Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:2216-1

Опубликовано: 09 дек. 2020
Источник: suse-cvrf

Описание

Security update for chromium

This update for chromium fixes the following issues:

Update to 87.0.4280.88 boo#1179576

  • CVE-2020-16037: Use after free in clipboard
  • CVE-2020-16038: Use after free in media
  • CVE-2020-16039: Use after free in extensions
  • CVE-2020-16040: Insufficient data validation in V8
  • CVE-2020-16041: Out of bounds read in networking
  • CVE-2020-16042: Uninitialized Use in V8

Список пакетов

openSUSE Leap 15.1
chromedriver-87.0.4280.88-lp151.2.162.1
chromium-87.0.4280.88-lp151.2.162.1

Ссылки

Описание

Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
openSUSE Leap 15.1:chromedriver-87.0.4280.88-lp151.2.162.1
openSUSE Leap 15.1:chromium-87.0.4280.88-lp151.2.162.1
Ссылки

Описание

Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
openSUSE Leap 15.1:chromedriver-87.0.4280.88-lp151.2.162.1
openSUSE Leap 15.1:chromium-87.0.4280.88-lp151.2.162.1
Ссылки

Описание

Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
openSUSE Leap 15.1:chromedriver-87.0.4280.88-lp151.2.162.1
openSUSE Leap 15.1:chromium-87.0.4280.88-lp151.2.162.1
Ссылки

Описание

Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
openSUSE Leap 15.1:chromedriver-87.0.4280.88-lp151.2.162.1
openSUSE Leap 15.1:chromium-87.0.4280.88-lp151.2.162.1
Ссылки

Описание

Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

Затронутые продукты
openSUSE Leap 15.1:chromedriver-87.0.4280.88-lp151.2.162.1
openSUSE Leap 15.1:chromium-87.0.4280.88-lp151.2.162.1
Ссылки

Описание

Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Затронутые продукты
openSUSE Leap 15.1:chromedriver-87.0.4280.88-lp151.2.162.1
openSUSE Leap 15.1:chromium-87.0.4280.88-lp151.2.162.1
Ссылки