chromedriver-95.0.4638.54-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11598 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-95.0.4638.54-1.1 on GA media These are all security issues fixed in the chromedriver-95.0.4638.54-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11598 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11598 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-37981/ SUSE CVE CVE-2021-37981 page https://www.suse.com/security/cve/CVE-2021-37982/ SUSE CVE CVE-2021-37982 page https://www.suse.com/security/cve/CVE-2021-37983/ SUSE CVE CVE-2021-37983 page https://www.suse.com/security/cve/CVE-2021-37984/ SUSE CVE CVE-2021-37984 page https://www.suse.com/security/cve/CVE-2021-37985/ SUSE CVE CVE-2021-37985 page https://www.suse.com/security/cve/CVE-2021-37986/ SUSE CVE CVE-2021-37986 page https://www.suse.com/security/cve/CVE-2021-37987/ SUSE CVE CVE-2021-37987 page https://www.suse.com/security/cve/CVE-2021-37988/ SUSE CVE CVE-2021-37988 page https://www.suse.com/security/cve/CVE-2021-37989/ SUSE CVE CVE-2021-37989 page https://www.suse.com/security/cve/CVE-2021-37990/ SUSE CVE CVE-2021-37990 page https://www.suse.com/security/cve/CVE-2021-37991/ SUSE CVE CVE-2021-37991 page https://www.suse.com/security/cve/CVE-2021-37992/ SUSE CVE CVE-2021-37992 page https://www.suse.com/security/cve/CVE-2021-37993/ SUSE CVE CVE-2021-37993 page https://www.suse.com/security/cve/CVE-2021-37994/ SUSE CVE CVE-2021-37994 page https://www.suse.com/security/cve/CVE-2021-37995/ SUSE CVE CVE-2021-37995 page https://www.suse.com/security/cve/CVE-2021-37996/ SUSE CVE CVE-2021-37996 page openSUSE Tumbleweed chromedriver-95.0.4638.54-1.1 chromium-95.0.4638.54-1.1 chromedriver-95.0.4638.54-1.1 as a component of openSUSE Tumbleweed chromium-95.0.4638.54-1.1 as a component of openSUSE Tumbleweed Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-37981 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37981.html CVE-2021-37981 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37982 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37982.html CVE-2021-37982 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37983 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37983.html CVE-2021-37983 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37984 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37984.html CVE-2021-37984 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37985 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37985.html CVE-2021-37985 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37986 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37986.html CVE-2021-37986 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37987 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37987.html CVE-2021-37987 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37988 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37988.html CVE-2021-37988 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. CVE-2021-37989 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37989.html CVE-2021-37989 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. CVE-2021-37990 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37990.html CVE-2021-37990 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37991 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37991.html CVE-2021-37991 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37992 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37992.html CVE-2021-37992 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37993 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37993.html CVE-2021-37993 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-37994 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37994.html CVE-2021-37994 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-37995 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37995.html CVE-2021-37995 https://bugzilla.suse.com/1191844 SUSE Bug 1191844 Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. CVE-2021-37996 openSUSE Tumbleweed:chromedriver-95.0.4638.54-1.1 openSUSE Tumbleweed:chromium-95.0.4638.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37996.html CVE-2021-37996 https://bugzilla.suse.com/1191844 SUSE Bug 1191844