Security update for chromium, gn SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1829-1 Final 1 1 2020-11-05T08:42:50Z current 2020-11-05T08:42:50Z 2020-11-05T08:42:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium, gn This update for chromium, gn fixes the following issues: chromium was updated to 86.0.4240.183 boo#1178375 - CVE-2020-16004: Use after free in user interface. - CVE-2020-16005: Insufficient policy enforcement in ANGLE. - CVE-2020-16006: Inappropriate implementation in V8 - CVE-2020-16007: Insufficient data validation in installer. - CVE-2020-16008: Stack buffer overflow in WebRTC. - CVE-2020-16009: Inappropriate implementation in V8. - CVE-2020-16011: Heap buffer overflow in UI on Windows. Update to 86.0.4240.111 boo#1177936 - CVE-2020-16000: Inappropriate implementation in Blink. - CVE-2020-16001: Use after free in media. - CVE-2020-16002: Use after free in PDFium. - CVE-2020-15999: Heap buffer overflow in Freetype. - CVE-2020-16003: Use after free in printing. - chromium-86-f_seal.patch: F_SEAL* definitions added for leap 15.1 and 15.2 - Remove vdpau->vaapi bridge as it breaks a lot: (fixes welcome by someone else than me) - Fix cookiemonster: Update to 86.0.4240.75 boo#1177408: * CVE-2020-15967: Use after free in payments. * CVE-2020-15968: Use after free in Blink. * CVE-2020-15969: Use after free in WebRTC. * CVE-2020-15970: Use after free in NFC. * CVE-2020-15971: Use after free in printing. * CVE-2020-15972: Use after free in audio. * CVE-2020-15990: Use after free in autofill. * CVE-2020-15991: Use after free in password manager. * CVE-2020-15973: Insufficient policy enforcement in extensions. * CVE-2020-15974: Integer overflow in Blink. * CVE-2020-15975: Integer overflow in SwiftShader. * CVE-2020-15976: Use after free in WebXR. * CVE-2020-6557: Inappropriate implementation in networking. * CVE-2020-15977: Insufficient data validation in dialogs. * CVE-2020-15978: Insufficient data validation in navigation. * CVE-2020-15979: Inappropriate implementation in V8. * CVE-2020-15980: Insufficient policy enforcement in Intents. * CVE-2020-15981: Out of bounds read in audio. * CVE-2020-15982: Side-channel information leakage in cache. * CVE-2020-15983: Insufficient data validation in webUI. * CVE-2020-15984: Insufficient policy enforcement in Omnibox. * CVE-2020-15985: Inappropriate implementation in Blink. * CVE-2020-15986: Integer overflow in media. * CVE-2020-15987: Use after free in WebRTC. * CVE-2020-15992: Insufficient policy enforcement in networking. * CVE-2020-15988: Insufficient policy enforcement in downloads. * CVE-2020-15989: Uninitialized Use in PDFium. - Update to 0.1807: * no upstream changelog The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1829 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ E-Mail link for openSUSE-SU-2020:1829-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177408 SUSE Bug 1177408 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 https://www.suse.com/security/cve/CVE-2020-15967/ SUSE CVE CVE-2020-15967 page https://www.suse.com/security/cve/CVE-2020-15968/ SUSE CVE CVE-2020-15968 page https://www.suse.com/security/cve/CVE-2020-15969/ SUSE CVE CVE-2020-15969 page https://www.suse.com/security/cve/CVE-2020-15970/ SUSE CVE CVE-2020-15970 page https://www.suse.com/security/cve/CVE-2020-15971/ SUSE CVE CVE-2020-15971 page https://www.suse.com/security/cve/CVE-2020-15972/ SUSE CVE CVE-2020-15972 page https://www.suse.com/security/cve/CVE-2020-15973/ SUSE CVE CVE-2020-15973 page https://www.suse.com/security/cve/CVE-2020-15974/ SUSE CVE CVE-2020-15974 page https://www.suse.com/security/cve/CVE-2020-15975/ SUSE CVE CVE-2020-15975 page https://www.suse.com/security/cve/CVE-2020-15976/ SUSE CVE CVE-2020-15976 page https://www.suse.com/security/cve/CVE-2020-15977/ SUSE CVE CVE-2020-15977 page https://www.suse.com/security/cve/CVE-2020-15978/ SUSE CVE CVE-2020-15978 page https://www.suse.com/security/cve/CVE-2020-15979/ SUSE CVE CVE-2020-15979 page https://www.suse.com/security/cve/CVE-2020-15980/ SUSE CVE CVE-2020-15980 page https://www.suse.com/security/cve/CVE-2020-15981/ SUSE CVE CVE-2020-15981 page https://www.suse.com/security/cve/CVE-2020-15982/ SUSE CVE CVE-2020-15982 page https://www.suse.com/security/cve/CVE-2020-15983/ SUSE CVE CVE-2020-15983 page https://www.suse.com/security/cve/CVE-2020-15984/ SUSE CVE CVE-2020-15984 page https://www.suse.com/security/cve/CVE-2020-15985/ SUSE CVE CVE-2020-15985 page https://www.suse.com/security/cve/CVE-2020-15986/ SUSE CVE CVE-2020-15986 page https://www.suse.com/security/cve/CVE-2020-15987/ SUSE CVE CVE-2020-15987 page https://www.suse.com/security/cve/CVE-2020-15988/ SUSE CVE CVE-2020-15988 page https://www.suse.com/security/cve/CVE-2020-15989/ SUSE CVE CVE-2020-15989 page https://www.suse.com/security/cve/CVE-2020-15990/ SUSE CVE CVE-2020-15990 page https://www.suse.com/security/cve/CVE-2020-15991/ SUSE CVE CVE-2020-15991 page https://www.suse.com/security/cve/CVE-2020-15992/ SUSE CVE CVE-2020-15992 page https://www.suse.com/security/cve/CVE-2020-15999/ SUSE CVE CVE-2020-15999 page https://www.suse.com/security/cve/CVE-2020-16000/ SUSE CVE CVE-2020-16000 page https://www.suse.com/security/cve/CVE-2020-16001/ SUSE CVE CVE-2020-16001 page https://www.suse.com/security/cve/CVE-2020-16002/ SUSE CVE CVE-2020-16002 page https://www.suse.com/security/cve/CVE-2020-16003/ SUSE CVE CVE-2020-16003 page https://www.suse.com/security/cve/CVE-2020-16004/ SUSE CVE CVE-2020-16004 page https://www.suse.com/security/cve/CVE-2020-16005/ SUSE CVE CVE-2020-16005 page https://www.suse.com/security/cve/CVE-2020-16006/ SUSE CVE CVE-2020-16006 page https://www.suse.com/security/cve/CVE-2020-16007/ SUSE CVE CVE-2020-16007 page https://www.suse.com/security/cve/CVE-2020-16008/ SUSE CVE CVE-2020-16008 page https://www.suse.com/security/cve/CVE-2020-16009/ SUSE CVE CVE-2020-16009 page https://www.suse.com/security/cve/CVE-2020-16011/ SUSE CVE CVE-2020-16011 page https://www.suse.com/security/cve/CVE-2020-6557/ SUSE CVE CVE-2020-6557 page SUSE Package Hub 15 SP2 chromedriver-86.0.4240.183-bp152.2.26.1 chromium-86.0.4240.183-bp152.2.26.1 gn-0.1807-bp152.2.3.4 chromedriver-86.0.4240.183-bp152.2.26.1 as a component of SUSE Package Hub 15 SP2 chromium-86.0.4240.183-bp152.2.26.1 as a component of SUSE Package Hub 15 SP2 gn-0.1807-bp152.2.3.4 as a component of SUSE Package Hub 15 SP2 Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15967 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15967.html CVE-2020-15967 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15968 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15968.html CVE-2020-15968 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15969 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15969.html CVE-2020-15969 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 https://bugzilla.suse.com/1177872 SUSE Bug 1177872 https://bugzilla.suse.com/1177977 SUSE Bug 1177977 Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15970 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15970.html CVE-2020-15970 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15971 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15971.html CVE-2020-15971 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15972 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15972.html CVE-2020-15972 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. CVE-2020-15973 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15973.html CVE-2020-15973 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2020-15974 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15974.html CVE-2020-15974 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15975 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15975.html CVE-2020-15975 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15976 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15976.html CVE-2020-15976 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. CVE-2020-15977 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15977.html CVE-2020-15977 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. CVE-2020-15978 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15978.html CVE-2020-15978 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15979 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15979.html CVE-2020-15979 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. CVE-2020-15980 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15980.html CVE-2020-15980 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-15981 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15981.html CVE-2020-15981 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-15982 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15982.html CVE-2020-15982 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. CVE-2020-15983 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15983.html CVE-2020-15983 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL. CVE-2020-15984 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15984.html CVE-2020-15984 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-15985 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15985.html CVE-2020-15985 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15986 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15986.html CVE-2020-15986 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. CVE-2020-15987 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15987.html CVE-2020-15987 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. CVE-2020-15988 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15988.html CVE-2020-15988 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. CVE-2020-15989 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15989.html CVE-2020-15989 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15990 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15990.html CVE-2020-15990 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15991 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15991.html CVE-2020-15991 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. CVE-2020-15992 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15992.html CVE-2020-15992 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-15999.html CVE-2020-15999 https://bugzilla.suse.com/1177914 SUSE Bug 1177914 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 https://bugzilla.suse.com/1178824 SUSE Bug 1178824 https://bugzilla.suse.com/1178894 SUSE Bug 1178894 Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16000 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16000.html CVE-2020-16000 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16001 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16001.html CVE-2020-16001 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-16002 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16002.html CVE-2020-16002 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16003 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16003.html CVE-2020-16003 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16004 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16004.html CVE-2020-16004 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16005 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16005.html CVE-2020-16005 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16006 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16006.html CVE-2020-16006 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. CVE-2020-16007 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16007.html CVE-2020-16007 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. CVE-2020-16008 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16008.html CVE-2020-16008 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16009 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16009.html CVE-2020-16009 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16011 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-16011.html CVE-2020-16011 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2020-6557 SUSE Package Hub 15 SP2:chromedriver-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:chromium-86.0.4240.183-bp152.2.26.1 SUSE Package Hub 15 SP2:gn-0.1807-bp152.2.3.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/ https://www.suse.com/security/cve/CVE-2020-6557.html CVE-2020-6557 https://bugzilla.suse.com/1177408 SUSE Bug 1177408