8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
An update that fixes 27 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
-chromium was updated to 86.0.4240.75 (boo#1177408):
- CVE-2020-15967: Fixed Use after free in payments.
- CVE-2020-15968: Fixed Use after free in Blink.
- CVE-2020-15969: Fixed Use after free in WebRTC.
- CVE-2020-15970: Fixed Use after free in NFC.
- CVE-2020-15971: Fixed Use after free in printing.
- CVE-2020-15972: Fixed Use after free in audio.
- CVE-2020-15990: Fixed Use after free in autofill.
- CVE-2020-15991: Fixed Use after free in password manager.
- CVE-2020-15973: Fixed Insufficient policy enforcement in extensions.
- CVE-2020-15974: Fixed Integer overflow in Blink.
- CVE-2020-15975: Fixed Integer overflow in SwiftShader.
- CVE-2020-15976: Fixed Use after free in WebXR.
- CVE-2020-6557: Fixed Inappropriate implementation in networking.
- CVE-2020-15977: Fixed Insufficient data validation in dialogs.
- CVE-2020-15978: Fixed Insufficient data validation in navigation.
- CVE-2020-15979: Fixed Inappropriate implementation in V8.
- CVE-2020-15980: Fixed Insufficient policy enforcement in Intents.
- CVE-2020-15981: Fixed Out of bounds read in audio.
- CVE-2020-15982: Fixed Side-channel information leakage in cache.
- CVE-2020-15983: Fixed Insufficient data validation in webUI.
- CVE-2020-15984: Fixed Insufficient policy enforcement in Omnibox.
- CVE-2020-15985: Fixed Inappropriate implementation in Blink.
- CVE-2020-15986: Fixed Integer overflow in media.
- CVE-2020-15987: Fixed Use after free in WebRTC.
- CVE-2020-15992: Fixed Insufficient policy enforcement in networking.
- CVE-2020-15988: Fixed Insufficient policy enforcement in downloads.
- CVE-2020-15989: Fixed Uninitialized Use in PDFium.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or βzypper patchβ.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1705=1
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1705=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.2 | x86_64 | <Β - openSUSE Leap 15.2 (x86_64): | - openSUSE Leap 15.2 (x86_64):.x86_64.rpm | |
openSUSE Leap | 15.1 | x86_64 | <Β - openSUSE Leap 15.1 (x86_64): | - openSUSE Leap 15.1 (x86_64):.x86_64.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P