Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1937-1 Final 1 1 2020-11-15T19:26:30Z current 2020-11-15T19:26:30Z 2020-11-15T19:26:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: - Update to 86.0.4240.183 boo#1178375 - CVE-2020-16004: Use after free in user interface. - CVE-2020-16005: Insufficient policy enforcement in ANGLE. - CVE-2020-16006: Inappropriate implementation in V8 - CVE-2020-16007: Insufficient data validation in installer. - CVE-2020-16008: Stack buffer overflow in WebRTC. - CVE-2020-16009: Inappropriate implementation in V8. - CVE-2020-16011: Heap buffer overflow in UI on Windows. This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1937 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABZ54FWLCGQJEV7RPVRMYY7B5D4OPJ4P/ E-Mail link for openSUSE-SU-2020:1937-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1178375 SUSE Bug 1178375 https://www.suse.com/security/cve/CVE-2020-16004/ SUSE CVE CVE-2020-16004 page https://www.suse.com/security/cve/CVE-2020-16005/ SUSE CVE CVE-2020-16005 page https://www.suse.com/security/cve/CVE-2020-16006/ SUSE CVE CVE-2020-16006 page https://www.suse.com/security/cve/CVE-2020-16007/ SUSE CVE CVE-2020-16007 page https://www.suse.com/security/cve/CVE-2020-16008/ SUSE CVE CVE-2020-16008 page https://www.suse.com/security/cve/CVE-2020-16009/ SUSE CVE CVE-2020-16009 page https://www.suse.com/security/cve/CVE-2020-16011/ SUSE CVE CVE-2020-16011 page SUSE Package Hub 15 SP1 chromedriver-86.0.4240.183-bp151.3.125.1 chromium-86.0.4240.183-bp151.3.125.1 chromedriver-86.0.4240.183-bp151.3.125.1 as a component of SUSE Package Hub 15 SP1 chromium-86.0.4240.183-bp151.3.125.1 as a component of SUSE Package Hub 15 SP1 Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16004 SUSE Package Hub 15 SP1:chromedriver-86.0.4240.183-bp151.3.125.1 SUSE Package Hub 15 SP1:chromium-86.0.4240.183-bp151.3.125.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABZ54FWLCGQJEV7RPVRMYY7B5D4OPJ4P/ https://www.suse.com/security/cve/CVE-2020-16004.html CVE-2020-16004 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16005 SUSE Package Hub 15 SP1:chromedriver-86.0.4240.183-bp151.3.125.1 SUSE Package Hub 15 SP1:chromium-86.0.4240.183-bp151.3.125.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABZ54FWLCGQJEV7RPVRMYY7B5D4OPJ4P/ https://www.suse.com/security/cve/CVE-2020-16005.html CVE-2020-16005 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16006 SUSE Package Hub 15 SP1:chromedriver-86.0.4240.183-bp151.3.125.1 SUSE Package Hub 15 SP1:chromium-86.0.4240.183-bp151.3.125.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABZ54FWLCGQJEV7RPVRMYY7B5D4OPJ4P/ https://www.suse.com/security/cve/CVE-2020-16006.html CVE-2020-16006 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. CVE-2020-16007 SUSE Package Hub 15 SP1:chromedriver-86.0.4240.183-bp151.3.125.1 SUSE Package Hub 15 SP1:chromium-86.0.4240.183-bp151.3.125.1 critical 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABZ54FWLCGQJEV7RPVRMYY7B5D4OPJ4P/ https://www.suse.com/security/cve/CVE-2020-16007.html CVE-2020-16007 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. CVE-2020-16008 SUSE Package Hub 15 SP1:chromedriver-86.0.4240.183-bp151.3.125.1 SUSE Package Hub 15 SP1:chromium-86.0.4240.183-bp151.3.125.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABZ54FWLCGQJEV7RPVRMYY7B5D4OPJ4P/ https://www.suse.com/security/cve/CVE-2020-16008.html CVE-2020-16008 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16009 SUSE Package Hub 15 SP1:chromedriver-86.0.4240.183-bp151.3.125.1 SUSE Package Hub 15 SP1:chromium-86.0.4240.183-bp151.3.125.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABZ54FWLCGQJEV7RPVRMYY7B5D4OPJ4P/ https://www.suse.com/security/cve/CVE-2020-16009.html CVE-2020-16009 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16011 SUSE Package Hub 15 SP1:chromedriver-86.0.4240.183-bp151.3.125.1 SUSE Package Hub 15 SP1:chromium-86.0.4240.183-bp151.3.125.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABZ54FWLCGQJEV7RPVRMYY7B5D4OPJ4P/ https://www.suse.com/security/cve/CVE-2020-16011.html CVE-2020-16011 https://bugzilla.suse.com/1178375 SUSE Bug 1178375