Severity: High
Date : 2020-06-06
CVE-ID : CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1178
The package chromium before version 83.0.4103.97-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution and content spoofing.
Upgrade to 83.0.4103.97-1.
The problems have been fixed upstream in version 83.0.4103.97.
None.
A use-after-free security issue has been found in the WebAuthentication
component of the chromium browser before 83.0.4103.97.
An incorrect security UI security issue has been found in the payments
component of the chromium browser before 83.0.4103.97
An insufficient policy enforcement security issue has been found in the
developer tools component of the chromium browser before 83.0.4103.97.
A use-after-free security issue has been found in the payments
component of the chromium browser before 83.0.4103.97.
A remote attacker might be able to spoof content, bypass security
restrictions or validations checks, or execute arbitrary code on the
affected host.
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html
https://crbug.com/1082105
https://crbug.com/1083972
https://crbug.com/1072116
https://crbug.com/1085990
https://security.archlinux.org/CVE-2020-6493
https://security.archlinux.org/CVE-2020-6494
https://security.archlinux.org/CVE-2020-6495
https://security.archlinux.org/CVE-2020-6496
chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html
crbug.com/1072116
crbug.com/1082105
crbug.com/1083972
crbug.com/1085990
security.archlinux.org/AVG-1178
security.archlinux.org/CVE-2020-6493
security.archlinux.org/CVE-2020-6494
security.archlinux.org/CVE-2020-6495
security.archlinux.org/CVE-2020-6496