ASA-202112-7: vivaldi: multiple issues
Arch Linux Security Advisory ASA-202112-7
========================================
Severity: High
Date : 2021-12-11
CVE-ID : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055
CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059
CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064
CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
Package : vivaldi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2601
Summary
======
The package vivaldi before version 5.0.2497.28-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing
and insufficient validation.
Resolution
=========
Upgrade to 5.0.2497.28-1.
# pacman -Syu "vivaldi>=5.0.2497.28-1"
The problems have been fixed upstream in version 5.0.2497.28.
Workaround
=========
None.
Description
==========
- CVE-2021-4052 (arbitrary code execution)
A use after free security issue has been found in the web apps
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4053 (arbitrary code execution)
A use after free security issue has been found in the UI component of
the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4054 (content spoofing)
An incorrect security UI security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4055 (arbitrary code execution)
A heap buffer overflow security issue has been found in the extensions
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4056 (arbitrary code execution)
A type confusion security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4057 (arbitrary code execution)
A use after free security issue has been found in the file API
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4058 (arbitrary code execution)
A heap buffer overflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4059 (insufficient validation)
An insufficient data validation security issue has been found in the
loader component of the Chromium browser engine before version
96.0.4664.93.
- CVE-2021-4061 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4062 (arbitrary code execution)
A heap buffer overflow security issue has been found in the BFCache
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4063 (arbitrary code execution)
A use after free security issue has been found in the developer tools
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4064 (arbitrary code execution)
A use after free security issue has been found in the screen capture
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4065 (arbitrary code execution)
A use after free security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4066 (arbitrary code execution)
An integer underflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4067 (arbitrary code execution)
A use after free security issue has been found in the window manager
component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4068 (insufficient validation)
An insufficient validation of untrusted input security issue has been
found in the new tab page component of the Chromium browser engine
before version 96.0.4664.93.
Impact
=====
A remote attacker could execute arbitrary code or spoof content through
crafted web content.
References
=========
https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/
https://vivaldi.com/blog/desktop/minor-update-5-0/
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
https://crbug.com/1267661
https://crbug.com/1267791
https://crbug.com/1239760
https://crbug.com/1266510
https://crbug.com/1260939
https://crbug.com/1262183
https://crbug.com/1267496
https://crbug.com/1270990
https://crbug.com/1271456
https://crbug.com/1272403
https://crbug.com/1273176
https://crbug.com/1273197
https://crbug.com/1273674
https://crbug.com/1274499
https://crbug.com/1274641
https://crbug.com/1265197
https://security.archlinux.org/CVE-2021-4052
https://security.archlinux.org/CVE-2021-4053
https://security.archlinux.org/CVE-2021-4054
https://security.archlinux.org/CVE-2021-4055
https://security.archlinux.org/CVE-2021-4056
https://security.archlinux.org/CVE-2021-4057
https://security.archlinux.org/CVE-2021-4058
https://security.archlinux.org/CVE-2021-4059
https://security.archlinux.org/CVE-2021-4061
https://security.archlinux.org/CVE-2021-4062
https://security.archlinux.org/CVE-2021-4063
https://security.archlinux.org/CVE-2021-4064
https://security.archlinux.org/CVE-2021-4065
https://security.archlinux.org/CVE-2021-4066
https://security.archlinux.org/CVE-2021-4067
https://security.archlinux.org/CVE-2021-4068
A vivaldi security update has been released for Arch Linux.