Overview

File _patchinfo of Package patchinfo.16409

<patchinfo incident="16409">
  <issue tracker="bnc" id="1186458">VUL-0: chromium: multiple security issues fixed in 91.0.4472.77</issue>
  <issue tracker="cve" id="2021-30529"/>
  <issue tracker="cve" id="2021-30540"/>
  <issue tracker="cve" id="2021-30521"/>
  <issue tracker="cve" id="2021-30536"/>
  <issue tracker="cve" id="2021-30523"/>
  <issue tracker="cve" id="2021-30526"/>
  <issue tracker="cve" id="2021-30534"/>
  <issue tracker="cve" id="2021-30528"/>
  <issue tracker="cve" id="2021-30525"/>
  <issue tracker="cve" id="2021-30538"/>
  <issue tracker="cve" id="2021-30527"/>
  <issue tracker="cve" id="2021-30539"/>
  <issue tracker="cve" id="2021-30532"/>
  <issue tracker="cve" id="2021-30535"/>
  <issue tracker="cve" id="2021-30522"/>
  <issue tracker="cve" id="2021-30531"/>
  <issue tracker="cve" id="2021-30533"/>
  <issue tracker="cve" id="2021-30524"/>
  <issue tracker="cve" id="2021-21212"/>
  <issue tracker="cve" id="2021-30537"/>
  <issue tracker="cve" id="2021-30530"/>
  <packager>msmeissn</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for chromium</summary>
  <description>This update for chromium fixes the following issues:

Chromium 91.0.4472.77 (boo#1186458):

* Support Managed configuration API for Web Applications
* WebOTP API: cross-origin iframe support
* CSS custom counter styles
* Support JSON Modules
* Clipboard: read-only files support
* Remove webkitBeforeTextInserted &amp; webkitEditableCOntentChanged JS events
* Honor media HTML attribute for link icon
* Import Assertions
* Class static initializer blocks
* Ergonomic brand checks for private fields
* Expose WebAssembly SIMD
* New Feature: WebTransport
* ES Modules for service workers ('module' type option)
* Suggested file name and location for the File System Access API
* adaptivePTime property for RTCRtpEncodingParameters
* Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack
* Support WebSockets over HTTP/2
* Support 103 Early Hints for Navigation
* CVE-2021-30521: Heap buffer overflow in Autofill
* CVE-2021-30522: Use after free in WebAudio
* CVE-2021-30523: Use after free in WebRTC
* CVE-2021-30524: Use after free in TabStrip
* CVE-2021-30525: Use after free in TabGroups
* CVE-2021-30526: Out of bounds write in TabStrip
* CVE-2021-30527: Use after free in WebUI
* CVE-2021-30528: Use after free in WebAuthentication
* CVE-2021-30529: Use after free in Bookmarks
* CVE-2021-30530: Out of bounds memory access in WebAudio
* CVE-2021-30531: Insufficient policy enforcement in Content Security Policy
* CVE-2021-30532: Insufficient policy enforcement in Content Security Policy
* CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
* CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
* CVE-2021-30535: Double free in ICU
* CVE-2021-21212: Insufficient data validation in networking
* CVE-2021-30536: Out of bounds read in V8
* CVE-2021-30537: Insufficient policy enforcement in cookies
* CVE-2021-30538: Insufficient policy enforcement in content security policy
* CVE-2021-30539: Insufficient policy enforcement in content security policy
* CVE-2021-30540: Incorrect security UI in payments
* Various fixes from internal audits, fuzzing and other initiatives
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places