Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0893-1 Final 1 1 2020-06-28T12:16:33Z current 2020-06-28T12:16:33Z 2020-06-28T12:16:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium was updated to 83.0.4103.116 (boo#1173251): * CVE-2020-6509: Use after free in extensions Chromium was updated to 83.0.4103.106 (boo#1173029): * CVE-2020-6505: Use after free in speech * CVE-2020-6506: Insufficient policy enforcement in WebView * CVE-2020-6507: Out of bounds write in V8 Other fixes: - Add patch to work with new ffmpeg wrt boo#1173292: - Add multimedia fix for disabled location and also try one additional patch from Debian on the same issue boo#1173107 - Disable wayland integration on 15.x boo#1173187 boo#1173188 boo#1173254 - Enforce to not use system borders boo#1173063 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-893 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PJ7X57IWGLSUHYBIMARADLW7OWMGZ2JB/ E-Mail link for openSUSE-SU-2020:0893-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1173029 SUSE Bug 1173029 https://bugzilla.suse.com/1173063 SUSE Bug 1173063 https://bugzilla.suse.com/1173107 SUSE Bug 1173107 https://bugzilla.suse.com/1173187 SUSE Bug 1173187 https://bugzilla.suse.com/1173188 SUSE Bug 1173188 https://bugzilla.suse.com/1173251 SUSE Bug 1173251 https://bugzilla.suse.com/1173254 SUSE Bug 1173254 https://bugzilla.suse.com/1173292 SUSE Bug 1173292 https://www.suse.com/security/cve/CVE-2020-6505/ SUSE CVE CVE-2020-6505 page https://www.suse.com/security/cve/CVE-2020-6506/ SUSE CVE CVE-2020-6506 page https://www.suse.com/security/cve/CVE-2020-6507/ SUSE CVE CVE-2020-6507 page https://www.suse.com/security/cve/CVE-2020-6509/ SUSE CVE CVE-2020-6509 page openSUSE Leap 15.2 chromedriver-83.0.4103.116-lp152.2.3.1 chromium-83.0.4103.116-lp152.2.3.1 chromedriver-83.0.4103.116-lp152.2.3.1 as a component of openSUSE Leap 15.2 chromium-83.0.4103.116-lp152.2.3.1 as a component of openSUSE Leap 15.2 Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6505 openSUSE Leap 15.2:chromedriver-83.0.4103.116-lp152.2.3.1 openSUSE Leap 15.2:chromium-83.0.4103.116-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PJ7X57IWGLSUHYBIMARADLW7OWMGZ2JB/ https://www.suse.com/security/cve/CVE-2020-6505.html CVE-2020-6505 https://bugzilla.suse.com/1173029 SUSE Bug 1173029 Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2020-6506 openSUSE Leap 15.2:chromedriver-83.0.4103.116-lp152.2.3.1 openSUSE Leap 15.2:chromium-83.0.4103.116-lp152.2.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PJ7X57IWGLSUHYBIMARADLW7OWMGZ2JB/ https://www.suse.com/security/cve/CVE-2020-6506.html CVE-2020-6506 https://bugzilla.suse.com/1173029 SUSE Bug 1173029 Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6507 openSUSE Leap 15.2:chromedriver-83.0.4103.116-lp152.2.3.1 openSUSE Leap 15.2:chromium-83.0.4103.116-lp152.2.3.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PJ7X57IWGLSUHYBIMARADLW7OWMGZ2JB/ https://www.suse.com/security/cve/CVE-2020-6507.html CVE-2020-6507 https://bugzilla.suse.com/1173029 SUSE Bug 1173029 Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6509 openSUSE Leap 15.2:chromedriver-83.0.4103.116-lp152.2.3.1 openSUSE Leap 15.2:chromium-83.0.4103.116-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PJ7X57IWGLSUHYBIMARADLW7OWMGZ2JB/ https://www.suse.com/security/cve/CVE-2020-6509.html CVE-2020-6509 https://bugzilla.suse.com/1173251 SUSE Bug 1173251