Test ID:	1.3.6.1.4.1.25623.1.0.704858
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4858-1)
Summary:	The remote host is missing an update for the Debian 'chromium' package(s) announced via the DSA-4858-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'chromium' package(s) announced via the DSA-4858-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21148 Mattias Buelens discovered a buffer overflow issue in the v8 javascript library. CVE-2021-21149 Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer implementation. CVE-2021-21150 Woojin Oh discovered a use-after-free issue in the file downloader. CVE-2021-21151 Khalil Zhani discovered a use-after-free issue in the payments system. CVE-2021-21152 A buffer overflow was discovered in media handling. CVE-2021-21153 Jan Ruge discovered a stack overflow issue in the GPU process. CVE-2021-21154 Abdulrahman Alqabandi discovered a buffer overflow issue in the Tab Strip implementation. CVE-2021-21155 Khalil Zhani discovered a buffer overflow issue in the Tab Strip implementation. CVE-2021-21156 Sergei Glazunov discovered a buffer overflow issue in the v8 javascript library. CVE-2021-21157 A use-after-free issue was discovered in the Web Sockets implementation. For the stable distribution (buster), these problems have been fixed in version 88.0.4324.182-1~ deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'chromium' package(s) on Debian 10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-21148 Debian Security Information: DSA-4858 (Google Search) https://www.debian.org/security/2021/dsa-4858 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L/ https://security.gentoo.org/glsa/202104-08 http://packetstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.html https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html https://crbug.com/1170176 Common Vulnerability Exposure (CVE) ID: CVE-2021-21149 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/ https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html https://crbug.com/1138143 Common Vulnerability Exposure (CVE) ID: CVE-2021-21150 https://crbug.com/1172192 Common Vulnerability Exposure (CVE) ID: CVE-2021-21151 https://crbug.com/1165624 Common Vulnerability Exposure (CVE) ID: CVE-2021-21152 https://crbug.com/1166504 Common Vulnerability Exposure (CVE) ID: CVE-2021-21153 https://crbug.com/1155974 Common Vulnerability Exposure (CVE) ID: CVE-2021-21154 https://crbug.com/1173269 Common Vulnerability Exposure (CVE) ID: CVE-2021-21155 https://crbug.com/1175500 Common Vulnerability Exposure (CVE) ID: CVE-2021-21156 https://crbug.com/1177341 Common Vulnerability Exposure (CVE) ID: CVE-2021-21157 https://crbug.com/1170657
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.