Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0210-1 Final 1 1 2020-02-12T05:12:32Z current 2020-02-12T05:12:32Z 2020-02-12T05:12:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium was updated to version 80.0.3987.87 (boo#1162833). Security issues fixed: - CVE-2020-6381: Integer overflow in JavaScript (boo#1162833). - CVE-2020-6382: Type Confusion in JavaScript (boo#1162833). - CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833). - CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833). - CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833). - CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833). - CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833). - CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6390: Out of bounds memory access in streams (boo#1162833). - CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833). - CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833). - CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833). - CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833). - CVE-2020-6397: Incorrect security UI in sharing (boo#1162833). - CVE-2020-6398: Uninitialized use in PDFium (boo#1162833). - CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833). - CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833). - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833). - CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833). - CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6405: Out of bounds read in SQLite (boo#1162833). - CVE-2020-6406: Use after free in audio (boo#1162833). - CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833). - CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833). - CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833). - CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833). - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833). - CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833). - CVE-2020-6416: Insufficient data validation in streams (boo#1162833). - CVE-2020-6417: Inappropriate implementation in installer (boo#1162833). This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-210 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ E-Mail link for openSUSE-SU-2020:0210-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1162833 SUSE Bug 1162833 https://www.suse.com/security/cve/CVE-2019-18197/ SUSE CVE CVE-2019-18197 page https://www.suse.com/security/cve/CVE-2019-19880/ SUSE CVE CVE-2019-19880 page https://www.suse.com/security/cve/CVE-2019-19923/ SUSE CVE CVE-2019-19923 page https://www.suse.com/security/cve/CVE-2019-19925/ SUSE CVE CVE-2019-19925 page https://www.suse.com/security/cve/CVE-2019-19926/ SUSE CVE CVE-2019-19926 page https://www.suse.com/security/cve/CVE-2020-6381/ SUSE CVE CVE-2020-6381 page https://www.suse.com/security/cve/CVE-2020-6382/ SUSE CVE CVE-2020-6382 page https://www.suse.com/security/cve/CVE-2020-6385/ SUSE CVE CVE-2020-6385 page https://www.suse.com/security/cve/CVE-2020-6387/ SUSE CVE CVE-2020-6387 page https://www.suse.com/security/cve/CVE-2020-6388/ SUSE CVE CVE-2020-6388 page https://www.suse.com/security/cve/CVE-2020-6389/ SUSE CVE CVE-2020-6389 page https://www.suse.com/security/cve/CVE-2020-6390/ SUSE CVE CVE-2020-6390 page https://www.suse.com/security/cve/CVE-2020-6391/ SUSE CVE CVE-2020-6391 page https://www.suse.com/security/cve/CVE-2020-6392/ SUSE CVE CVE-2020-6392 page https://www.suse.com/security/cve/CVE-2020-6393/ SUSE CVE CVE-2020-6393 page https://www.suse.com/security/cve/CVE-2020-6394/ SUSE CVE CVE-2020-6394 page https://www.suse.com/security/cve/CVE-2020-6395/ SUSE CVE CVE-2020-6395 page https://www.suse.com/security/cve/CVE-2020-6396/ SUSE CVE CVE-2020-6396 page https://www.suse.com/security/cve/CVE-2020-6397/ SUSE CVE CVE-2020-6397 page https://www.suse.com/security/cve/CVE-2020-6398/ SUSE CVE CVE-2020-6398 page https://www.suse.com/security/cve/CVE-2020-6399/ SUSE CVE CVE-2020-6399 page https://www.suse.com/security/cve/CVE-2020-6400/ SUSE CVE CVE-2020-6400 page https://www.suse.com/security/cve/CVE-2020-6401/ SUSE CVE CVE-2020-6401 page https://www.suse.com/security/cve/CVE-2020-6402/ SUSE CVE CVE-2020-6402 page https://www.suse.com/security/cve/CVE-2020-6403/ SUSE CVE CVE-2020-6403 page https://www.suse.com/security/cve/CVE-2020-6404/ SUSE CVE CVE-2020-6404 page https://www.suse.com/security/cve/CVE-2020-6405/ SUSE CVE CVE-2020-6405 page https://www.suse.com/security/cve/CVE-2020-6406/ SUSE CVE CVE-2020-6406 page https://www.suse.com/security/cve/CVE-2020-6408/ SUSE CVE CVE-2020-6408 page https://www.suse.com/security/cve/CVE-2020-6409/ SUSE CVE CVE-2020-6409 page https://www.suse.com/security/cve/CVE-2020-6410/ SUSE CVE CVE-2020-6410 page https://www.suse.com/security/cve/CVE-2020-6411/ SUSE CVE CVE-2020-6411 page https://www.suse.com/security/cve/CVE-2020-6412/ SUSE CVE CVE-2020-6412 page https://www.suse.com/security/cve/CVE-2020-6413/ SUSE CVE CVE-2020-6413 page https://www.suse.com/security/cve/CVE-2020-6414/ SUSE CVE CVE-2020-6414 page https://www.suse.com/security/cve/CVE-2020-6415/ SUSE CVE CVE-2020-6415 page https://www.suse.com/security/cve/CVE-2020-6416/ SUSE CVE CVE-2020-6416 page https://www.suse.com/security/cve/CVE-2020-6417/ SUSE CVE CVE-2020-6417 page SUSE Package Hub 15 SP1 chromedriver-80.0.3987.87-bp151.3.59.1 chromium-80.0.3987.87-bp151.3.59.1 chromedriver-80.0.3987.87-bp151.3.59.1 as a component of SUSE Package Hub 15 SP1 chromium-80.0.3987.87-bp151.3.59.1 as a component of SUSE Package Hub 15 SP1 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. CVE-2019-18197 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2019-18197.html CVE-2019-18197 https://bugzilla.suse.com/1154609 SUSE Bug 1154609 https://bugzilla.suse.com/1157028 SUSE Bug 1157028 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1190108 SUSE Bug 1190108 exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. CVE-2019-19880 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2019-19880.html CVE-2019-19880 https://bugzilla.suse.com/1159491 SUSE Bug 1159491 https://bugzilla.suse.com/1159715 SUSE Bug 1159715 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). CVE-2019-19923 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2019-19923.html CVE-2019-19923 https://bugzilla.suse.com/1160309 SUSE Bug 1160309 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. CVE-2019-19925 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2019-19925.html CVE-2019-19925 https://bugzilla.suse.com/1159847 SUSE Bug 1159847 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. CVE-2019-19926 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2019-19926.html CVE-2019-19926 https://bugzilla.suse.com/1159491 SUSE Bug 1159491 https://bugzilla.suse.com/1159715 SUSE Bug 1159715 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6381 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6381.html CVE-2020-6381 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6382 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6382.html CVE-2020-6382 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2020-6385 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6385.html CVE-2020-6385 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. CVE-2020-6387 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6387.html CVE-2020-6387 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6388 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6388.html CVE-2020-6388 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. CVE-2020-6389 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6389.html CVE-2020-6389 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6390 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6390.html CVE-2020-6390 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. CVE-2020-6391 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6391.html CVE-2020-6391 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2020-6392 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6392.html CVE-2020-6392 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6393 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6393.html CVE-2020-6393 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6394 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6394.html CVE-2020-6394 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6395 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6395.html CVE-2020-6395 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-6396 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6396.html CVE-2020-6396 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6397 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6397.html CVE-2020-6397 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-6398 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6398.html CVE-2020-6398 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6399 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6399.html CVE-2020-6399 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6400 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6400.html CVE-2020-6400 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2020-6401 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6401.html CVE-2020-6401 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. CVE-2020-6402 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6402.html CVE-2020-6402 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-6403 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6403.html CVE-2020-6403 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6404 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6404.html CVE-2020-6404 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6405 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6405.html CVE-2020-6405 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6406 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6406.html CVE-2020-6406 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. CVE-2020-6408 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6408.html CVE-2020-6408 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name. CVE-2020-6409 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6409.html CVE-2020-6409 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. CVE-2020-6410 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6410.html CVE-2020-6410 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2020-6411 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6411.html CVE-2020-6411 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2020-6412 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6412.html CVE-2020-6412 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. CVE-2020-6413 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6413.html CVE-2020-6413 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6414 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6414.html CVE-2020-6414 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6415 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6415.html CVE-2020-6415 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6416 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6416.html CVE-2020-6416 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. CVE-2020-6417 SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1 SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/ https://www.suse.com/security/cve/CVE-2020-6417.html CVE-2020-6417 https://bugzilla.suse.com/1162833 SUSE Bug 1162833