Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2020:1061-1
HistoryJul 26, 2020 - 12:00 a.m.

Security update for chromium (important)

2020-07-2600:00:00
lists.opensuse.org
43
chromium
update
vulnerabilities
cve-2020-6510
heap buffer overflow
information leakage
type confusion
use after free
policy bypass
inappropriate implementation
out of bounds
security ui
data validation
wayland
opensuse
yast
zypper
suse recommended installation methods

EPSS

0.122

Percentile

95.5%

JSON

An update that fixes 26 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

  • Update to 84.0.4147.89 boo#1174189:
    • Critical CVE-2020-6510: Heap buffer overflow in background fetch.
    • High CVE-2020-6511: Side-channel information leakage in content
      security policy.
    • High CVE-2020-6512: Type Confusion in V8.
    • High CVE-2020-6513: Heap buffer overflow in PDFium.
    • High CVE-2020-6514: Inappropriate implementation in WebRTC.
    • High CVE-2020-6515: Use after free in tab strip.
    • High CVE-2020-6516: Policy bypass in CORS.
    • High CVE-2020-6517: Heap buffer overflow in history.
    • Medium CVE-2020-6518: Use after free in developer tools.
    • Medium CVE-2020-6519: Policy bypass in CSP.
    • Medium CVE-2020-6520: Heap buffer overflow in Skia.
    • Medium CVE-2020-6521: Side-channel information leakage in autofill.
    • Medium CVE-2020-6522: Inappropriate implementation in external
      protocol handlers.
    • Medium CVE-2020-6523: Out of bounds write in Skia.
    • Medium CVE-2020-6524: Heap buffer overflow in WebAudio.
    • Medium CVE-2020-6525: Heap buffer overflow in Skia.
    • Low CVE-2020-6526: Inappropriate implementation in iframe sandbox.
    • Low CVE-2020-6527: Insufficient policy enforcement in CSP.
    • Low CVE-2020-6528: Incorrect security UI in basic auth.
    • Low CVE-2020-6529: Inappropriate implementation in WebRTC.
    • Low CVE-2020-6530: Out of bounds memory access in developer tools.
    • Low CVE-2020-6531: Side-channel information leakage in scroll to text.
    • Low CVE-2020-6533: Type Confusion in V8.
    • Low CVE-2020-6534: Heap buffer overflow in WebRTC.
    • Low CVE-2020-6535: Insufficient data validation in WebUI.
    • Low CVE-2020-6536: Incorrect security UI in PWAs.
  • Use bundled xcb-proto as we need to generate py2 bindings
  • Try to fix non-wayland build for Leap builds

This update was imported from the openSUSE:Leap:15.1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15-SP1:

    zypper in -t patch openSUSE-2020-1061=1

Related

openvas 7
freebsd 1
nessus 12
fedora 2
suse 5
kaspersky 1
chrome 1
gentoo 1
redhat 1
nvd 20
cvelist 21
veracode 21
redhatcve 21
prion 20
cve 21
debiancve 21
ubuntucve 22
talos 1
openvas
openvas
Fedora: Security Advisory for chromium (FEDORA-2020-84d87cbd50)
2020-08-02 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop-2020-07) - Linux
2020-08-12 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop-2020-07) - Mac OS X
2020-08-12 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2020-07-14 00:00:00
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (870d59b0-c6c4-11ea-8015-e09467587c17)
2020-07-16 00:00:00
openSUSE Security Update : chromium (openSUSE-2020-1020)
2020-07-21 00:00:00
Fedora 32 : chromium (2020-bf684961d9)
2020-07-30 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: chromium-84.0.4147.89-1.fc31
2020-08-02 01:09:48
[SECURITY] Fedora 32 Update: chromium-84.0.4147.89-1.fc32
2020-07-30 17:54:07
suse
suse
Security update for chromium (important)
2020-07-20 00:00:00
Security update for chromium (important)
2020-07-20 00:00:00
Security update for opera (moderate)
2020-08-05 00:00:00
kaspersky
kaspersky
KLA11869 Multiple vulnerability in Google Chrome
2020-07-14 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2020-07-14 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2020-07-26 00:00:00
redhat
redhat
(RHSA-2020:3377) Critical: chromium-browser security update
2020-08-10 06:22:50
nvd
nvd
CVE-2020-6528
2020-07-22 17:15:14
CVE-2020-6529
2020-07-22 17:15:14
CVE-2020-6521
2020-07-22 17:15:13
cvelist
cvelist
CVE-2020-6529
2020-07-22 16:16:09
CVE-2020-6521
2020-07-22 16:16:05
CVE-2020-6524
2020-07-22 16:16:06
veracode
veracode
Out Of Bounds Write
2020-12-21 19:50:03
Arbitrary Code Execution
2020-12-21 19:50:04
Authentication Bypass
2020-12-21 19:49:58
redhatcve
redhatcve
CVE-2020-6523
2020-07-15 17:08:07
CVE-2020-6518
2020-07-15 17:08:20
CVE-2020-6522
2020-07-15 17:08:40
prion
prion
Design/Logic Flaw
2020-07-22 17:15:00
Design/Logic Flaw
2020-07-22 17:15:00
Hardcoded credentials
2020-07-22 17:15:00
cve
cve
CVE-2020-6518
2020-07-22 17:15:13
CVE-2020-6525
2020-07-22 17:15:14
CVE-2020-6522
2020-07-22 17:15:13
debiancve
debiancve
CVE-2020-6521
2020-07-22 17:15:13
CVE-2020-6525
2020-07-22 17:15:14
CVE-2020-6522
2020-07-22 17:15:13
ubuntucve
ubuntucve
CVE-2020-6522
2020-07-22 00:00:00
CVE-2020-6528
2020-07-22 00:00:00
CVE-2020-6525
2020-07-22 00:00:00
talos
talos
Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability
2020-09-14 00:00:00

EPSS

0.122

Percentile

95.5%

JSON
Related for OPENSUSE-SU-2020:1061-1
openvas7freebsd1nessus12fedora2suse5kaspersky1chrome1gentoo1redhat1nvd20cvelist21veracode21redhatcve21prion20cve21debiancve21ubuntucve22talos1