Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium was updated to 81.0.4044.92 boo#1168911:
- CVE-2020-6454: Use after free in extensions
- CVE-2020-6423: Use after free in audio
- CVE-2020-6455: Out of bounds read in WebSQL
- CVE-2020-6430: Type Confusion in V8
- CVE-2020-6456: Insufficient validation of untrusted input in clipboard
- CVE-2020-6431: Insufficient policy enforcement in full screen
- CVE-2020-6432: Insufficient policy enforcement in navigations
- CVE-2020-6433: Insufficient policy enforcement in extensions
- CVE-2020-6434: Use after free in devtools
- CVE-2020-6435: Insufficient policy enforcement in extensions
- CVE-2020-6436: Use after free in window management
- CVE-2020-6437: Inappropriate implementation in WebView
- CVE-2020-6438: Insufficient policy enforcement in extensions
- CVE-2020-6439: Insufficient policy enforcement in navigations
- CVE-2020-6440: Inappropriate implementation in extensions
- CVE-2020-6441: Insufficient policy enforcement in omnibox
- CVE-2020-6442: Inappropriate implementation in cache
- CVE-2020-6443: Insufficient data validation in developer tools
- CVE-2020-6444: Uninitialized Use in WebRTC
- CVE-2020-6445: Insufficient policy enforcement in trusted types
- CVE-2020-6446: Insufficient policy enforcement in trusted types
- CVE-2020-6447: Inappropriate implementation in developer tools
- CVE-2020-6448: Use after free in V8
Chromium was updated to 80.0.3987.162 boo#1168421:
- CVE-2020-6450: Use after free in WebAudio.
- CVE-2020-6451: Use after free in WebAudio.
- CVE-2020-6452: Heap buffer overflow in media.
- Use a symbolic icon for GNOME
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0519-1
- SUSE Security Ratings
- SUSE Bug 1167465
- SUSE Bug 1168421
- SUSE Bug 1168911
- SUSE CVE CVE-2020-6423 page
- SUSE CVE CVE-2020-6430 page
- SUSE CVE CVE-2020-6431 page
- SUSE CVE CVE-2020-6432 page
- SUSE CVE CVE-2020-6433 page
- SUSE CVE CVE-2020-6434 page
- SUSE CVE CVE-2020-6435 page
- SUSE CVE CVE-2020-6436 page
- SUSE CVE CVE-2020-6437 page
- SUSE CVE CVE-2020-6438 page
- SUSE CVE CVE-2020-6439 page
- SUSE CVE CVE-2020-6440 page
- SUSE CVE CVE-2020-6441 page
- SUSE CVE CVE-2020-6442 page
- SUSE CVE CVE-2020-6443 page
Описание
Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6423
- SUSE Bug 1168911
Описание
Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6430
- SUSE Bug 1168911
Описание
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6431
- SUSE Bug 1168911
Описание
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6432
- SUSE Bug 1168911
Описание
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6433
- SUSE Bug 1168911
Описание
Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6434
- SUSE Bug 1168911
Описание
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6435
- SUSE Bug 1168911
Описание
Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6436
- SUSE Bug 1168911
Описание
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
Затронутые продукты
Ссылки
- CVE-2020-6437
- SUSE Bug 1168911
Описание
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2020-6438
- SUSE Bug 1168911
Описание
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6439
- SUSE Bug 1168911
Описание
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2020-6440
- SUSE Bug 1168911
Описание
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6441
- SUSE Bug 1168911
Описание
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6442
- SUSE Bug 1168911
Описание
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6443
- SUSE Bug 1168911
Описание
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6444
- SUSE Bug 1168911
Описание
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6445
- SUSE Bug 1168911
Описание
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6446
- SUSE Bug 1168911
Описание
Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6447
- SUSE Bug 1168911
Описание
Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6448
- SUSE Bug 1168911
Описание
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6450
- SUSE Bug 1168421
Описание
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6451
- SUSE Bug 1168421
Описание
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6452
- SUSE Bug 1168421
Описание
Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2020-6454
- SUSE Bug 1168911
Описание
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6455
- SUSE Bug 1168911
Описание
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.
Затронутые продукты
Ссылки
- CVE-2020-6456
- SUSE Bug 1168911