DebianDEBIAN:DSA-4638-1:8959D[SECURITY] [DSA 4638-1] chromium security update
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.014 Low
EPSS
Percentile
86.1%
Debian Security Advisory DSA-4638-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
March 10, 2020 https://www.debian.org/security/faq
Package : chromium
CVE ID : CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926
CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384
CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388
CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392
CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396
CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400
CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404
CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408
CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412
CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416
CVE-2020-6418 CVE-2020-6420
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2019-19880
Richard Lorenz discovered an issue in the sqlite library.
CVE-2019-19923
Richard Lorenz discovered an out-of-bounds read issue in the sqlite
library.
CVE-2019-19925
Richard Lorenz discovered an issue in the sqlite library.
CVE-2019-19926
Richard Lorenz discovered an implementation error in the sqlite library.
CVE-2020-6381
UK's National Cyber Security Centre discovered an integer overflow issue
in the v8 javascript library.
CVE-2020-6382
Soyeon Park and Wen Xu discovered a type error in the v8 javascript
library.
CVE-2020-6383
Sergei Glazunov discovered a type error in the v8 javascript library.
CVE-2020-6384
David Manoucheri discovered a use-after-free issue in WebAudio.
CVE-2020-6385
Sergei Glazunov discovered a policy enforcement error.
CVE-2020-6386
Zhe Jin discovered a use-after-free issue in speech processing.
CVE-2020-6387
Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC
implementation.
CVE-2020-6388
Sergei Glazunov discovered an out-of-bounds read error in the WebRTC
implementation.
CVE-2020-6389
Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC
implementation.
CVE-2020-6390
Sergei Glazunov discovered an out-of-bounds read error.
CVE-2020-6391
Michał Bentkowski discoverd that untrusted input was insufficiently
validated.
CVE-2020-6392
The Microsoft Edge Team discovered a policy enforcement error.
CVE-2020-6393
Mark Amery discovered a policy enforcement error.
CVE-2020-6394
Phil Freo discovered a policy enforcement error.
CVE-2020-6395
Pierre Langlois discovered an out-of-bounds read error in the v8
javascript library.
CVE-2020-6396
William Luc Ritchie discovered an error in the skia library.
CVE-2020-6397
Khalil Zhani discovered a user interface error.
CVE-2020-6398
pdknsk discovered an uninitialized variable in the pdfium library.
CVE-2020-6399
Luan Herrera discovered a policy enforcement error.
CVE-2020-6400
Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing.
CVE-2020-6401
Tzachy Horesh discovered that user input was insufficiently validated.
CVE-2020-6402
Vladimir Metnew discovered a policy enforcement error.
CVE-2020-6403
Khalil Zhani discovered a user interface error.
CVE-2020-6404
kanchi discovered an error in Blink/Webkit.
CVE-2020-6405
Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the
sqlite library.
CVE-2020-6406
Sergei Glazunov discovered a use-after-free issue.
CVE-2020-6407
Sergei Glazunov discovered an out-of-bounds read error.
CVE-2020-6408
Zhong Zhaochen discovered a policy enforcement error in Cross-Origin
Resource Sharing.
CVE-2020-6409
Divagar S and Bharathi V discovered an error in the omnibox
implementation.
CVE-2020-6410
evil1m0 discovered a policy enforcement error.
CVE-2020-6411
Khalil Zhani discovered that user input was insufficiently validated.
CVE-2020-6412
Zihan Zheng discovered that user input was insufficiently validated.
CVE-2020-6413
Michał Bentkowski discovered an error in Blink/Webkit.
CVE-2020-6414
Lijo A.T discovered a policy safe browsing policy enforcement error.
CVE-2020-6415
Avihay Cohen discovered an implementation error in the v8 javascript
library.
CVE-2020-6416
Woojin Oh discovered that untrusted input was insufficiently validated.
CVE-2020-6418
Clement Lecigne discovered a type error in the v8 javascript library.
CVE-2020-6420
Taras Uzdenov discovered a policy enforcement error.
For the oldstable distribution (stretch), security support for chromium has
been discontinued.
For the stable distribution (buster), these problems have been fixed in
version 80.0.3987.132-1~deb10u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.014 Low
EPSS
Percentile
86.1%