[openSUSE-SU-2020:1020-1] Security update for chromium

Severity Important

Affected Packages 2

CVEs 26

Security update for chromium

This update for chromium fixes the following issues:

Update to 84.0.4147.89 boo#1174189:
- Critical CVE-2020-6510: Heap buffer overflow in background fetch.
- High CVE-2020-6511: Side-channel information leakage in content security policy.
- High CVE-2020-6512: Type Confusion in V8.
- High CVE-2020-6513: Heap buffer overflow in PDFium.
- High CVE-2020-6514: Inappropriate implementation in WebRTC.
- High CVE-2020-6515: Use after free in tab strip.
- High CVE-2020-6516: Policy bypass in CORS.
- High CVE-2020-6517: Heap buffer overflow in history.
- Medium CVE-2020-6518: Use after free in developer tools.
- Medium CVE-2020-6519: Policy bypass in CSP.
- Medium CVE-2020-6520: Heap buffer overflow in Skia.
- Medium CVE-2020-6521: Side-channel information leakage in autofill.
- Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers.
- Medium CVE-2020-6523: Out of bounds write in Skia.
- Medium CVE-2020-6524: Heap buffer overflow in WebAudio.
- Medium CVE-2020-6525: Heap buffer overflow in Skia.
- Low CVE-2020-6526: Inappropriate implementation in iframe sandbox.
- Low CVE-2020-6527: Insufficient policy enforcement in CSP.
- Low CVE-2020-6528: Incorrect security UI in basic auth.
- Low CVE-2020-6529: Inappropriate implementation in WebRTC.
- Low CVE-2020-6530: Out of bounds memory access in developer tools.
- Low CVE-2020-6531: Side-channel information leakage in scroll to text.
- Low CVE-2020-6533: Type Confusion in V8.
- Low CVE-2020-6534: Heap buffer overflow in WebRTC.
- Low CVE-2020-6535: Insufficient data validation in WebUI.
- Low CVE-2020-6536: Incorrect security UI in PWAs.
Use bundled xcb-proto as we need to generate py2 bindings
Try to fix non-wayland build for Leap builds

Package	Affected Version
pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.2	< 84.0.4147.89-lp152.2.6.2
pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.2	< 84.0.4147.89-lp152.2.6.2

ID

openSUSE-SU-2020:1020-1

Severity

important

URL

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HFV4AYJ7GJLZVA5D4ARU5H4RK6EYKRCE/

Published

2020-07-20T14:26:27
(4 years ago)

Modified

2020-07-20T14:26:27
(4 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1020-1.json
Suse	URL for openSUSE-SU-2020:1020-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HFV4AYJ7GJLZVA5D4ARU5H4RK6EYKRCE/
Suse	E-Mail link for openSUSE-SU-2020:1020-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HFV4AYJ7GJLZVA5D4ARU5H4RK6EYKRCE/
Bugzilla	SUSE Bug 1174189	https://bugzilla.suse.com/1174189
CVE	SUSE CVE CVE-2020-6510 page	https://www.suse.com/security/cve/CVE-2020-6510/
CVE	SUSE CVE CVE-2020-6511 page	https://www.suse.com/security/cve/CVE-2020-6511/
CVE	SUSE CVE CVE-2020-6512 page	https://www.suse.com/security/cve/CVE-2020-6512/
CVE	SUSE CVE CVE-2020-6513 page	https://www.suse.com/security/cve/CVE-2020-6513/
CVE	SUSE CVE CVE-2020-6514 page	https://www.suse.com/security/cve/CVE-2020-6514/
CVE	SUSE CVE CVE-2020-6515 page	https://www.suse.com/security/cve/CVE-2020-6515/
CVE	SUSE CVE CVE-2020-6516 page	https://www.suse.com/security/cve/CVE-2020-6516/
CVE	SUSE CVE CVE-2020-6517 page	https://www.suse.com/security/cve/CVE-2020-6517/
CVE	SUSE CVE CVE-2020-6518 page	https://www.suse.com/security/cve/CVE-2020-6518/
CVE	SUSE CVE CVE-2020-6519 page	https://www.suse.com/security/cve/CVE-2020-6519/
CVE	SUSE CVE CVE-2020-6520 page	https://www.suse.com/security/cve/CVE-2020-6520/
CVE	SUSE CVE CVE-2020-6521 page	https://www.suse.com/security/cve/CVE-2020-6521/
CVE	SUSE CVE CVE-2020-6522 page	https://www.suse.com/security/cve/CVE-2020-6522/
CVE	SUSE CVE CVE-2020-6523 page	https://www.suse.com/security/cve/CVE-2020-6523/
CVE	SUSE CVE CVE-2020-6524 page	https://www.suse.com/security/cve/CVE-2020-6524/
CVE	SUSE CVE CVE-2020-6525 page	https://www.suse.com/security/cve/CVE-2020-6525/
CVE	SUSE CVE CVE-2020-6526 page	https://www.suse.com/security/cve/CVE-2020-6526/
CVE	SUSE CVE CVE-2020-6527 page	https://www.suse.com/security/cve/CVE-2020-6527/
CVE	SUSE CVE CVE-2020-6528 page	https://www.suse.com/security/cve/CVE-2020-6528/
CVE	SUSE CVE CVE-2020-6529 page	https://www.suse.com/security/cve/CVE-2020-6529/
CVE	SUSE CVE CVE-2020-6530 page	https://www.suse.com/security/cve/CVE-2020-6530/
CVE	SUSE CVE CVE-2020-6531 page	https://www.suse.com/security/cve/CVE-2020-6531/
CVE	SUSE CVE CVE-2020-6533 page	https://www.suse.com/security/cve/CVE-2020-6533/
CVE	SUSE CVE CVE-2020-6534 page	https://www.suse.com/security/cve/CVE-2020-6534/
CVE	SUSE CVE CVE-2020-6535 page	https://www.suse.com/security/cve/CVE-2020-6535/
CVE	SUSE CVE CVE-2020-6536 page	https://www.suse.com/security/cve/CVE-2020-6536/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.2	opensuse	chromium	< 84.0.4147.89-lp152.2.6.2	opensuse-leap-15.2	x86_64
Affected	pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.2	opensuse	chromedriver	< 84.0.4147.89-lp152.2.6.2	opensuse-leap-15.2	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date