Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium was updated to 85.0.4183.121 (boo#1176791):
- CVE-2020-15960: Out of bounds read in storage
- CVE-2020-15961: Insufficient policy enforcement in extensions
- CVE-2020-15962: Insufficient policy enforcement in serial
- CVE-2020-15963: Insufficient policy enforcement in extensions
- CVE-2020-15965: Out of bounds write in V8
- CVE-2020-15966: Insufficient policy enforcement in extensions
- CVE-2020-15964: Insufficient data validation in media
Список пакетов
openSUSE Leap 15.1
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2020:1527-1
- SUSE Security Ratings
- SUSE Bug 1176791
- SUSE CVE CVE-2020-15960 page
- SUSE CVE CVE-2020-15961 page
- SUSE CVE CVE-2020-15962 page
- SUSE CVE CVE-2020-15963 page
- SUSE CVE CVE-2020-15964 page
- SUSE CVE CVE-2020-15965 page
- SUSE CVE CVE-2020-15966 page
Описание
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-15960
- SUSE Bug 1176791
- SUSE Bug 1176799
Описание
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2020-15961
- SUSE Bug 1176791
- SUSE Bug 1176799
Описание
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-15962
- SUSE Bug 1176791
- SUSE Bug 1176799
Описание
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2020-15963
- SUSE Bug 1176791
- SUSE Bug 1176799
Описание
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-15964
- SUSE Bug 1176791
- SUSE Bug 1176799
Описание
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2020-15965
- SUSE Bug 1176791
- SUSE Bug 1176799
Описание
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2020-15966
- SUSE Bug 1176791
- SUSE Bug 1176799