openSUSE-SU-2020:0823-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0823-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:0823-1
Related
Published
2020-06-17T16:18:21Z
Modified
2020-06-17T16:18:21Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

Chromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496):

  • CVE-2020-6463: Use after free in ANGLE (boo#1170107 boo#1171975).
  • CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21
  • CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26
  • CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06
  • CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30
  • CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02
  • CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30
  • CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08
  • CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25
  • CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06
  • CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07
  • CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31
  • CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18
  • CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26
  • CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24
  • CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14
  • CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21
  • CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07
  • CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17
  • CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23
  • CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26
  • CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30
  • CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24
  • CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06
  • CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21
  • CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10
  • CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19
  • CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07
  • CVE-2020-6493: Use after free in WebAuthentication.
  • CVE-2020-6494: Incorrect security UI in payments.
  • CVE-2020-6495: Insufficient policy enforcement in developer tools.
  • CVE-2020-6496: Use after free in payments.
References

Affected packages

openSUSE:Leap 15.1 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
83.0.4103.97-lp151.2.96.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "83.0.4103.97-lp151.2.96.1",
            "chromium": "83.0.4103.97-lp151.2.96.1"
        }
    ]
}