE-2021-4100: Object lifecycle issue in ANGLE\n* CVE-2021-4101: Heap buffer overflow in Swiftshader\n* CVE-2021-4102: Use after free in V8\n\nLord of the Browsers: The Two Compilers:\n\n* Go back to GCC\n* GCC: LTO removes needed assembly symbols\n* Clang: issues with libstdc++\n\nChromium 96.0.4664.93 (boo#1193519):\n\n* CVE-2021-4052: Use after free in web apps\n* CVE-2021-4053: Use after free in UI\n* CVE-2021-4079: Out of bounds write in WebRTC\n* CVE-2021-4054: Incorrect security UI in autofill\n* CVE-2021-4078: Type confusion in V8\n* CVE-2021-4055: Heap buffer overflow in extensions\n* CVE-2021-4056: Type Confusion in loader\n* CVE-2021-4057: Use after free in file API\n* CVE-2021-4058: Heap buffer overflow in ANGLE\n* CVE-2021-4059: Insufficient data validation in loader\n* CVE-2021-4061: Type Confusion in V8\n* CVE-2021-4062: Heap buffer overflow in BFCache\n* CVE-2021-4063: Use after free in developer tools\n* CVE-2021-4064: Use after free in screen capture\n* CVE-2021-4065: Use after free in autofill\n* CVE-2021-4066: Integer underflow in ANGLE\n* CVE-2021-4067: Use after free in window manager\n* CVE-2021-4068: Insufficient validation of untrusted input in new tab page\n\nChromium 96.0.4664.45 (boo#1192734):\n\n* CVE-2021-38007: Type Confusion in V8\n* CVE-2021-38008: Use after free in media\n* CVE-2021-38009: Inappropriate implementation in cache\n* CVE-2021-38006: Use after free in storage foundation\n* CVE-2021-38005: Use after free in loader\n* CVE-2021-38010: Inappropriate implementation in service workers\n* CVE-2021-38011: Use after free in storage foundation\n* CVE-2021-38012: Type Confusion in V8\n* CVE-2021-38013: Heap buffer overflow in fingerprint recognition\n* CVE-2021-38014: Out of bounds write in Swiftshader\n* CVE-2021-38015: Inappropriate implementation in input\n* CVE-2021-38016: Insufficient policy enforcement in background fetch\n* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox\n* CVE-2021-38018: Inappropriate implementation in navigation\n* CVE-2021-38019: Insufficient policy enforcement in CORS\n* CVE-2021-38020: Insufficient policy enforcement in contacts picker\n* CVE-2021-38021: Inappropriate implementation in referrer\n* CVE-2021-38022: Inappropriate implementation in WebAuthentication\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-1632", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1632-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:1632-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DUJZLITO4GTLR5FP75FBCLDYZMUY2AFI/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:1632-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DUJZLITO4GTLR5FP75FBCLDYZMUY2AFI/", }, { category: "self", summary: "SUSE Bug 1192310", url: "https://bugzilla.suse.com/1192310", }, { category: "self", summary: "SUSE Bug 1192734", url: "https://bugzilla.suse.com/1192734", }, { category: "self", summary: "SUSE Bug 1193519", url: "https://bugzilla.suse.com/1193519", }, { category: "self", summary: "SUSE Bug 1193713", url: "https://bugzilla.suse.com/1193713", }, { category: "self", summary: "SUSE CVE CVE-2021-38005 page", url: "https://www.suse.com/security/cve/CVE-2021-38005/", }, { category: "self", summary: "SUSE CVE CVE-2021-38006 page", url: "https://www.suse.com/security/cve/CVE-2021-38006/", }, { category: "self", summary: "SUSE CVE CVE-2021-38007 page", url: "https://www.suse.com/security/cve/CVE-2021-38007/", }, { category: "self", summary: "SUSE CVE CVE-2021-38008 page", url: "https://www.suse.com/security/cve/CVE-2021-38008/", }, { category: "self", summary: "SUSE CVE CVE-2021-38009 page", url: "https://www.suse.com/security/cve/CVE-2021-38009/", }, { category: "self", summary: "SUSE CVE CVE-2021-38010 page", url: "https://www.suse.com/security/cve/CVE-2021-38010/", }, { category: "self", summary: "SUSE CVE CVE-2021-38011 page", url: "https://www.suse.com/security/cve/CVE-2021-38011/", }, { category: "self", summary: "SUSE CVE CVE-2021-38012 page", url: "https://www.suse.com/security/cve/CVE-2021-38012/", }, { category: "self", summary: "SUSE CVE CVE-2021-38013 page", url: "https://www.suse.com/security/cve/CVE-2021-38013/", }, { category: "self", summary: "SUSE CVE CVE-2021-38014 page", url: "https://www.suse.com/security/cve/CVE-2021-38014/", }, { category: "self", summary: "SUSE CVE CVE-2021-38015 page", url: "https://www.suse.com/security/cve/CVE-2021-38015/", }, { category: "self", summary: "SUSE CVE CVE-2021-38016 page", url: "https://www.suse.com/security/cve/CVE-2021-38016/", }, { category: "self", summary: "SUSE CVE CVE-2021-38017 page", url: "https://www.suse.com/security/cve/CVE-2021-38017/", }, { category: "self", summary: "SUSE CVE CVE-2021-38018 page", url: "https://www.suse.com/security/cve/CVE-2021-38018/", }, { category: "self", summary: "SUSE CVE CVE-2021-38019 page", url: "https://www.suse.com/security/cve/CVE-2021-38019/", }, { category: "self", summary: "SUSE CVE CVE-2021-38020 page", url: "https://www.suse.com/security/cve/CVE-2021-38020/", }, { category: "self", summary: "SUSE CVE CVE-2021-38021 page", url: "https://www.suse.com/security/cve/CVE-2021-38021/", }, { category: "self", summary: "SUSE CVE CVE-2021-38022 page", url: "https://www.suse.com/security/cve/CVE-2021-38022/", }, { category: "self", summary: "SUSE CVE CVE-2021-4052 page", url: "https://www.suse.com/security/cve/CVE-2021-4052/", }, { category: "self", summary: "SUSE CVE CVE-2021-4053 page", url: "https://www.suse.com/security/cve/CVE-2021-4053/", }, { category: "self", summary: "SUSE CVE CVE-2021-4054 page", url: "https://www.suse.com/security/cve/CVE-2021-4054/", }, { category: "self", summary: "SUSE CVE CVE-2021-4055 page", url: "https://www.suse.com/security/cve/CVE-2021-4055/", }, { category: "self", summary: "SUSE CVE CVE-2021-4056 page", url: "https://www.suse.com/security/cve/CVE-2021-4056/", }, { category: "self", summary: "SUSE CVE CVE-2021-4057 page", url: "https://www.suse.com/security/cve/CVE-2021-4057/", }, { category: "self", summary: "SUSE CVE CVE-2021-4058 page", url: "https://www.suse.com/security/cve/CVE-2021-4058/", }, { category: "self", summary: "SUSE CVE CVE-2021-4059 page", url: "https://www.suse.com/security/cve/CVE-2021-4059/", }, { category: "self", summary: "SUSE CVE CVE-2021-4061 page", url: "https://www.suse.com/security/cve/CVE-2021-4061/", }, { category: "self", summary: "SUSE CVE CVE-2021-4062 page", url: "https://www.suse.com/security/cve/CVE-2021-4062/", }, { category: "self", summary: "SUSE CVE CVE-2021-4063 page", url: "https://www.suse.com/security/cve/CVE-2021-4063/", }, { category: "self", summary: "SUSE CVE CVE-2021-4064 page", url: "https://www.suse.com/security/cve/CVE-2021-4064/", }, { category: "self", summary: "SUSE CVE CVE-2021-4065 page", url: "https://www.suse.com/security/cve/CVE-2021-4065/", }, { category: "self", summary: "SUSE CVE CVE-2021-4066 page", url: "https://www.suse.com/security/cve/CVE-2021-4066/", }, { category: "self", summary: "SUSE CVE CVE-2021-4067 page", url: "https://www.suse.com/security/cve/CVE-2021-4067/", }, { category: "self", summary: "SUSE CVE CVE-2021-4068 page", url: "https://www.suse.com/security/cve/CVE-2021-4068/", }, { category: "self", summary: "SUSE CVE CVE-2021-4078 page", url: "https://www.suse.com/security/cve/CVE-2021-4078/", }, { category: "self", summary: "SUSE CVE CVE-2021-4079 page", url: "https://www.suse.com/security/cve/CVE-2021-4079/", }, { category: "self", summary: "SUSE CVE CVE-2021-4098 page", url: "https://www.suse.com/security/cve/CVE-2021-4098/", }, { category: "self", summary: "SUSE CVE CVE-2021-4099 page", url: "https://www.suse.com/security/cve/CVE-2021-4099/", }, { category: "self", summary: "SUSE CVE CVE-2021-4100 page", url: "https://www.suse.com/security/cve/CVE-2021-4100/", }, { category: "self", summary: "SUSE CVE CVE-2021-4101 page", url: "https://www.suse.com/security/cve/CVE-2021-4101/", }, { category: "self", summary: "SUSE CVE CVE-2021-4102 page", url: "https://www.suse.com/security/cve/CVE-2021-4102/", }, ], title: "Security update for chromium", tracking: { current_release_date: "2021-12-28T07:45:13Z", generator: { date: "2021-12-28T07:45:13Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:1632-1", initial_release_date: "2021-12-28T07:45:13Z", revision_history: [ { date: "2021-12-28T07:45:13Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", product: { name: "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", product_id: "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", }, }, { category: "product_version", name: "chromium-96.0.4664.110-lp152.2.143.1.x86_64", product: { name: "chromium-96.0.4664.110-lp152.2.143.1.x86_64", product_id: "chromium-96.0.4664.110-lp152.2.143.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", }, product_reference: "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "chromium-96.0.4664.110-lp152.2.143.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", }, product_reference: "chromium-96.0.4664.110-lp152.2.143.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, ], }, vulnerabilities: [ { cve: "CVE-2021-38005", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38005", }, ], notes: [ { category: "general", text: "Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38005", url: "https://www.suse.com/security/cve/CVE-2021-38005", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38005", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38005", }, { cve: "CVE-2021-38006", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38006", }, ], notes: [ { category: "general", text: "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38006", url: "https://www.suse.com/security/cve/CVE-2021-38006", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38006", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38006", }, { cve: "CVE-2021-38007", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38007", }, ], notes: [ { category: "general", text: "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38007", url: "https://www.suse.com/security/cve/CVE-2021-38007", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38007", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38007", }, { cve: "CVE-2021-38008", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38008", }, ], notes: [ { category: "general", text: "Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38008", url: "https://www.suse.com/security/cve/CVE-2021-38008", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38008", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38008", }, { cve: "CVE-2021-38009", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38009", }, ], notes: [ { category: "general", text: "Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38009", url: "https://www.suse.com/security/cve/CVE-2021-38009", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38009", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38009", }, { cve: "CVE-2021-38010", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38010", }, ], notes: [ { category: "general", text: "Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38010", url: "https://www.suse.com/security/cve/CVE-2021-38010", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38010", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38010", }, { cve: "CVE-2021-38011", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38011", }, ], notes: [ { category: "general", text: "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38011", url: "https://www.suse.com/security/cve/CVE-2021-38011", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38011", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38011", }, { cve: "CVE-2021-38012", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38012", }, ], notes: [ { category: "general", text: "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38012", url: "https://www.suse.com/security/cve/CVE-2021-38012", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38012", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38012", }, { cve: "CVE-2021-38013", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38013", }, ], notes: [ { category: "general", text: "Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38013", url: "https://www.suse.com/security/cve/CVE-2021-38013", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38013", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38013", }, { cve: "CVE-2021-38014", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38014", }, ], notes: [ { category: "general", text: "Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38014", url: "https://www.suse.com/security/cve/CVE-2021-38014", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38014", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38014", }, { cve: "CVE-2021-38015", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38015", }, ], notes: [ { category: "general", text: "Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38015", url: "https://www.suse.com/security/cve/CVE-2021-38015", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38015", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38015", }, { cve: "CVE-2021-38016", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38016", }, ], notes: [ { category: "general", text: "Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38016", url: "https://www.suse.com/security/cve/CVE-2021-38016", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38016", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38016", }, { cve: "CVE-2021-38017", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38017", }, ], notes: [ { category: "general", text: "Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38017", url: "https://www.suse.com/security/cve/CVE-2021-38017", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38017", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38017", }, { cve: "CVE-2021-38018", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38018", }, ], notes: [ { category: "general", text: "Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38018", url: "https://www.suse.com/security/cve/CVE-2021-38018", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38018", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38018", }, { cve: "CVE-2021-38019", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38019", }, ], notes: [ { category: "general", text: "Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38019", url: "https://www.suse.com/security/cve/CVE-2021-38019", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38019", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38019", }, { cve: "CVE-2021-38020", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38020", }, ], notes: [ { category: "general", text: "Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38020", url: "https://www.suse.com/security/cve/CVE-2021-38020", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38020", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38020", }, { cve: "CVE-2021-38021", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38021", }, ], notes: [ { category: "general", text: "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38021", url: "https://www.suse.com/security/cve/CVE-2021-38021", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38021", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38021", }, { cve: "CVE-2021-38022", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-38022", }, ], notes: [ { category: "general", text: "Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-38022", url: "https://www.suse.com/security/cve/CVE-2021-38022", }, { category: "external", summary: "SUSE Bug 1192734 for CVE-2021-38022", url: "https://bugzilla.suse.com/1192734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "critical", }, ], title: "CVE-2021-38022", }, { cve: "CVE-2021-4052", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4052", }, ], notes: [ { category: "general", text: "Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4052", url: "https://www.suse.com/security/cve/CVE-2021-4052", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4052", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4052", }, { cve: "CVE-2021-4053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4053", }, ], notes: [ { category: "general", text: "Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4053", url: "https://www.suse.com/security/cve/CVE-2021-4053", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4053", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4053", }, { cve: "CVE-2021-4054", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4054", }, ], notes: [ { category: "general", text: "Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4054", url: "https://www.suse.com/security/cve/CVE-2021-4054", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4054", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4054", }, { cve: "CVE-2021-4055", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4055", }, ], notes: [ { category: "general", text: "Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4055", url: "https://www.suse.com/security/cve/CVE-2021-4055", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4055", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4055", }, { cve: "CVE-2021-4056", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4056", }, ], notes: [ { category: "general", text: "Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4056", url: "https://www.suse.com/security/cve/CVE-2021-4056", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4056", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4056", }, { cve: "CVE-2021-4057", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4057", }, ], notes: [ { category: "general", text: "Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4057", url: "https://www.suse.com/security/cve/CVE-2021-4057", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4057", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4057", }, { cve: "CVE-2021-4058", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4058", }, ], notes: [ { category: "general", text: "Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4058", url: "https://www.suse.com/security/cve/CVE-2021-4058", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4058", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4058", }, { cve: "CVE-2021-4059", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4059", }, ], notes: [ { category: "general", text: "Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4059", url: "https://www.suse.com/security/cve/CVE-2021-4059", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4059", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4059", }, { cve: "CVE-2021-4061", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4061", }, ], notes: [ { category: "general", text: "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4061", url: "https://www.suse.com/security/cve/CVE-2021-4061", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4061", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4061", }, { cve: "CVE-2021-4062", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4062", }, ], notes: [ { category: "general", text: "Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4062", url: "https://www.suse.com/security/cve/CVE-2021-4062", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4062", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4062", }, { cve: "CVE-2021-4063", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4063", }, ], notes: [ { category: "general", text: "Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4063", url: "https://www.suse.com/security/cve/CVE-2021-4063", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4063", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4063", }, { cve: "CVE-2021-4064", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4064", }, ], notes: [ { category: "general", text: "Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4064", url: "https://www.suse.com/security/cve/CVE-2021-4064", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4064", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4064", }, { cve: "CVE-2021-4065", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4065", }, ], notes: [ { category: "general", text: "Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4065", url: "https://www.suse.com/security/cve/CVE-2021-4065", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4065", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4065", }, { cve: "CVE-2021-4066", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4066", }, ], notes: [ { category: "general", text: "Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4066", url: "https://www.suse.com/security/cve/CVE-2021-4066", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4066", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4066", }, { cve: "CVE-2021-4067", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4067", }, ], notes: [ { category: "general", text: "Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4067", url: "https://www.suse.com/security/cve/CVE-2021-4067", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4067", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4067", }, { cve: "CVE-2021-4068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4068", }, ], notes: [ { category: "general", text: "Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4068", url: "https://www.suse.com/security/cve/CVE-2021-4068", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4068", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4068", }, { cve: "CVE-2021-4078", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4078", }, ], notes: [ { category: "general", text: "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4078", url: "https://www.suse.com/security/cve/CVE-2021-4078", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4078", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4078", }, { cve: "CVE-2021-4079", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4079", }, ], notes: [ { category: "general", text: "Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4079", url: "https://www.suse.com/security/cve/CVE-2021-4079", }, { category: "external", summary: "SUSE Bug 1193519 for CVE-2021-4079", url: "https://bugzilla.suse.com/1193519", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4079", }, { cve: "CVE-2021-4098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4098", }, ], notes: [ { category: "general", text: "Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4098", url: "https://www.suse.com/security/cve/CVE-2021-4098", }, { category: "external", summary: "SUSE Bug 1193713 for CVE-2021-4098", url: "https://bugzilla.suse.com/1193713", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4098", }, { cve: "CVE-2021-4099", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4099", }, ], notes: [ { category: "general", text: "Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4099", url: "https://www.suse.com/security/cve/CVE-2021-4099", }, { category: "external", summary: "SUSE Bug 1193713 for CVE-2021-4099", url: "https://bugzilla.suse.com/1193713", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4099", }, { cve: "CVE-2021-4100", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4100", }, ], notes: [ { category: "general", text: "Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4100", url: "https://www.suse.com/security/cve/CVE-2021-4100", }, { category: "external", summary: "SUSE Bug 1193713 for CVE-2021-4100", url: "https://bugzilla.suse.com/1193713", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4100", }, { cve: "CVE-2021-4101", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4101", }, ], notes: [ { category: "general", text: "Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4101", url: "https://www.suse.com/security/cve/CVE-2021-4101", }, { category: "external", summary: "SUSE Bug 1193713 for CVE-2021-4101", url: "https://bugzilla.suse.com/1193713", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4101", }, { cve: "CVE-2021-4102", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4102", }, ], notes: [ { category: "general", text: "Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4102", url: "https://www.suse.com/security/cve/CVE-2021-4102", }, { category: "external", summary: "SUSE Bug 1193713 for CVE-2021-4102", url: "https://bugzilla.suse.com/1193713", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64", "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-12-28T07:45:13Z", details: "important", }, ], title: "CVE-2021-4102", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.