[openSUSE-SU-2020:0823-1] Security update for chromium
Severity
Important
Affected Packages
2
CVEs
32
Security update for chromium
This update for chromium fixes the following issues:
Chromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496):
- CVE-2020-6463: Use after free in ANGLE (boo#1170107 boo#1171975).
- CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21
- CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26
- CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06
- CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30
- CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02
- CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by MichaĆ Bentkowski of Securitum on 2020-03-30
- CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08
- CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25
- CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06
- CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07
- CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31
- CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18
- CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26
- CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24
- CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14
- CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21
- CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07
- CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17
- CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23
- CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26
- CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30
- CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24
- CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06
- CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21
- CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10
- CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19
- CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07
- CVE-2020-6493: Use after free in WebAuthentication.
- CVE-2020-6494: Incorrect security UI in payments.
- CVE-2020-6495: Insufficient policy enforcement in developer tools.
- CVE-2020-6496: Use after free in payments.
| Package | Affected Version |
|---|---|
 pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.1
|
< 83.0.4103.97-lp151.2.96.1 |
|
pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.1
|
< 83.0.4103.97-lp151.2.96.1 |
- ID
- openSUSE-SU-2020:0823-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/
- Published
-
2020-06-17T16:18:21
(4 years ago) - Modified
-
2020-06-17T16:18:21
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS2-2020-1487
-
ALPINE:CVE-2020-6463
-
ASA-202005-12
-
ASA-202006-3
-
DSA-4714-1
-
DSA-4736-1
-
DSA-4740-1
-
ELSA-2020-3233
-
ELSA-2020-3241
-
ELSA-2020-3253
-
ELSA-2020-3341
-
ELSA-2020-3344
-
ELSA-2020-3345
-
FEDORA-2020-08561721ad
-
FEDORA-2020-77f89ab772
-
FREEBSD:38C676BD-9DEF-11EA-A94C-3065EC8FD3EC
-
FREEBSD:A2CAF7BD-A719-11EA-A857-E09467587C17
-
GLSA-202006-02
-
GLSA-202007-60
-
GLSA-202007-64
-
GLSA-202101-30
-
MFSA-2020-30
-
MFSA-2020-31
-
MFSA-2020-32
-
MFSA-2020-33
-
MFSA-2020-35
-
openSUSE-SU-2020:0832-1
-
openSUSE-SU-2020:1147-1
-
openSUSE-SU-2020:1155-1
-
openSUSE-SU-2020:1179-1
-
openSUSE-SU-2020:1189-1
-
openSUSE-SU-2020:1205-1
-
RHSA-2020:1970
-
RHSA-2020:2544
-
RHSA-2020:3233
-
RHSA-2020:3241
-
RHSA-2020:3253
-
RHSA-2020:3341
-
RHSA-2020:3344
-
RHSA-2020:3345
-
SSA:2020-213-01
-
SUSE-SU-2020:2100-1
-
SUSE-SU-2020:2118-1
-
SUSE-SU-2020:2147-1
-
SUSE-SU-2020:2179-1
-
USN-4443-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.1 | opensuse |
chromium
|
< 83.0.4103.97-lp151.2.96.1 | opensuse-leap-15.1 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.1 | opensuse |
chromedriver
|
< 83.0.4103.97-lp151.2.96.1 | opensuse-leap-15.1 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |