https://crbug.com/1194358

https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html

GLSA-202107-06

FEDORA-2021-f94dadff78

This update for chromium fixes the following issues :

Chromium 91.0.4472.77 (boo#1186458) :

  - Support Managed configuration API for Web Applications

  - WebOTP API: cross-origin iframe support

  - CSS custom counter styles

  - Support JSON Modules

  - Clipboard: read-only files support

  - Remove webkitBeforeTextInserted &     webkitEditableCOntentChanged JS events

  - Honor media HTML attribute for link icon

  - Import Assertions

  - Class static initializer blocks

  - Ergonomic brand checks for private fields

  - Expose WebAssembly SIMD

  - New Feature: WebTransport

  - ES Modules for service workers ('module' type option)

  - Suggested file name and location for the File System     Access API

  - adaptivePTime property for RTCRtpEncodingParameters

  - Block HTTP port 10080 - mitigation for NAT Slipstream     2.0 attack

  - Support WebSockets over HTTP/2

  - Support 103 Early Hints for Navigation

  - CVE-2021-30521: Heap buffer overflow in Autofill

  - CVE-2021-30522: Use after free in WebAudio

  - CVE-2021-30523: Use after free in WebRTC

  - CVE-2021-30524: Use after free in TabStrip

  - CVE-2021-30525: Use after free in TabGroups

  - CVE-2021-30526: Out of bounds write in TabStrip

  - CVE-2021-30527: Use after free in WebUI

  - CVE-2021-30528: Use after free in WebAuthentication

  - CVE-2021-30529: Use after free in Bookmarks

  - CVE-2021-30530: Out of bounds memory access in WebAudio

  - CVE-2021-30531: Insufficient policy enforcement in     Content Security Policy

  - CVE-2021-30532: Insufficient policy enforcement in     Content Security Policy

  - CVE-2021-30533: Insufficient policy enforcement in     PopupBlocker

  - CVE-2021-30534: Insufficient policy enforcement in     iFrameSandbox

  - CVE-2021-30535: Double free in ICU

  - CVE-2021-21212: Insufficient data validation in     networking

  - CVE-2021-30536: Out of bounds read in V8

  - CVE-2021-30537: Insufficient policy enforcement in     cookies

  - CVE-2021-30538: Insufficient policy enforcement in     content security policy

  - CVE-2021-30539: Insufficient policy enforcement in     content security policy

  - CVE-2021-30540: Incorrect security UI in payments

  - Various fixes from internal audits, fuzzing and other     initiatives

The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected by multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Chrome Releases reports :

This release contains 32 security fixes, including :

- [1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.
Reported by ZhanJia Song on 2021-05-13

- [1176218] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09

- [1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13

- [1197146] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08

- [1197888] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11

- [1198717] High CVE-2021-30526: Out of bounds write in TabStrip.
Reported by David Erceg on 2021-04-13

- [1199198] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15

- [1206329] High CVE-2021-30528: Use after free in WebAuthentication.
Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06

- [1195278] Medium CVE-2021-30529: Use after free in Bookmarks.
Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02

- [1201033] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21

- [1115628] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12

- [1117687] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18

- [1145553] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04

- [1151507] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20

- [1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01

- [1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03

- [1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31

- [830101] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06

- [1115045] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11

- [971231] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher on 2019-06-05

- [1184147] Low CVE-2021-30540: Incorrect security UI in payments.
Reported by @retsew0x01 on 2021-03-03

The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.77. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.77. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
150269	openSUSE Security Update : chromium (openSUSE-2021-825)	Nessus	SuSE Local Security Checks	high
150138	Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities	Nessus	Windows	high
150015	FreeBSD : chromium -- multiple vulnerabilities (674ed047-be0a-11eb-b927-3065ec8fd3ec)	Nessus	FreeBSD Local Security Checks	high
149901	Google Chrome < 91.0.4472.77 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
149900	Google Chrome < 91.0.4472.77 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2021-30536

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high