chromedriver-94.0.4606.71-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11555-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-94.0.4606.71-1.1 on GA media These are all security issues fixed in the chromedriver-94.0.4606.71-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11555 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-37956/ SUSE CVE CVE-2021-37956 page https://www.suse.com/security/cve/CVE-2021-37957/ SUSE CVE CVE-2021-37957 page https://www.suse.com/security/cve/CVE-2021-37958/ SUSE CVE CVE-2021-37958 page https://www.suse.com/security/cve/CVE-2021-37959/ SUSE CVE CVE-2021-37959 page https://www.suse.com/security/cve/CVE-2021-37960/ SUSE CVE CVE-2021-37960 page https://www.suse.com/security/cve/CVE-2021-37961/ SUSE CVE CVE-2021-37961 page https://www.suse.com/security/cve/CVE-2021-37962/ SUSE CVE CVE-2021-37962 page https://www.suse.com/security/cve/CVE-2021-37963/ SUSE CVE CVE-2021-37963 page https://www.suse.com/security/cve/CVE-2021-37964/ SUSE CVE CVE-2021-37964 page https://www.suse.com/security/cve/CVE-2021-37965/ SUSE CVE CVE-2021-37965 page https://www.suse.com/security/cve/CVE-2021-37966/ SUSE CVE CVE-2021-37966 page https://www.suse.com/security/cve/CVE-2021-37967/ SUSE CVE CVE-2021-37967 page https://www.suse.com/security/cve/CVE-2021-37968/ SUSE CVE CVE-2021-37968 page https://www.suse.com/security/cve/CVE-2021-37969/ SUSE CVE CVE-2021-37969 page https://www.suse.com/security/cve/CVE-2021-37970/ SUSE CVE CVE-2021-37970 page https://www.suse.com/security/cve/CVE-2021-37971/ SUSE CVE CVE-2021-37971 page https://www.suse.com/security/cve/CVE-2021-37972/ SUSE CVE CVE-2021-37972 page https://www.suse.com/security/cve/CVE-2021-37973/ SUSE CVE CVE-2021-37973 page https://www.suse.com/security/cve/CVE-2021-37974/ SUSE CVE CVE-2021-37974 page https://www.suse.com/security/cve/CVE-2021-37975/ SUSE CVE CVE-2021-37975 page https://www.suse.com/security/cve/CVE-2021-37976/ SUSE CVE CVE-2021-37976 page openSUSE Tumbleweed chromedriver-94.0.4606.71-1.1 chromium-94.0.4606.71-1.1 chromedriver-94.0.4606.71-1.1 as a component of openSUSE Tumbleweed chromium-94.0.4606.71-1.1 as a component of openSUSE Tumbleweed Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37956 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37956.html CVE-2021-37956 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37957 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37957.html CVE-2021-37957 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2021-37958 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37958.html CVE-2021-37958 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37959 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37959.html CVE-2021-37959 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2021-37960 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37960.html CVE-2021-37960 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37961 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37961.html CVE-2021-37961 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37962 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37962.html CVE-2021-37962 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2021-37963 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37963.html CVE-2021-37963 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. CVE-2021-37964 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37964.html CVE-2021-37964 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-37965 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37965.html CVE-2021-37965 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-37966 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37966.html CVE-2021-37966 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. CVE-2021-37967 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37967.html CVE-2021-37967 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-37968 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37968.html CVE-2021-37968 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. CVE-2021-37969 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37969.html CVE-2021-37969 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37970 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37970.html CVE-2021-37970 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-37971 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37971.html CVE-2021-37971 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37972 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37972.html CVE-2021-37972 https://bugzilla.suse.com/1190765 SUSE Bug 1190765 Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-37973 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37973.html CVE-2021-37973 https://bugzilla.suse.com/1191166 SUSE Bug 1191166 Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37974 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37974.html CVE-2021-37974 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37975 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37975.html CVE-2021-37975 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-37976 openSUSE Tumbleweed:chromedriver-94.0.4606.71-1.1 openSUSE Tumbleweed:chromium-94.0.4606.71-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37976.html CVE-2021-37976 https://bugzilla.suse.com/1191204 SUSE Bug 1191204