Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1350-1 Final 1 1 2021-10-12T10:39:31Z current 2021-10-12T10:39:31Z 2021-10-12T10:39:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium 94.0.4606.81 (boo#1191463): * CVE-2021-37977: Use after free in Garbage Collection * CVE-2021-37978: Heap buffer overflow in Blink * CVE-2021-37979: Heap buffer overflow in WebRTC * CVE-2021-37980: Inappropriate implementation in Sandbox Chromium 94.0.4606.54 (boo#1190765): * CVE-2021-37956: Use after free in Offline use * CVE-2021-37957: Use after free in WebGPU * CVE-2021-37958: Inappropriate implementation in Navigation * CVE-2021-37959: Use after free in Task Manager * CVE-2021-37960: Inappropriate implementation in Blink graphics * CVE-2021-37961: Use after free in Tab Strip * CVE-2021-37962: Use after free in Performance Manager * CVE-2021-37963: Side-channel information leakage in DevTools * CVE-2021-37964: Inappropriate implementation in ChromeOS Networking * CVE-2021-37965: Inappropriate implementation in Background Fetch API * CVE-2021-37966: Inappropriate implementation in Compositing * CVE-2021-37967: Inappropriate implementation in Background Fetch API * CVE-2021-37968: Inappropriate implementation in Background Fetch API * CVE-2021-37969: Inappropriate implementation in Google Updater * CVE-2021-37970: Use after free in File System API * CVE-2021-37971: Incorrect security UI in Web Browser UI * CVE-2021-37972: Out of bounds read in libjpeg-turbo Chromium 94.0.4606.61 (boo#1191166): * CVE-2021-37973: Use after free in Portals Chromium 94.0.4606.71 (boo#1191204): * CVE-2021-37974 : Use after free in Safe Browsing * CVE-2021-37975 : Use after free in V8 * CVE-2021-37976 : Information leak in core The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1350 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ E-Mail link for openSUSE-SU-2021:1350-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1190765 SUSE Bug 1190765 https://bugzilla.suse.com/1191166 SUSE Bug 1191166 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 https://bugzilla.suse.com/1191463 SUSE Bug 1191463 https://www.suse.com/security/cve/CVE-2021-37956/ SUSE CVE CVE-2021-37956 page https://www.suse.com/security/cve/CVE-2021-37957/ SUSE CVE CVE-2021-37957 page https://www.suse.com/security/cve/CVE-2021-37958/ SUSE CVE CVE-2021-37958 page https://www.suse.com/security/cve/CVE-2021-37959/ SUSE CVE CVE-2021-37959 page https://www.suse.com/security/cve/CVE-2021-37960/ SUSE CVE CVE-2021-37960 page https://www.suse.com/security/cve/CVE-2021-37961/ SUSE CVE CVE-2021-37961 page https://www.suse.com/security/cve/CVE-2021-37962/ SUSE CVE CVE-2021-37962 page https://www.suse.com/security/cve/CVE-2021-37963/ SUSE CVE CVE-2021-37963 page https://www.suse.com/security/cve/CVE-2021-37964/ SUSE CVE CVE-2021-37964 page https://www.suse.com/security/cve/CVE-2021-37965/ SUSE CVE CVE-2021-37965 page https://www.suse.com/security/cve/CVE-2021-37966/ SUSE CVE CVE-2021-37966 page https://www.suse.com/security/cve/CVE-2021-37967/ SUSE CVE CVE-2021-37967 page https://www.suse.com/security/cve/CVE-2021-37968/ SUSE CVE CVE-2021-37968 page https://www.suse.com/security/cve/CVE-2021-37969/ SUSE CVE CVE-2021-37969 page https://www.suse.com/security/cve/CVE-2021-37970/ SUSE CVE CVE-2021-37970 page https://www.suse.com/security/cve/CVE-2021-37971/ SUSE CVE CVE-2021-37971 page https://www.suse.com/security/cve/CVE-2021-37972/ SUSE CVE CVE-2021-37972 page https://www.suse.com/security/cve/CVE-2021-37973/ SUSE CVE CVE-2021-37973 page https://www.suse.com/security/cve/CVE-2021-37974/ SUSE CVE CVE-2021-37974 page https://www.suse.com/security/cve/CVE-2021-37975/ SUSE CVE CVE-2021-37975 page https://www.suse.com/security/cve/CVE-2021-37976/ SUSE CVE CVE-2021-37976 page https://www.suse.com/security/cve/CVE-2021-37977/ SUSE CVE CVE-2021-37977 page https://www.suse.com/security/cve/CVE-2021-37978/ SUSE CVE CVE-2021-37978 page https://www.suse.com/security/cve/CVE-2021-37979/ SUSE CVE CVE-2021-37979 page https://www.suse.com/security/cve/CVE-2021-37980/ SUSE CVE CVE-2021-37980 page openSUSE Leap 15.2 chromedriver-94.0.4606.81-lp152.2.132.1 chromium-94.0.4606.81-lp152.2.132.1 chromedriver-94.0.4606.81-lp152.2.132.1 as a component of openSUSE Leap 15.2 chromium-94.0.4606.81-lp152.2.132.1 as a component of openSUSE Leap 15.2 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37956 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37956.html CVE-2021-37956 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37957 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37957.html CVE-2021-37957 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2021-37958 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37958.html CVE-2021-37958 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37959 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37959.html CVE-2021-37959 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2021-37960 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37960.html CVE-2021-37960 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37961 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37961.html CVE-2021-37961 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37962 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37962.html CVE-2021-37962 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2021-37963 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37963.html CVE-2021-37963 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. CVE-2021-37964 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37964.html CVE-2021-37964 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-37965 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37965.html CVE-2021-37965 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-37966 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37966.html CVE-2021-37966 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. CVE-2021-37967 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37967.html CVE-2021-37967 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-37968 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37968.html CVE-2021-37968 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. CVE-2021-37969 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37969.html CVE-2021-37969 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37970 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37970.html CVE-2021-37970 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-37971 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37971.html CVE-2021-37971 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37972 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37972.html CVE-2021-37972 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-37973 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37973.html CVE-2021-37973 https://bugzilla.suse.com/1191166 SUSE Bug 1191166 Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37974 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37974.html CVE-2021-37974 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37975 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37975.html CVE-2021-37975 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-37976 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37976.html CVE-2021-37976 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37977 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37977.html CVE-2021-37977 https://bugzilla.suse.com/1191463 SUSE Bug 1191463 Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37978 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37978.html CVE-2021-37978 https://bugzilla.suse.com/1191463 SUSE Bug 1191463 heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37979 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37979.html CVE-2021-37979 https://bugzilla.suse.com/1191463 SUSE Bug 1191463 Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. CVE-2021-37980 openSUSE Leap 15.2:chromedriver-94.0.4606.81-lp152.2.132.1 openSUSE Leap 15.2:chromium-94.0.4606.81-lp152.2.132.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/ https://www.suse.com/security/cve/CVE-2021-37980.html CVE-2021-37980 https://bugzilla.suse.com/1191463 SUSE Bug 1191463