Security update for chromium (important)

2020-06-28T16:12:28
ID OPENSUSE-SU-2020:0893-1
Type suse
Reporter Suse
Modified 2020-06-28T16:12:28

Description

An update that solves four vulnerabilities and has four fixes is now available.

Description:

This update for chromium fixes the following issues:

Chromium was updated to 83.0.4103.116 (boo#1173251):

  • CVE-2020-6509: Use after free in extensions

Chromium was updated to 83.0.4103.106 (boo#1173029):

  • CVE-2020-6505: Use after free in speech
  • CVE-2020-6506: Insufficient policy enforcement in WebView
  • CVE-2020-6507: Out of bounds write in V8

Other fixes:

  • Add patch to work with new ffmpeg wrt boo#1173292:
  • Add multimedia fix for disabled location and also try one additional patch from Debian on the same issue boo#1173107
  • Disable wayland integration on 15.x boo#1173187 boo#1173188 boo#1173254
  • Enforce to not use system borders boo#1173063

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2020-893=1