[openSUSE-SU-2020:2021-1] Security update for chromium
Severity
Important
Affected Packages
2
CVEs
23
Security update for chromium
This update for chromium fixes the following issues:
- Update to 87.0.4280.66 (boo#1178923)
- Wayland support by default
- CVE-2020-16018: Use after free in payments.
- CVE-2020-16019: Inappropriate implementation in filesystem.
- CVE-2020-16020: Inappropriate implementation in cryptohome.
- CVE-2020-16021: Race in ImageBurner.
- CVE-2020-16022: Insufficient policy enforcement in networking.
- CVE-2020-16015: Insufficient data validation in WASM. R
- CVE-2020-16014: Use after free in PPAPI.
- CVE-2020-16023: Use after free in WebCodecs.
- CVE-2020-16024: Heap buffer overflow in UI.
- CVE-2020-16025: Heap buffer overflow in clipboard.
- CVE-2020-16026: Use after free in WebRTC.
- CVE-2020-16027: Insufficient policy enforcement in developer tools. R
- CVE-2020-16028: Heap buffer overflow in WebRTC.
- CVE-2020-16029: Inappropriate implementation in PDFium.
- CVE-2020-16030: Insufficient data validation in Blink.
- CVE-2019-8075: Insufficient data validation in Flash.
- CVE-2020-16031: Incorrect security UI in tab preview.
- CVE-2020-16032: Incorrect security UI in sharing.
- CVE-2020-16033: Incorrect security UI in WebUSB.
- CVE-2020-16034: Inappropriate implementation in WebRTC.
- CVE-2020-16035: Insufficient data validation in cros-disks.
- CVE-2020-16012: Side-channel information leakage in graphics.
- CVE-2020-16036: Inappropriate implementation in cookies.
| Package | Affected Version |
|---|---|
 pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.2
|
< 87.0.4280.66-lp152.2.51.1 |
|
pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.2
|
< 87.0.4280.66-lp152.2.51.1 |
- ID
- openSUSE-SU-2020:2021-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FVE6T2JL6PI433CTW6BAFC3ROZDJMVMC/
- Published
-
2020-11-25T20:09:27
(3 years ago) - Modified
-
2020-11-25T20:09:27
(3 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS2-2021-1586
-
ALPINE:CVE-2020-16012
-
ASA-202011-11
-
ASA-202011-12
-
DSA-4793-1
-
DSA-4796-1
-
DSA-4824-1
-
ELSA-2020-5235
-
ELSA-2020-5236
-
ELSA-2020-5237
-
ELSA-2020-5238
-
ELSA-2020-5239
-
ELSA-2020-5257
-
FEDORA-2020-10ec8aca61
-
FEDORA-2020-3e005ce2e0
-
GLSA-202012-03
-
GLSA-202012-04
-
GLSA-202012-05
-
MFSA-2020-50
-
MFSA-2020-51
-
MFSA-2020-52
-
openSUSE-SU-2020:2010-1
-
openSUSE-SU-2020:2012-1
-
openSUSE-SU-2020:2020-1
-
openSUSE-SU-2020:2026-1
-
openSUSE-SU-2020:2031-1
-
openSUSE-SU-2020:2032-1
-
openSUSE-SU-2020:2055-1
-
openSUSE-SU-2020:2096-1
-
openSUSE-SU-2020:2187-1
-
openSUSE-SU-2020:2315-1
-
RHSA-2019:1476
-
RHSA-2020:5235
-
RHSA-2020:5236
-
RHSA-2020:5237
-
RHSA-2020:5238
-
RHSA-2020:5239
-
RHSA-2020:5257
-
SUSE-SU-2020:3383-1
-
SUSE-SU-2020:3458-1
-
SUSE-SU-2020:3528-1
-
SUSE-SU-2020:3548-1
-
USN-4637-1
-
USN-4637-2
-
USN-4647-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.2 | opensuse |
chromium
|
< 87.0.4280.66-lp152.2.51.1 | opensuse-leap-15.2 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.2 | opensuse |
chromedriver
|
< 87.0.4280.66-lp152.2.51.1 | opensuse-leap-15.2 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |