https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html

https://crbug.com/1155178

FEDORA-2021-79926272ce

FEDORA-2021-d9faeff8eb

GLSA-202101-05

DSA-4832

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-d9faeff8eb advisory.

  - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2020-15995)

  - Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote     attacker to bypass discretionary access control via malicious network traffic. (CVE-2020-16043)

  - Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21106)

  - Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker     who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21107)

  - Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21108)

  - Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21109)

  - Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to     potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21110)

  - Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who     convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted     Chrome Extension. (CVE-2021-21111)

  - Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-21112)

  - Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21113)

  - Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-21114)

  - User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21115)

  - Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21116)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for opera fixes the following issues :

  - Update to version 73.0.3856.344

  - CHR-8265 Update chromium on desktop-stable-87-3856 to     87.0.4280.141

  - DNA-90625 [Mac] Crash at opera::TabView::
    GetPaintData(opera::TabState) const

  - DNA-90735 Crash at     opera::BrowserSidebarModel::GetItemVisible     (opera::BrowserSidebarItem const*) const

  - DNA-90780 Crash at     extensions::CommandService::GetExtension     ActionCommand(std::__1::basic_string const&,     extensions:: ActionInfo::Type,     extensions::CommandService::QueryType,     extensions::Command*, bool*)

  - DNA-90821 Crash at opera::BrowserSidebarController::
    Action(opera::BrowserSidebarItem const*,     opera::BrowserSidebarItemContentView*)

  - The update to chromium 87.0.4280.141 fixes following     issues: CVE-2021-21106, CVE-2021-21107, CVE-2021-21108,     CVE-2021-21109, CVE-2021-21110, CVE-2021-21111,     CVE-2021-21112, CVE-2021-21113, CVE-2020-16043,     CVE-2021-21114, CVE-2020-15995, CVE-2021-21115,     CVE-2021-21116

  - Update to version 73.0.3856.329

  - DNA-89156 Crash at     content::RenderViewHostImpl::OnFocus()

  - DNA-89731 [Mac] Bookmarks bar overlaps Babe section when     hovering the OMenu

  - DNA-90189 Music service portal logotypes are blurred on     Win

  - DNA-90336 add session data schema

  - DNA-90399 Address bar dropdown suggestions overlap each     other

  - DNA-90520 Crash at     absl::raw_logging_internal::RawLog(absl:: LogSeverity,     char const*, int, char const*, &hellip;)

  - DNA-90538 Crash at extensions::CommandService::
    GetExtensionActionCommand(std::__1::basic_string const&,     extensions::ActionInfo::Type,     extensions::CommandService:: QueryType,     extensions::Command*, bool*)

  - DNA-90600 Don&rsquo;t report workspace visibility, when     functionality is disabled.

  - DNA-90665 Collect music service statistics WP2

  - DNA-90773 Bad translation from english to spanish in UI

  - DNA-90789 Crash at     opera::ThumbnailHelper::RunNextRequest()

This update for chromium fixes the following issues :

  - Update to 87.0.4280.141 (boo#1180645)

  - CVE-2021-21106: Use after free in autofill

  - CVE-2021-21107: Use after free in drag and drop

  - CVE-2021-21108: Use after free in media

  - CVE-2021-21109: Use after free in payments

  - CVE-2021-21110: Use after free in safe browsing

  - CVE-2021-21111: Insufficient policy enforcement in WebUI

  - CVE-2021-21112: Use after free in Blink

  - CVE-2021-21113: Heap buffer overflow in Skia

  - CVE-2020-16043: Insufficient data validation in     networking

  - CVE-2021-21114: Use after free in audio

  - CVE-2020-15995: Out of bounds write in V8

  - CVE-2021-21115: Use after free in safe browsing

  - CVE-2021-21116: Heap buffer overflow in audio 

  - Use main URLs instead of redirects in master preferences

Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-79926272ce advisory.

  - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2020-15995)

  - Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote     attacker to bypass discretionary access control via malicious network traffic. (CVE-2020-16043)

  - Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21106)

  - Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker     who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21107)

  - Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21108)

  - Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21109)

  - Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to     potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21110)

  - Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who     convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted     Chrome Extension. (CVE-2021-21111)

  - Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-21112)

  - Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21113)

  - Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-21114)

  - User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21115)

  - Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21116)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202101-05 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

Chrome Releases reports :

This release includes 16 security fixes, including :

- [1148749] High CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-11-13

- [1153595] High CVE-2021-21107: Use after free in drag and drop.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-11-30

- [1155426] High CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-04

- [1152334] High CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2020-11-24

- [1152451] High CVE-2021-21110: Use after free in safe browsing.
Reported by Anonymous on 2020-11-24

- [1149125] High CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by Alesandro Ortiz on 2020-11-15

- [1151298] High CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on 2020-11-20

- [1155178] High CVE-2021-21113: Heap buffer overflow in Skia.
Reported by tsubmunu on 2020-12-03

- [1148309] High CVE-2020-16043: Insufficient data validation in networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis on 2020-11-12

- [1150065] High CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17

- [1157790] High CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2020-12-11

- [1157814] High CVE-2021-21115: Use after free in safe browsing.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-11

- [1151069] Medium CVE-2021-21116: Heap buffer overflow in audio.
Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-11-19

The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.75. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-1-7-2021 advisory.

  - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2020-15995)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 87.0.4280.141. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 87.0.4280.141. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
145388	Fedora 32 : chromium (2021-d9faeff8eb)	Nessus	Fedora Local Security Checks	high
145383	openSUSE Security Update : opera (openSUSE-2021-138)	Nessus	SuSE Local Security Checks	high
145308	openSUSE Security Update : chromium (openSUSE-2021-41)	Nessus	SuSE Local Security Checks	high
145306	openSUSE Security Update : opera (openSUSE-2021-139)	Nessus	SuSE Local Security Checks	high
145304	openSUSE Security Update : chromium (openSUSE-2021-40)	Nessus	SuSE Local Security Checks	high
145194	Debian DSA-4832-1 : chromium - security update	Nessus	Debian Local Security Checks	high
145131	Fedora 33 : chromium (2021-79926272ce)	Nessus	Fedora Local Security Checks	high
144833	GLSA-202101-05 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
144823	FreeBSD : chromium -- multiple vulnerabilities (d153c4d2-50f8-11eb-8046-3065ec8fd3ec)	Nessus	FreeBSD Local Security Checks	high
144809	Microsoft Edge (Chromium) < 87.0.664.75 Multiple Vulnerabilities	Nessus	Windows	high
144782	Google Chrome < 87.0.4280.141 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
144781	Google Chrome < 87.0.4280.141 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2021-21113

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high