--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-78547312f2
2021-04-05 00:16:02.377958
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 34
Version : 89.0.4389.90
Release : 3.fc34
URL :
http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to
use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Fix issue where chromium would crash upon accessing components/cast_*. Thanks to
Gentoo for the patch. ---- Hi there. This is the latest release of the browser
that Google doesn't want you to use. It fixes a bag full of security issues:
CVE-2021-21162 CVE-2021-21180 CVE-2021-21164 CVE-2021-21170 CVE-2021-21181
CVE-2021-21166 CVE-2021-21160 CVE-2021-21179 CVE-2021-21187 CVE-2021-21173
CVE-2021-21174 CVE-2021-21183 CVE-2021-21161 CVE-2021-21171 CVE-2021-21178
CVE-2021-21169 CVE-2021-21163 CVE-2021-21175 CVE-2021-21177 CVE-2021-21185
CVE-2021-21190 CVE-2021-21184 CVE-2021-21168 CVE-2021-21167 CVE-2021-21188
CVE-2021-21172 CVE-2021-21182 CVE-2021-21176 CVE-2021-21159 CVE-2021-21186
CVE-2021-21165 CVE-2021-21189
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.90-3
- apply upstream fix for newer system libva
* Wed Mar 24 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.90-2
- fix crashes with components/cast_*
* Thu Mar 18 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.90-1
- update to 89.0.4389.90
- disable auto-download of widevine binary only blob
* Mon Mar 15 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.82-2
- add support for futex_time64
* Mon Mar 8 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.82-1
- update to 89.0.4389.82
* Thu Mar 4 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.72-1
- update to 89.0.4389.72
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
88.0.4324.182-3
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1935934 - CVE-2021-21162 chromium-browser: Use after free in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1935934
[ 2 ] Bug #1935935 - CVE-2021-21180 chromium-browser: Use after free in tab search
https://bugzilla.redhat.com/show_bug.cgi?id=1935935
[ 3 ] Bug #1935936 - CVE-2021-21164 chromium-browser: Insufficient data validation in
Chrome for iOS
https://bugzilla.redhat.com/show_bug.cgi?id=1935936
[ 4 ] Bug #1935937 - CVE-2021-21170 chromium-browser: Incorrect security UI in Loader
https://bugzilla.redhat.com/show_bug.cgi?id=1935937
[ 5 ] Bug #1935938 - CVE-2021-21181 chromium-browser: Side-channel information leakage
in autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1935938
[ 6 ] Bug #1935939 - CVE-2021-21166 chromium-browser: Object lifecycle issue in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1935939
[ 7 ] Bug #1935940 - CVE-2021-21160 chromium-browser: Heap buffer overflow in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1935940
[ 8 ] Bug #1935941 - CVE-2021-21179 chromium-browser: Use after free in Network
Internals
https://bugzilla.redhat.com/show_bug.cgi?id=1935941
[ 9 ] Bug #1935942 - CVE-2021-21187 chromium-browser: Insufficient data validation in
URL formatting
https://bugzilla.redhat.com/show_bug.cgi?id=1935942
[ 10 ] Bug #1935943 - CVE-2021-21173 chromium-browser: Side-channel information leakage
in Network Internals
https://bugzilla.redhat.com/show_bug.cgi?id=1935943
[ 11 ] Bug #1935944 - CVE-2021-21174 chromium-browser: Inappropriate implementation in
Referrer
https://bugzilla.redhat.com/show_bug.cgi?id=1935944
[ 12 ] Bug #1935945 - CVE-2021-21183 chromium-browser: Inappropriate implementation in
performance APIs
https://bugzilla.redhat.com/show_bug.cgi?id=1935945
[ 13 ] Bug #1935946 - CVE-2021-21161 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1935946
[ 14 ] Bug #1935947 - CVE-2021-21171 chromium-browser: Incorrect security UI in TabStrip
and Navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1935947
[ 15 ] Bug #1935948 - CVE-2021-21178 chromium-browser: Inappropriate implementation in
Compositing
https://bugzilla.redhat.com/show_bug.cgi?id=1935948
[ 16 ] Bug #1935950 - CVE-2021-21169 chromium-browser: Out of bounds memory access in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1935950
[ 17 ] Bug #1935951 - CVE-2021-21163 chromium-browser: Insufficient data validation in
Reader Mode
https://bugzilla.redhat.com/show_bug.cgi?id=1935951
[ 18 ] Bug #1935952 - CVE-2021-21175 chromium-browser: Inappropriate implementation in
Site isolation
https://bugzilla.redhat.com/show_bug.cgi?id=1935952
[ 19 ] Bug #1935953 - CVE-2021-21177 chromium-browser: Insufficient policy enforcement
in Autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1935953
[ 20 ] Bug #1935954 - CVE-2021-21185 chromium-browser: Insufficient policy enforcement
in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1935954
[ 21 ] Bug #1935955 - CVE-2021-21190 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1935955
[ 22 ] Bug #1935956 - CVE-2021-21184 chromium-browser: Inappropriate implementation in
performance APIs
https://bugzilla.redhat.com/show_bug.cgi?id=1935956
[ 23 ] Bug #1935958 - CVE-2021-21168 chromium-browser: Insufficient policy enforcement
in appcache
https://bugzilla.redhat.com/show_bug.cgi?id=1935958
[ 24 ] Bug #1935959 - CVE-2021-21167 chromium-browser: Use after free in bookmarks
https://bugzilla.redhat.com/show_bug.cgi?id=1935959
[ 25 ] Bug #1935960 - CVE-2021-21188 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1935960
[ 26 ] Bug #1935961 - CVE-2021-21172 chromium-browser: Insufficient policy enforcement
in File System API
https://bugzilla.redhat.com/show_bug.cgi?id=1935961
[ 27 ] Bug #1935962 - CVE-2021-21182 chromium-browser: Insufficient policy enforcement
in navigations
https://bugzilla.redhat.com/show_bug.cgi?id=1935962
[ 28 ] Bug #1935963 - CVE-2021-21176 chromium-browser: Inappropriate implementation in
full screen mode
https://bugzilla.redhat.com/show_bug.cgi?id=1935963
[ 29 ] Bug #1935964 - CVE-2021-21159 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1935964
[ 30 ] Bug #1935965 - CVE-2021-21186 chromium-browser: Insufficient policy enforcement
in QR scanning
https://bugzilla.redhat.com/show_bug.cgi?id=1935965
[ 31 ] Bug #1935966 - CVE-2021-21165 chromium-browser: Object lifecycle issue in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1935966
[ 32 ] Bug #1935967 - CVE-2021-21189 chromium-browser: Insufficient policy enforcement
in payments
https://bugzilla.redhat.com/show_bug.cgi?id=1935967
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-78547312f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------