Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0629-1 Final 1 1 2021-04-30T19:22:32Z current 2021-04-30T19:22:32Z 2021-04-30T19:22:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update for chromium fixes the following issues: - Chromium was updated to 90.0.4430.93 (boo#1184764,boo#1185047,boo#1185398) * CVE-2021-21227: Insufficient data validation in V8. * CVE-2021-21232: Use after free in Dev Tools. * CVE-2021-21233: Heap buffer overflow in ANGLE. * CVE-2021-21228: Insufficient policy enforcement in extensions. * CVE-2021-21229: Incorrect security UI in downloads. * CVE-2021-21230: Type Confusion in V8. * CVE-2021-21231: Insufficient data validation in V8. * CVE-2021-21222: Heap buffer overflow in V8 * CVE-2021-21223: Integer overflow in Mojo * CVE-2021-21224: Type Confusion in V8 * CVE-2021-21225: Out of bounds memory access in V8 * CVE-2021-21226: Use after free in navigation * CVE-2021-21201: Use after free in permissions * CVE-2021-21202: Use after free in extensions * CVE-2021-21203: Use after free in Blink * CVE-2021-21204: Use after free in Blink * CVE-2021-21205: Insufficient policy enforcement in navigation * CVE-2021-21221: Insufficient validation of untrusted input in Mojo * CVE-2021-21207: Use after free in IndexedDB * CVE-2021-21208: Insufficient data validation in QR scanner * CVE-2021-21209: Inappropriate implementation in storage * CVE-2021-21210: Inappropriate implementation in Network * CVE-2021-21211: Inappropriate implementation in Navigatio * CVE-2021-21212: Incorrect security UI in Network Config UI * CVE-2021-21213: Use after free in WebMIDI The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-629 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ E-Mail link for openSUSE-SU-2021:0629-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/11845047 SUSE Bug 11845047 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 https://bugzilla.suse.com/1185398 SUSE Bug 1185398 https://www.suse.com/security/cve/CVE-2021-21201/ SUSE CVE CVE-2021-21201 page https://www.suse.com/security/cve/CVE-2021-21202/ SUSE CVE CVE-2021-21202 page https://www.suse.com/security/cve/CVE-2021-21203/ SUSE CVE CVE-2021-21203 page https://www.suse.com/security/cve/CVE-2021-21204/ SUSE CVE CVE-2021-21204 page https://www.suse.com/security/cve/CVE-2021-21205/ SUSE CVE CVE-2021-21205 page https://www.suse.com/security/cve/CVE-2021-21207/ SUSE CVE CVE-2021-21207 page https://www.suse.com/security/cve/CVE-2021-21208/ SUSE CVE CVE-2021-21208 page https://www.suse.com/security/cve/CVE-2021-21209/ SUSE CVE CVE-2021-21209 page https://www.suse.com/security/cve/CVE-2021-21210/ SUSE CVE CVE-2021-21210 page https://www.suse.com/security/cve/CVE-2021-21211/ SUSE CVE CVE-2021-21211 page https://www.suse.com/security/cve/CVE-2021-21212/ SUSE CVE CVE-2021-21212 page https://www.suse.com/security/cve/CVE-2021-21213/ SUSE CVE CVE-2021-21213 page https://www.suse.com/security/cve/CVE-2021-21221/ SUSE CVE CVE-2021-21221 page https://www.suse.com/security/cve/CVE-2021-21222/ SUSE CVE CVE-2021-21222 page https://www.suse.com/security/cve/CVE-2021-21223/ SUSE CVE CVE-2021-21223 page https://www.suse.com/security/cve/CVE-2021-21224/ SUSE CVE CVE-2021-21224 page https://www.suse.com/security/cve/CVE-2021-21225/ SUSE CVE CVE-2021-21225 page https://www.suse.com/security/cve/CVE-2021-21226/ SUSE CVE CVE-2021-21226 page https://www.suse.com/security/cve/CVE-2021-21227/ SUSE CVE CVE-2021-21227 page https://www.suse.com/security/cve/CVE-2021-21228/ SUSE CVE CVE-2021-21228 page https://www.suse.com/security/cve/CVE-2021-21229/ SUSE CVE CVE-2021-21229 page https://www.suse.com/security/cve/CVE-2021-21230/ SUSE CVE CVE-2021-21230 page https://www.suse.com/security/cve/CVE-2021-21231/ SUSE CVE CVE-2021-21231 page https://www.suse.com/security/cve/CVE-2021-21232/ SUSE CVE CVE-2021-21232 page https://www.suse.com/security/cve/CVE-2021-21233/ SUSE CVE CVE-2021-21233 page openSUSE Leap 15.2 chromedriver-90.0.4430.93-lp152.2.89.1 chromium-90.0.4430.93-lp152.2.89.1 chromedriver-90.0.4430.93-lp152.2.89.1 as a component of openSUSE Leap 15.2 chromium-90.0.4430.93-lp152.2.89.1 as a component of openSUSE Leap 15.2 Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21201 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21201.html CVE-2021-21201 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2021-21202 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21202.html CVE-2021-21202 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21203 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21203.html CVE-2021-21203 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21204 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21204.html CVE-2021-21204 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-21205 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21205.html CVE-2021-21205 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2021-21207 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21207.html CVE-2021-21207 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. CVE-2021-21208 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21208.html CVE-2021-21208 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21209 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21209.html CVE-2021-21209 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. CVE-2021-21210 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21210.html CVE-2021-21210 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21211 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21211.html CVE-2021-21211 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. CVE-2021-21212 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21212.html CVE-2021-21212 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21213 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21213.html CVE-2021-21213 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. CVE-2021-21221 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21221.html CVE-2021-21221 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2021-21222 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21222.html CVE-2021-21222 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21223 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21223.html CVE-2021-21223 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2021-21224 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21224.html CVE-2021-21224 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21225 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21225.html CVE-2021-21225 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21226 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21226.html CVE-2021-21226 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21227 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21227.html CVE-2021-21227 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2021-21228 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21228.html CVE-2021-21228 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2021-21229 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21229.html CVE-2021-21229 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21230 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21230.html CVE-2021-21230 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21231 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21231.html CVE-2021-21231 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21232 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21232.html CVE-2021-21232 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21233 openSUSE Leap 15.2:chromedriver-90.0.4430.93-lp152.2.89.1 openSUSE Leap 15.2:chromium-90.0.4430.93-lp152.2.89.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/ https://www.suse.com/security/cve/CVE-2021-21233.html CVE-2021-21233 https://bugzilla.suse.com/1185375 SUSE Bug 1185375