Arch Linux 804 Published by

A vivaldi security update has been released for Arch Linux.



ASA-202103-19: vivaldi: multiple issues


Arch Linux Security Advisory ASA-202103-19
=========================================
Severity: High
Date : 2021-03-25
CVE-ID : CVE-2020-27844 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161
CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166
CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170
CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174
CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178
CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182
CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186
CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190
CVE-2021-21191 CVE-2021-21192 CVE-2021-21193
Package : vivaldi
Type : multiple issues
Remote : Yes
Link :   https://security.archlinux.org/AVG-1633

Summary
======
The package vivaldi before version 3.7.2218.45-1 is vulnerable to
multiple issues including arbitrary code execution, insufficient
validation, access restriction bypass, content spoofing, incorrect
calculation and information disclosure.

Resolution
=========
Upgrade to 3.7.2218.45-1.

# pacman -Syu "vivaldi>=3.7.2218.45-1"

The problems have been fixed upstream in version 3.7.2218.45.

Workaround
=========
None.

Description
==========
- CVE-2020-27844 (arbitrary code execution)

A heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in
the current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of
OpenJPEG.

- CVE-2021-21159 (arbitrary code execution)

A heap buffer overflow security issue was found in the TabStrip
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21160 (arbitrary code execution)

A heap buffer overflow security issue was found in the WebAudio
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21161 (arbitrary code execution)

A heap buffer overflow security issue was found in the TabStrip
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21162 (arbitrary code execution)

A use after free security issue was found in the WebRTC component of
the Chromium browser before version 89.0.4389.72.

- CVE-2021-21163 (insufficient validation)

An insufficient data validation security issue was found in the Reader
Mode component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21165 (arbitrary code execution)

An object lifecycle security issue was found in the audio component of
the Chromium browser before version 89.0.4389.72.

- CVE-2021-21166 (arbitrary code execution)

An object lifecycle security issue was found in the audio component of
the Chromium browser before version 89.0.4389.72.

- CVE-2021-21167 (arbitrary code execution)

A use after free security issue was found in the bookmarks component of
the Chromium browser before version 89.0.4389.72.

- CVE-2021-21168 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
appcache component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21169 (information disclosure)

An out of bounds memory access security issue was found in the V8
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21170 (content spoofing)

An incorrect security UI security issue was found in the Loader
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21171 (content spoofing)

An incorrect security UI security issue was found in the TabStrip and
Navigation components of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21172 (access restriction bypass)

An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21173 (information disclosure)

A side-channel information leakage security issue was found in the
Network Internals component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21174 (incorrect calculation)

An inappropriate implementation security issue was found in the
Referrer component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21175 (incorrect calculation)

An inappropriate implementation security issue was found in the Site
isolation component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21176 (incorrect calculation)

An inappropriate implementation security issue was found in the full
screen mode component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21177 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
Autofill component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21178 (incorrect calculation)

An inappropriate implementation security issue was found in the
Compositing component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21179 (arbitrary code execution)

A use after free security issue was found in the Network Internals
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21180 (arbitrary code execution)

A use after free security issue was found in the tab search component
of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21181 (information disclosure)

A side-channel information leakage security issue was found in the
autofill component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21182 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
navigations component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21183 (incorrect calculation)

An inappropriate implementation security issue was found in the
performance APIs component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21184 (incorrect calculation)

An inappropriate implementation security issue was found in the
performance APIs component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21185 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
extensions component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21186 (access restriction bypass)

An insufficient policy enforcement security issue was found in the QR
scanning component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21187 (insufficient validation)

An insufficient data validation security issue was found in the URL
formatting component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21188 (arbitrary code execution)

A use after free security issue was found in the Blink component of the
Chromium browser before version 89.0.4389.72.

- CVE-2021-21189 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
payments component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21190 (arbitrary code execution)

An uninitialized use security issue was found in the PDFium component
of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21191 (arbitrary code execution)

A use after free security issue was found in the WebRTC component of
the Chromium browser before version 89.0.4389.90.

- CVE-2021-21192 (arbitrary code execution)

A heap buffer overflow security issue was found in the tab groups
component of the Chromium browser before version 89.0.4389.90.

- CVE-2021-21193 (arbitrary code execution)

A use after free security issue was found in the Blink component of the
Chromium browser before version 89.0.4389.90. Google is aware of
reports that an exploit for this issue exists in the wild.

Impact
=====
A remote attacker might be able to bypass security measures, trick the
user into performing unwanted actions or execute arbitrary code.

References
=========
  https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/
  https://vivaldi.com/blog/vivaldi-fires-up-performance-2/
  https://github.com/uclouvain/openjpeg/issues/1299
  https://github.com/uclouvain/openjpeg/pull/1301
  https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296
  https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
  https://crbug.com/1171049
  https://crbug.com/1170531
  https://crbug.com/1173702
  https://crbug.com/1172054
  https://crbug.com/1111239
  https://crbug.com/1174582
  https://crbug.com/1177465
  https://crbug.com/1161144
  https://crbug.com/1152226
  https://crbug.com/1166138
  https://crbug.com/1111646
  https://crbug.com/1152894
  https://crbug.com/1150810
  https://crbug.com/1154250
  https://crbug.com/1158010
  https://crbug.com/1146651
  https://crbug.com/1170584
  https://crbug.com/1173879
  https://crbug.com/1174186
  https://crbug.com/1174943
  https://crbug.com/1175507
  https://crbug.com/1182767
  https://crbug.com/1049265
  https://crbug.com/1105875
  https://crbug.com/1131929
  https://crbug.com/1100748
  https://crbug.com/1153445
  https://crbug.com/1155516
  https://crbug.com/1161739
  https://crbug.com/1165392
  https://crbug.com/1166091
  https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
  https://crbug.com/1167357
  https://crbug.com/1181387
  https://crbug.com/1186287
  https://security.archlinux.org/CVE-2020-27844
  https://security.archlinux.org/CVE-2021-21159
  https://security.archlinux.org/CVE-2021-21160
  https://security.archlinux.org/CVE-2021-21161
  https://security.archlinux.org/CVE-2021-21162
  https://security.archlinux.org/CVE-2021-21163
  https://security.archlinux.org/CVE-2021-21165
  https://security.archlinux.org/CVE-2021-21166
  https://security.archlinux.org/CVE-2021-21167
  https://security.archlinux.org/CVE-2021-21168
  https://security.archlinux.org/CVE-2021-21169
  https://security.archlinux.org/CVE-2021-21170
  https://security.archlinux.org/CVE-2021-21171
  https://security.archlinux.org/CVE-2021-21172
  https://security.archlinux.org/CVE-2021-21173
  https://security.archlinux.org/CVE-2021-21174
  https://security.archlinux.org/CVE-2021-21175
  https://security.archlinux.org/CVE-2021-21176
  https://security.archlinux.org/CVE-2021-21177
  https://security.archlinux.org/CVE-2021-21178
  https://security.archlinux.org/CVE-2021-21179
  https://security.archlinux.org/CVE-2021-21180
  https://security.archlinux.org/CVE-2021-21181
  https://security.archlinux.org/CVE-2021-21182
  https://security.archlinux.org/CVE-2021-21183
  https://security.archlinux.org/CVE-2021-21184
  https://security.archlinux.org/CVE-2021-21185
  https://security.archlinux.org/CVE-2021-21186
  https://security.archlinux.org/CVE-2021-21187
  https://security.archlinux.org/CVE-2021-21188
  https://security.archlinux.org/CVE-2021-21189
  https://security.archlinux.org/CVE-2021-21190
  https://security.archlinux.org/CVE-2021-21191
  https://security.archlinux.org/CVE-2021-21192
  https://security.archlinux.org/CVE-2021-21193