chromium -- multiple vulnerabilities

2020-04-07T00:00:00
ID 6E3B700A-7CA3-11EA-B594-3065EC8FD3EC
Type freebsd
Reporter FreeBSD
Modified 2020-04-07T00:00:00

Description

Google Chrome Releases reports:

This updates includes 32 security fixes, including:

[1019161] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29 [1043446] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18 [1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09 [1031479] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06 [1040755] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-01-10 [852645] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14 [965611] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21 [1043965] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21 [1048555] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04 [1032158] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09 [1034519] Medium CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov from Vivaldi on 2019-12-16 [639173] Low CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19 [714617] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24 [868145] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26 [894477] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11 [959571] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04 [1013906] Low CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey on 2019-10-12 [1040080] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08 [922882] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17 [933171] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18 [933172] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18 [991217] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06 [1037872] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26