openSUSE-SU-2020:0540-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0540-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:0540-1
Related
Published
2020-04-18T22:10:02Z
Modified
2020-04-18T22:10:02Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

Chromium was updated to 81.0.4044.92 boo#1168911:

  • CVE-2020-6454: Use after free in extensions
  • CVE-2020-6423: Use after free in audio
  • CVE-2020-6455: Out of bounds read in WebSQL
  • CVE-2020-6430: Type Confusion in V8
  • CVE-2020-6456: Insufficient validation of untrusted input in clipboard
  • CVE-2020-6431: Insufficient policy enforcement in full screen
  • CVE-2020-6432: Insufficient policy enforcement in navigations
  • CVE-2020-6433: Insufficient policy enforcement in extensions
  • CVE-2020-6434: Use after free in devtools
  • CVE-2020-6435: Insufficient policy enforcement in extensions
  • CVE-2020-6436: Use after free in window management
  • CVE-2020-6437: Inappropriate implementation in WebView
  • CVE-2020-6438: Insufficient policy enforcement in extensions
  • CVE-2020-6439: Insufficient policy enforcement in navigations
  • CVE-2020-6440: Inappropriate implementation in extensions
  • CVE-2020-6441: Insufficient policy enforcement in omnibox
  • CVE-2020-6442: Inappropriate implementation in cache
  • CVE-2020-6443: Insufficient data validation in developer tools
  • CVE-2020-6444: Uninitialized Use in WebRTC
  • CVE-2020-6445: Insufficient policy enforcement in trusted types
  • CVE-2020-6446: Insufficient policy enforcement in trusted types
  • CVE-2020-6447: Inappropriate implementation in developer tools
  • CVE-2020-6448: Use after free in V8

Chromium was updated to 80.0.3987.162 boo#1168421:

  • CVE-2020-6450: Use after free in WebAudio.
  • CVE-2020-6451: Use after free in WebAudio.
  • CVE-2020-6452: Heap buffer overflow in media.

    • Use a symbolic icon for GNOME

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / chromium

Package

Name
chromium
Purl
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
81.0.4044.92-bp151.3.66.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "81.0.4044.92-bp151.3.66.1",
            "chromium": "81.0.4044.92-bp151.3.66.1"
        }
    ]
}