rpm package

opensuse/libqt5-qtwebengine&distro=openSUSE Leap 15.2

pkg:rpm/opensuse/libqt5-qtwebengine&distro=openSUSE%20Leap%2015.2

Vulnerabilities (29)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-21126	—	< 5.15.3-lp152.3.3.4	5.15.3-lp152.3.3.4	Feb 9, 2021	Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
CVE-2021-21125	—	< 5.15.3-lp152.3.3.4	5.15.3-lp152.3.3.4	Feb 9, 2021	Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
CVE-2021-21123	—	< 5.15.3-lp152.3.3.4	5.15.3-lp152.3.3.4	Feb 9, 2021	Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
CVE-2021-21122	—	< 5.15.3-lp152.3.3.4	5.15.3-lp152.3.3.4	Feb 9, 2021	Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21121	—	< 5.15.3-lp152.3.3.4	5.15.3-lp152.3.3.4	Feb 9, 2021	Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21120	—	< 5.15.3-lp152.3.3.4	5.15.3-lp152.3.3.4	Feb 9, 2021	Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21119	—	< 5.15.3-lp152.3.3.4	5.15.3-lp152.3.3.4	Feb 9, 2021	Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21118	—	< 5.15.3-lp152.3.3.4	5.15.3-lp152.3.3.4	Feb 9, 2021	Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-16044	—	< 5.15.3-lp152.3.3.4	5.15.3-lp152.3.3.4	Feb 9, 2021	Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

CVE-2021-21126Feb 9, 2021
affected < 5.15.3-lp152.3.3.4fixed 5.15.3-lp152.3.3.4
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
CVE-2021-21125Feb 9, 2021
affected < 5.15.3-lp152.3.3.4fixed 5.15.3-lp152.3.3.4
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
CVE-2021-21123Feb 9, 2021
affected < 5.15.3-lp152.3.3.4fixed 5.15.3-lp152.3.3.4
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
CVE-2021-21122Feb 9, 2021
affected < 5.15.3-lp152.3.3.4fixed 5.15.3-lp152.3.3.4
Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21121Feb 9, 2021
affected < 5.15.3-lp152.3.3.4fixed 5.15.3-lp152.3.3.4
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21120Feb 9, 2021
affected < 5.15.3-lp152.3.3.4fixed 5.15.3-lp152.3.3.4
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21119Feb 9, 2021
affected < 5.15.3-lp152.3.3.4fixed 5.15.3-lp152.3.3.4
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21118Feb 9, 2021
affected < 5.15.3-lp152.3.3.4fixed 5.15.3-lp152.3.3.4
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-16044Feb 9, 2021
affected < 5.15.3-lp152.3.3.4fixed 5.15.3-lp152.3.3.4
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

Page 2 of 2