git: a8416100c4e9 - main - Document new vulnerabilities in www/chromium < 89.0.4389.114

Rene Ladan rene at FreeBSD.org
Tue Apr 6 08:48:41 UTC 2021 

The branch main has been updated by rene:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a8416100c4e9b0dd5090c78d09ef6a94293b3c02

commit a8416100c4e9b0dd5090c78d09ef6a94293b3c02
Author:     Rene Ladan <rene at FreeBSD.org>
AuthorDate: 2021-04-06 08:45:39 +0000
Commit:     Rene Ladan <rene at FreeBSD.org>
CommitDate: 2021-04-06 08:46:51 +0000

    Document new vulnerabilities in www/chromium < 89.0.4389.114
    
    Obtained from:  https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
---
 security/vuxml/vuln.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index a90ddc0a24fa..e4ead1bdaa63 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -78,6 +78,55 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="bddadaa4-9227-11eb-99c5-e09467587c17">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>89.0.4389.114</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Chrome Releases reports:</p>
+	<blockquote cite="https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html">
+	  <p>This update contains 8 security fixes, including:</p>
+	  <ul>
+	    <li>[1181228] High CVE-2021-21194: Use after free in screen capture.
+	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
+	      2021-02-23</li>
+	    <li>[1182647] High CVE-2021-21195: Use after free in V8.
+	      Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent
+	      Security Xuanwu Lab on 2021-02-26</li>
+	    <li>[1175992] High CVE-2021-21196: Heap buffer overflow in
+	      TabStrip. Reported by Khalil Zhani on 2021-02-08</li>
+	    <li>[1173903] High CVE-2021-21197: Heap buffer overflow in
+	      TabStrip. Reported by Abdulrahman Alqabandi, Microsoft Browser
+	      Vulnerability Research on 2021-02-03</li>
+	    <li>[1184399] High CVE-2021-21198: Out of bounds read in IPC.
+	      Reported by Mark Brand of Google Project Zero on 2021-03-03</li>
+	    <li>[1179635] High CVE-2021-21199: Use Use after free in Aura.
+	      Reported by Weipeng Jiang (@Krace) from Codesafe Team of
+	      Legendsec at Qi'anxin Group and Evangelos Foutras</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-21194</cvename>
+      <cvename>CVE-2021-21195</cvename>
+      <cvename>CVE-2021-21196</cvename>
+      <cvename>CVE-2021-21197</cvename>
+      <cvename>CVE-2021-21198</cvename>
+      <cvename>CVE-2021-21199</cvename>
+      <url>https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html</url>
+    </references>
+    <dates>
+      <discovery>2021-03-31</discovery>
+      <entry>2021-03-31</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="56abf87b-96ad-11eb-a218-001b217b3468">
     <topic>Gitlab -- Multiple vulnerabilities</topic>
     <affects>

More information about the dev-commits-ports-all mailing list