Lucene search
SuseOPENSUSE-SU-2020:0210-1HistoryFeb 12, 2020 - 12:00 a.m.
Security update for chromium (important)
2020-02-1200:00:00
lists.opensuse.org
44
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
An update that fixes 38 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium was updated to version 80.0.3987.87 (boo#1162833).
Security issues fixed:
- CVE-2020-6381: Integer overflow in JavaScript (boo#1162833).
- CVE-2020-6382: Type Confusion in JavaScript (boo#1162833).
- CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833).
- CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833).
- CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833).
- CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite
(boo#1162833). - CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833).
- CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833).
- CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833).
- CVE-2020-6390: Out of bounds memory access in streams (boo#1162833).
- CVE-2020-6391: Insufficient validation of untrusted input in Blink
(boo#1162833). - CVE-2020-6392: Insufficient policy enforcement in extensions
(boo#1162833). - CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833).
- CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833).
- CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833).
- CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833).
- CVE-2020-6397: Incorrect security UI in sharing (boo#1162833).
- CVE-2020-6398: Uninitialized use in PDFium (boo#1162833).
- CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833).
- CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833).
- CVE-2020-6401: Insufficient validation of untrusted input in Omnibox
(boo#1162833). - CVE-2020-6402: Insufficient policy enforcement in downloads
(boo#1162833). - CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833).
- CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833).
- CVE-2020-6405: Out of bounds read in SQLite (boo#1162833).
- CVE-2020-6406: Use after free in audio (boo#1162833).
- CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833).
- CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833).
- CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833).
- CVE-2020-6410: Insufficient policy enforcement in navigation
(boo#1162833). - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox
(boo#1162833). - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox
(boo#1162833). - CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833).
- CVE-2020-6414: Insufficient policy enforcement in Safe Browsing
(boo#1162833). - CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833).
- CVE-2020-6416: Insufficient data validation in streams (boo#1162833).
- CVE-2020-6417: Inappropriate implementation in installer (boo#1162833).
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-210=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Backports SLE | 15-SP1 | aarch64 | - opensuse backports sle | < 15-SP1 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 x86_64):.aarch64.rpm |
| openSUSE Backports SLE | 15-SP1 | x86_64 | - opensuse backports sle | < 15-SP1 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 x86_64):.x86_64.rpm |
Related
nessus
nessus
Microsoft Edge (Chromium) < 80.0.361.48 Multiple Vulnerabilities
2020-07-07 00:00:00
openSUSE Security Update : chromium (openSUSE-2020-189)
2020-02-10 00:00:00
Google Chrome < 80.0.3987.87 Multiple Vulnerabilities
2020-02-04 00:00:00
openvas
openvas
archlinux
archlinux
[ASA-202002-3] chromium: multiple issues
2020-02-06 00:00:00
suse
suse
Security update for chromium, re2 (important)
2020-02-19 00:00:00
Security update for chromium (important)
2020-02-09 00:00:00
kaspersky
kaspersky
KLA11660 Multiple vulnerabilities in Google Chrome
2020-02-04 00:00:00
KLA11721 Multiple vulnerabilities in Opera
2020-02-14 00:00:00
redhat
redhat
(RHSA-2020:0514) Important: chromium-browser security update
2020-02-17 08:02:41
chrome
chrome
Stable Channel Update for Desktop
2020-02-04 00:00:00
debian
debian
[SECURITY] [DSA 4638-1] chromium security update
2020-03-11 00:54:05
[SECURITY] [DLA 1973-1] libxslt security update
2019-10-27 21:17:53
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2020-03-06 19:13:58
fedora
fedora
[SECURITY] Fedora 31 Update: chromium-80.0.3987.132-1.fc31
2020-03-20 01:51:25
[SECURITY] Fedora 30 Update: chromium-80.0.3987.149-1.fc30
2020-03-27 10:46:23
osv
osv
chromium - security update
2020-03-10 00:00:00
CVE-2019-19926
2019-12-23 01:15:13
CVE-2019-19925
2019-12-24 17:15:10
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2020-03-13 00:00:00
alpinelinux
alpinelinux
ubuntucve
ubuntucve
cve
cve
redhatcve
redhatcve
debiancve
debiancve
prion
prion
Code injection
2019-12-23 01:15:00
Hardcoded credentials
2020-02-11 15:15:00
Code injection
2019-12-24 17:15:00
ibm
ibm
googleprojectzero
googleprojectzero
Exploiting Android Messengers with WebRTC: Part 1
2020-08-03 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0270
2020-02-05 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0204
2020-02-05 00:00:00
Important Photon OS Security Update - PHSA-2020-0270
2020-01-30 00:00:00
cloudfoundry
cloudfoundry
USN-4298-1: SQLite vulnerabilities | Cloud Foundry
2020-03-31 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2020-03-10 00:00:00
zdt
zdt
exploitdb
exploitdb
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
2020-03-23 00:00:00
exploitpack
exploitpack
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
2020-03-23 00:00:00
packetstorm
packetstorm
Google Chrome 80.0.3987.87 Denial Of Service
2020-03-23 00:00:00
sqlite
sqlite
SQLite report about CVE-2019-19925
2019-01-01 00:00:00
SQLite report about CVE-2019-19926
2019-01-01 00:00:00
SQLite report about CVE-2019-19923
2019-01-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-10-23 05:35:33
symantec
symantec
SQLite CVE-2019-19926 Incomplete Fix Denial of Service Vulnerability
2019-12-22 00:00:00
libxslt CVE-2019-18197 Arbitrary Code Execution Vulnerability
2019-10-18 00:00:00
SQLite CVE-2019-19880 Denial of Service Vulnerability
2019-12-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Chrome Out of Bounds Read (CVE-2020-6390)
2021-03-30 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related for OPENSUSE-SU-2020:0210-1