Detections
Analytics

Debian DSA-4846-1 : chromium - security update

critical Nessus Plugin ID 146318

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

 - CVE-2020-16044 Ned Williamson discovered a use-after-free issue in the WebRTC implementation.

 - CVE-2021-21117 Rory McNamara discovered a policy enforcement issue in Cryptohome.

 - CVE-2021-21118 Tyler Nighswander discovered a data validation issue in the v8 JavaScript library.

 - CVE-2021-21119 A use-after-free issue was discovered in media handling.

 - CVE-2021-21120 Nan Wang and Guang Gong discovered a use-after-free issue in the WebSQL implementation.

 - CVE-2021-21121 Leecraso and Guang Gong discovered a use-after-free issue in the Omnibox.

 - CVE-2021-21122 Renata Hodovan discovered a use-after-free issue in Blink/WebKit.

 - CVE-2021-21123 Maciej Pulikowski discovered a data validation issue.

 - CVE-2021-21124 Chaoyang Ding discovered a use-after-free issue in the speech recognizer.

 - CVE-2021-21125 Ron Masas discovered a policy enforcement issue.

 - CVE-2021-21126 David Erceg discovered a policy enforcement issue in extensions.

 - CVE-2021-21127 Jasminder Pal Singh discovered a policy enforcement issue in extensions.

 - CVE-2021-21128 Liang Dong discovered a buffer overflow issue in Blink/WebKit.

 - CVE-2021-21129 Maciej Pulikowski discovered a policy enforcement issue.

 - CVE-2021-21130 Maciej Pulikowski discovered a policy enforcement issue.

 - CVE-2021-21131 Maciej Pulikowski discovered a policy enforcement issue.

 - CVE-2021-21132 David Erceg discovered an implementation error in the developer tools.

 - CVE-2021-21133 wester0x01 discovered a policy enforcement issue.

 - CVE-2021-21134 wester0x01 discovered a user interface error.

 - CVE-2021-21135 ndevtk discovered an implementation error in the Performance API.

 - CVE-2021-21136 Shiv Sahni, Movnavinothan V, and Imdad Mohammed discovered a policy enforcement error.

 - CVE-2021-21137 bobbybear discovered an implementation error in the developer tools.

 - CVE-2021-21138 Weipeng Jiang discovered a use-after-free issue in the developer tools.

 - CVE-2021-21139 Jun Kokatsu discovered an implementation error in the iframe sandbox.

 - CVE-2021-21140 David Manouchehri discovered uninitialized memory in the USB implementation.

 - CVE-2021-21141 Maciej Pulikowski discovered a policy enforcement error.

 - CVE-2021-21142 Khalil Zhani discovered a use-after-free issue.

 - CVE-2021-21143 Allen Parker and Alex Morgan discovered a buffer overflow issue in extensions.

 - CVE-2021-21144 Leecraso and Guang Gong discovered a buffer overflow issue.

 - CVE-2021-21145 A use-after-free issue was discovered.

 - CVE-2021-21146 Alison Huffman and Choongwoo Han discovered a use-after-free issue.

 - CVE-2021-21147 Roman Starkov discovered an implementation error in the skia library.

Solution

Upgrade the chromium packages.

For the stable distribution (buster), these problems have been fixed in version 88.0.4324.146-1~deb10u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2020-16044

https://security-tracker.debian.org/tracker/CVE-2021-21117

https://security-tracker.debian.org/tracker/CVE-2021-21118

https://security-tracker.debian.org/tracker/CVE-2021-21119

https://security-tracker.debian.org/tracker/CVE-2021-21120

https://security-tracker.debian.org/tracker/CVE-2021-21121

https://security-tracker.debian.org/tracker/CVE-2021-21122

https://security-tracker.debian.org/tracker/CVE-2021-21123

https://security-tracker.debian.org/tracker/CVE-2021-21124

https://security-tracker.debian.org/tracker/CVE-2021-21125

https://security-tracker.debian.org/tracker/CVE-2021-21126

https://security-tracker.debian.org/tracker/CVE-2021-21127

https://security-tracker.debian.org/tracker/CVE-2021-21128

https://security-tracker.debian.org/tracker/CVE-2021-21129

https://security-tracker.debian.org/tracker/CVE-2021-21130

https://security-tracker.debian.org/tracker/CVE-2021-21131

https://security-tracker.debian.org/tracker/CVE-2021-21132

https://security-tracker.debian.org/tracker/CVE-2021-21133

https://security-tracker.debian.org/tracker/CVE-2021-21134

https://security-tracker.debian.org/tracker/CVE-2021-21135

https://security-tracker.debian.org/tracker/CVE-2021-21136

https://security-tracker.debian.org/tracker/CVE-2021-21137

https://security-tracker.debian.org/tracker/CVE-2021-21138

https://security-tracker.debian.org/tracker/CVE-2021-21139

https://security-tracker.debian.org/tracker/CVE-2021-21140

https://security-tracker.debian.org/tracker/CVE-2021-21141

https://security-tracker.debian.org/tracker/CVE-2021-21142

https://security-tracker.debian.org/tracker/CVE-2021-21143

https://security-tracker.debian.org/tracker/CVE-2021-21144

https://security-tracker.debian.org/tracker/CVE-2021-21145

https://security-tracker.debian.org/tracker/CVE-2021-21146

https://security-tracker.debian.org/tracker/CVE-2021-21147

https://security-tracker.debian.org/tracker/source-package/chromium

https://packages.debian.org/source/buster/chromium

https://www.debian.org/security/2021/dsa-4846

Plugin Details

Severity: Critical

ID: 146318

File Name: debian_DSA-4846.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2/9/2021

Updated: 1/22/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-21117

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-21146

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:chromium, cpe:/o:debian:debian_linux:10.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/7/2021

Vulnerability Publication Date: 2/9/2021

Reference Information

CVE: CVE-2020-16044, CVE-2021-21117, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE-2021-21123, CVE-2021-21124, CVE-2021-21125, CVE-2021-21126, CVE-2021-21127, CVE-2021-21128, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21134, CVE-2021-21135, CVE-2021-21136, CVE-2021-21137, CVE-2021-21138, CVE-2021-21139, CVE-2021-21140, CVE-2021-21141, CVE-2021-21142, CVE-2021-21143, CVE-2021-21144, CVE-2021-21145, CVE-2021-21146, CVE-2021-21147

DSA: 4846