[security-announce] openSUSE-SU-2020:0832-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0832-1 Rating: important References: #1170107 #1171910 #1171975 #1172496 Cross-References: CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6477 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes 32 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496): * CVE-2020-6463: Use after free in ANGLE (boo#1170107 boo#1171975). * CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21 * CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26 * CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06 * CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30 * CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02 * CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30 * CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08 * CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25 * CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06 * CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07 * CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31 * CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18 * CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26 * CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24 * CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14 * CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21 * CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07 * CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17 * CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23 * CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26 * CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30 * CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24 * CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06 * CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21 * CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10 * CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19 * CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07 * CVE-2020-6493: Use after free in WebAuthentication. * CVE-2020-6494: Incorrect security UI in payments. * CVE-2020-6495: Insufficient policy enforcement in developer tools. * CVE-2020-6496: Use after free in payments. This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-832=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 x86_64): chromedriver-83.0.4103.97-bp151.3.85.1 chromium-83.0.4103.97-bp151.3.85.1 References: https://www.suse.com/security/cve/CVE-2020-6463.html https://www.suse.com/security/cve/CVE-2020-6465.html https://www.suse.com/security/cve/CVE-2020-6466.html https://www.suse.com/security/cve/CVE-2020-6467.html https://www.suse.com/security/cve/CVE-2020-6468.html https://www.suse.com/security/cve/CVE-2020-6469.html https://www.suse.com/security/cve/CVE-2020-6470.html https://www.suse.com/security/cve/CVE-2020-6471.html https://www.suse.com/security/cve/CVE-2020-6472.html https://www.suse.com/security/cve/CVE-2020-6473.html https://www.suse.com/security/cve/CVE-2020-6474.html https://www.suse.com/security/cve/CVE-2020-6475.html https://www.suse.com/security/cve/CVE-2020-6476.html https://www.suse.com/security/cve/CVE-2020-6477.html https://www.suse.com/security/cve/CVE-2020-6478.html https://www.suse.com/security/cve/CVE-2020-6479.html https://www.suse.com/security/cve/CVE-2020-6480.html https://www.suse.com/security/cve/CVE-2020-6481.html https://www.suse.com/security/cve/CVE-2020-6482.html https://www.suse.com/security/cve/CVE-2020-6483.html https://www.suse.com/security/cve/CVE-2020-6484.html https://www.suse.com/security/cve/CVE-2020-6485.html https://www.suse.com/security/cve/CVE-2020-6486.html https://www.suse.com/security/cve/CVE-2020-6487.html https://www.suse.com/security/cve/CVE-2020-6488.html https://www.suse.com/security/cve/CVE-2020-6489.html https://www.suse.com/security/cve/CVE-2020-6490.html https://www.suse.com/security/cve/CVE-2020-6491.html https://www.suse.com/security/cve/CVE-2020-6493.html https://www.suse.com/security/cve/CVE-2020-6494.html https://www.suse.com/security/cve/CVE-2020-6495.html https://www.suse.com/security/cve/CVE-2020-6496.html https://bugzilla.suse.com/1170107 https://bugzilla.suse.com/1171910 https://bugzilla.suse.com/1171975 https://bugzilla.suse.com/1172496 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
participants (1)
-
opensuse-security@opensuse.org