[openSUSE-SU-2020:1020-1] Security update for chromium
Severity
Important
Affected Packages
2
CVEs
26
Security update for chromium
This update for chromium fixes the following issues:
- Update to 84.0.4147.89 boo#1174189:
- Critical CVE-2020-6510: Heap buffer overflow in background fetch.
- High CVE-2020-6511: Side-channel information leakage in content security policy.
- High CVE-2020-6512: Type Confusion in V8.
- High CVE-2020-6513: Heap buffer overflow in PDFium.
- High CVE-2020-6514: Inappropriate implementation in WebRTC.
- High CVE-2020-6515: Use after free in tab strip.
- High CVE-2020-6516: Policy bypass in CORS.
- High CVE-2020-6517: Heap buffer overflow in history.
- Medium CVE-2020-6518: Use after free in developer tools.
- Medium CVE-2020-6519: Policy bypass in CSP.
- Medium CVE-2020-6520: Heap buffer overflow in Skia.
- Medium CVE-2020-6521: Side-channel information leakage in autofill.
- Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers.
- Medium CVE-2020-6523: Out of bounds write in Skia.
- Medium CVE-2020-6524: Heap buffer overflow in WebAudio.
- Medium CVE-2020-6525: Heap buffer overflow in Skia.
- Low CVE-2020-6526: Inappropriate implementation in iframe sandbox.
- Low CVE-2020-6527: Insufficient policy enforcement in CSP.
- Low CVE-2020-6528: Incorrect security UI in basic auth.
- Low CVE-2020-6529: Inappropriate implementation in WebRTC.
- Low CVE-2020-6530: Out of bounds memory access in developer tools.
- Low CVE-2020-6531: Side-channel information leakage in scroll to text.
- Low CVE-2020-6533: Type Confusion in V8.
- Low CVE-2020-6534: Heap buffer overflow in WebRTC.
- Low CVE-2020-6535: Insufficient data validation in WebUI.
- Low CVE-2020-6536: Incorrect security UI in PWAs.
- Use bundled xcb-proto as we need to generate py2 bindings
- Try to fix non-wayland build for Leap builds
Package | Affected Version |
---|---|
pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.2 | < 84.0.4147.89-lp152.2.6.2 |
pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.2 | < 84.0.4147.89-lp152.2.6.2 |
- ID
- openSUSE-SU-2020:1020-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HFV4AYJ7GJLZVA5D4ARU5H4RK6EYKRCE/
- Published
-
2020-07-20T14:26:27
(4 years ago) - Modified
-
2020-07-20T14:26:27
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2020-1487
- ALPINE:CVE-2020-6514
- DSA-4736-1
- DSA-4740-1
- DSA-4824-1
- ELSA-2020-3233
- ELSA-2020-3241
- ELSA-2020-3253
- ELSA-2020-3341
- ELSA-2020-3344
- ELSA-2020-3345
- FEDORA-2020-84d87cbd50
- FEDORA-2020-bf684961d9
- FREEBSD:870D59B0-C6C4-11EA-8015-E09467587C17
- GLSA-202007-08
- GLSA-202007-64
- GLSA-202101-30
- MFSA-2020-30
- MFSA-2020-31
- MFSA-2020-32
- MFSA-2020-33
- MFSA-2020-35
- openSUSE-SU-2020:1021-1
- openSUSE-SU-2020:1048-1
- openSUSE-SU-2020:1061-1
- openSUSE-SU-2020:1147-1
- openSUSE-SU-2020:1148-1
- openSUSE-SU-2020:1155-1
- openSUSE-SU-2020:1172-1
- openSUSE-SU-2020:1179-1
- openSUSE-SU-2020:1189-1
- openSUSE-SU-2020:1205-1
- RHSA-2020:3233
- RHSA-2020:3241
- RHSA-2020:3253
- RHSA-2020:3341
- RHSA-2020:3344
- RHSA-2020:3345
- RHSA-2020:3377
- SSA:2020-213-01
- SUSE-SU-2020:2100-1
- SUSE-SU-2020:2118-1
- SUSE-SU-2020:2147-1
- SUSE-SU-2020:2179-1
- USN-4443-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.2 | opensuse | chromium | < 84.0.4147.89-lp152.2.6.2 | opensuse-leap-15.2 | x86_64 | |
Affected | pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.2 | opensuse | chromedriver | < 84.0.4147.89-lp152.2.6.2 | opensuse-leap-15.2 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |