Описание
Security update for chromium
This update for chromium fixes the following issues:
- Update to 84.0.4147.89 boo#1174189:
- Critical CVE-2020-6510: Heap buffer overflow in background fetch.
- High CVE-2020-6511: Side-channel information leakage in content security policy.
- High CVE-2020-6512: Type Confusion in V8.
- High CVE-2020-6513: Heap buffer overflow in PDFium.
- High CVE-2020-6514: Inappropriate implementation in WebRTC.
- High CVE-2020-6515: Use after free in tab strip.
- High CVE-2020-6516: Policy bypass in CORS.
- High CVE-2020-6517: Heap buffer overflow in history.
- Medium CVE-2020-6518: Use after free in developer tools.
- Medium CVE-2020-6519: Policy bypass in CSP.
- Medium CVE-2020-6520: Heap buffer overflow in Skia.
- Medium CVE-2020-6521: Side-channel information leakage in autofill.
- Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers.
- Medium CVE-2020-6523: Out of bounds write in Skia.
- Medium CVE-2020-6524: Heap buffer overflow in WebAudio.
- Medium CVE-2020-6525: Heap buffer overflow in Skia.
- Low CVE-2020-6526: Inappropriate implementation in iframe sandbox.
- Low CVE-2020-6527: Insufficient policy enforcement in CSP.
- Low CVE-2020-6528: Incorrect security UI in basic auth.
- Low CVE-2020-6529: Inappropriate implementation in WebRTC.
- Low CVE-2020-6530: Out of bounds memory access in developer tools.
- Low CVE-2020-6531: Side-channel information leakage in scroll to text.
- Low CVE-2020-6533: Type Confusion in V8.
- Low CVE-2020-6534: Heap buffer overflow in WebRTC.
- Low CVE-2020-6535: Insufficient data validation in WebUI.
- Low CVE-2020-6536: Incorrect security UI in PWAs.
- Use bundled xcb-proto as we need to generate py2 bindings
- Try to fix non-wayland build for Leap builds
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1021-1
- SUSE Security Ratings
- SUSE Bug 1174189
- SUSE CVE CVE-2020-6510 page
- SUSE CVE CVE-2020-6511 page
- SUSE CVE CVE-2020-6512 page
- SUSE CVE CVE-2020-6513 page
- SUSE CVE CVE-2020-6514 page
- SUSE CVE CVE-2020-6515 page
- SUSE CVE CVE-2020-6516 page
- SUSE CVE CVE-2020-6517 page
- SUSE CVE CVE-2020-6518 page
- SUSE CVE CVE-2020-6519 page
- SUSE CVE CVE-2020-6520 page
- SUSE CVE CVE-2020-6521 page
- SUSE CVE CVE-2020-6522 page
- SUSE CVE CVE-2020-6523 page
- SUSE CVE CVE-2020-6524 page
- SUSE CVE CVE-2020-6525 page
- SUSE CVE CVE-2020-6526 page
Описание
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6510
- SUSE Bug 1174189
Описание
Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6511
- SUSE Bug 1174189
Описание
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6512
- SUSE Bug 1174189
Описание
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2020-6513
- SUSE Bug 1174189
Описание
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
Затронутые продукты
Ссылки
- CVE-2020-6514
- SUSE Bug 1174189
- SUSE Bug 1174538
Описание
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6515
- SUSE Bug 1174189
Описание
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6516
- SUSE Bug 1174189
Описание
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6517
- SUSE Bug 1174189
Описание
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6518
- SUSE Bug 1174189
Описание
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6519
- SUSE Bug 1174189
Описание
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6520
- SUSE Bug 1174189
Описание
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6521
- SUSE Bug 1174189
Описание
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6522
- SUSE Bug 1174189
Описание
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6523
- SUSE Bug 1174189
Описание
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6524
- SUSE Bug 1174189
Описание
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6525
- SUSE Bug 1174189
Описание
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6526
- SUSE Bug 1174189
Описание
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6527
- SUSE Bug 1174189
Описание
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6528
- SUSE Bug 1174189
Описание
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6529
- SUSE Bug 1174189
Описание
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2020-6530
- SUSE Bug 1174189
Описание
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6531
- SUSE Bug 1174189
Описание
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6533
- SUSE Bug 1174189
Описание
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6534
- SUSE Bug 1174189
Описание
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-6535
- SUSE Bug 1174189
Описание
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.
Затронутые продукты
Ссылки
- CVE-2020-6536
- SUSE Bug 1174189