openSUSE-SU-2020:2055-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:2055-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:2055-1
Related
Published
2020-11-26T19:23:43Z
Modified
2020-11-26T19:23:43Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

  • Update to 87.0.4280.66 (boo#1178923)
    • Wayland support by default
    • CVE-2020-16018: Use after free in payments.
    • CVE-2020-16019: Inappropriate implementation in filesystem.
    • CVE-2020-16020: Inappropriate implementation in cryptohome.
    • CVE-2020-16021: Race in ImageBurner.
    • CVE-2020-16022: Insufficient policy enforcement in networking.
    • CVE-2020-16015: Insufficient data validation in WASM. R
    • CVE-2020-16014: Use after free in PPAPI.
    • CVE-2020-16023: Use after free in WebCodecs.
    • CVE-2020-16024: Heap buffer overflow in UI.
    • CVE-2020-16025: Heap buffer overflow in clipboard.
    • CVE-2020-16026: Use after free in WebRTC.
    • CVE-2020-16027: Insufficient policy enforcement in developer tools. R
    • CVE-2020-16028: Heap buffer overflow in WebRTC.
    • CVE-2020-16029: Inappropriate implementation in PDFium.
    • CVE-2020-16030: Insufficient data validation in Blink.
    • CVE-2019-8075: Insufficient data validation in Flash.
    • CVE-2020-16031: Incorrect security UI in tab preview.
    • CVE-2020-16032: Incorrect security UI in sharing.
    • CVE-2020-16033: Incorrect security UI in WebUSB.
    • CVE-2020-16034: Inappropriate implementation in WebRTC.
    • CVE-2020-16035: Insufficient data validation in cros-disks.
    • CVE-2020-16012: Side-channel information leakage in graphics.
    • CVE-2020-16036: Inappropriate implementation in cookies.

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
87.0.4280.66-bp151.3.137.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "87.0.4280.66-bp151.3.137.1",
            "chromium": "87.0.4280.66-bp151.3.137.1"
        }
    ]
}