SECURITY: Fedora 34 Update: chromium-90.0.4430.93-1.fc34
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-c3754414e7
2021-05-12 05:41:31.252081
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 34
Version : 90.0.4430.93
Release : 1.fc34
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to Chromium 90.0.4430.93. Fixes the following security issues:
CVE-2021-21206 CVE-2021-21220 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203
CVE-2021-21204 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209
CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214
CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219
CVE-2021-21205 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197
CVE-2021-21198 CVE-2021-21199 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224
CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21232 CVE-2021-21233
CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 If you hold your
broken appliances close to the screen when you update, it might fix them too.
(fixes not guaranteed)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 27 2021 Tom Callaway - 90.0.4430.93-1
- update to 90.0.4430.93
* Wed Apr 21 2021 Tom Callaway - 90.0.4430.85-1
- update to 90.0.4430.85
* Fri Apr 16 2021 Tom Callaway - 90.0.4430.72-1
- update to 90.0.4430.72
* Wed Apr 14 2021 Tom Callaway - 89.0.4389.128-1
- update to 89.0.4389.128
* Wed Mar 31 2021 Jonathan Wakely - 89.0.4389.90-5
- Rebuilt for removed libstdc++ symbols (#1937698)
* Mon Mar 29 2021 Tom Callaway - 89.0.4389.90-4
- fix libva compile in rawhide
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1945106 - CVE-2021-21194 chromium-browser: Use after free in screen capture
https://bugzilla.redhat.com/show_bug.cgi?id=1945106
[ 2 ] Bug #1945107 - CVE-2021-21195 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1945107
[ 3 ] Bug #1945108 - CVE-2021-21196 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1945108
[ 4 ] Bug #1945109 - CVE-2021-21197 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1945109
[ 5 ] Bug #1945110 - CVE-2021-21198 chromium-browser: Out of bounds read in IPC
https://bugzilla.redhat.com/show_bug.cgi?id=1945110
[ 6 ] Bug #1945111 - CVE-2021-21199 chromium-browser: Use Use after free in Aura
https://bugzilla.redhat.com/show_bug.cgi?id=1945111
[ 7 ] Bug #1949617 - CVE-2021-21206 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1949617
[ 8 ] Bug #1949618 - CVE-2021-21220 chromium-browser: Insufficient validation of untrusted input in V8 for x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1949618
[ 9 ] Bug #1950436 - CVE-2021-21201 chromium-browser: Use after free in permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1950436
[ 10 ] Bug #1950437 - CVE-2021-21202 chromium-browser: Use after free in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1950437
[ 11 ] Bug #1950438 - CVE-2021-21203 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1950438
[ 12 ] Bug #1950439 - CVE-2021-21204 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1950439
[ 13 ] Bug #1950440 - CVE-2021-21221 chromium-browser: Insufficient validation of untrusted input in Mojo
https://bugzilla.redhat.com/show_bug.cgi?id=1950440
[ 14 ] Bug #1950441 - CVE-2021-21207 chromium-browser: Use after free in IndexedDB
https://bugzilla.redhat.com/show_bug.cgi?id=1950441
[ 15 ] Bug #1950442 - CVE-2021-21208 chromium-browser: Insufficient data validation in QR scanner
https://bugzilla.redhat.com/show_bug.cgi?id=1950442
[ 16 ] Bug #1950443 - CVE-2021-21209 chromium-browser: Inappropriate implementation in storage
https://bugzilla.redhat.com/show_bug.cgi?id=1950443
[ 17 ] Bug #1950444 - CVE-2021-21210 chromium-browser: Inappropriate implementation in Network
https://bugzilla.redhat.com/show_bug.cgi?id=1950444
[ 18 ] Bug #1950445 - CVE-2021-21211 chromium-browser: Inappropriate implementation in Navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1950445
[ 19 ] Bug #1950446 - CVE-2021-21212 chromium-browser: Incorrect security UI in Network Config UI
https://bugzilla.redhat.com/show_bug.cgi?id=1950446
[ 20 ] Bug #1950447 - CVE-2021-21213 chromium-browser: Use after free in WebMIDI
https://bugzilla.redhat.com/show_bug.cgi?id=1950447
[ 21 ] Bug #1950448 - CVE-2021-21214 chromium-browser: Use after free in Network API
https://bugzilla.redhat.com/show_bug.cgi?id=1950448
[ 22 ] Bug #1950449 - CVE-2021-21215 chromium-browser: Inappropriate implementation in Autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1950449
[ 23 ] Bug #1950450 - CVE-2021-21216 chromium-browser: Inappropriate implementation in Autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1950450
[ 24 ] Bug #1950451 - CVE-2021-21217 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1950451
[ 25 ] Bug #1950452 - CVE-2021-21218 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1950452
[ 26 ] Bug #1950453 - CVE-2021-21219 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1950453
[ 27 ] Bug #1950454 - CVE-2021-21205 chromium-browser: Insufficient policy enforcement in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1950454
[ 28 ] Bug #1951741 - CVE-2021-21222 chromium-browser: Heap buffer overflow in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1951741
[ 29 ] Bug #1951742 - CVE-2021-21223 chromium-browser: Integer overflow in Mojo
https://bugzilla.redhat.com/show_bug.cgi?id=1951742
[ 30 ] Bug #1951743 - CVE-2021-21224 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1951743
[ 31 ] Bug #1951744 - CVE-2021-21225 chromium-browser: Out of bounds memory access in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1951744
[ 32 ] Bug #1951745 - CVE-2021-21226 chromium-browser: Use after free in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1951745
[ 33 ] Bug #1954051 - CVE-2021-21227 chromium-browser: Insufficient data validation in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1954051
[ 34 ] Bug #1954052 - CVE-2021-21232 chromium-browser: Use after free in Dev Tools
https://bugzilla.redhat.com/show_bug.cgi?id=1954052
[ 35 ] Bug #1954053 - CVE-2021-21233 chromium-browser: Heap buffer overflow in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=1954053
[ 36 ] Bug #1954054 - CVE-2021-21228 chromium-browser: Insufficient policy enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1954054
[ 37 ] Bug #1954055 - CVE-2021-21229 chromium-browser: Incorrect security UI in downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1954055
[ 38 ] Bug #1954056 - CVE-2021-21230 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1954056
[ 39 ] Bug #1954058 - CVE-2021-21231 chromium-browser: Insufficient data validation in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1954058
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-c3754414e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
A chromium security update has been released for Fedora 34.