Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0519-1 Final 1 1 2020-04-15T04:09:21Z current 2020-04-15T04:09:21Z 2020-04-15T04:09:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium was updated to 81.0.4044.92 boo#1168911: * CVE-2020-6454: Use after free in extensions * CVE-2020-6423: Use after free in audio * CVE-2020-6455: Out of bounds read in WebSQL * CVE-2020-6430: Type Confusion in V8 * CVE-2020-6456: Insufficient validation of untrusted input in clipboard * CVE-2020-6431: Insufficient policy enforcement in full screen * CVE-2020-6432: Insufficient policy enforcement in navigations * CVE-2020-6433: Insufficient policy enforcement in extensions * CVE-2020-6434: Use after free in devtools * CVE-2020-6435: Insufficient policy enforcement in extensions * CVE-2020-6436: Use after free in window management * CVE-2020-6437: Inappropriate implementation in WebView * CVE-2020-6438: Insufficient policy enforcement in extensions * CVE-2020-6439: Insufficient policy enforcement in navigations * CVE-2020-6440: Inappropriate implementation in extensions * CVE-2020-6441: Insufficient policy enforcement in omnibox * CVE-2020-6442: Inappropriate implementation in cache * CVE-2020-6443: Insufficient data validation in developer tools * CVE-2020-6444: Uninitialized Use in WebRTC * CVE-2020-6445: Insufficient policy enforcement in trusted types * CVE-2020-6446: Insufficient policy enforcement in trusted types * CVE-2020-6447: Inappropriate implementation in developer tools * CVE-2020-6448: Use after free in V8 Chromium was updated to 80.0.3987.162 boo#1168421: * CVE-2020-6450: Use after free in WebAudio. * CVE-2020-6451: Use after free in WebAudio. * CVE-2020-6452: Heap buffer overflow in media. - Use a symbolic icon for GNOME The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-519 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ E-Mail link for openSUSE-SU-2020:0519-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1167465 SUSE Bug 1167465 https://bugzilla.suse.com/1168421 SUSE Bug 1168421 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 https://www.suse.com/security/cve/CVE-2020-6423/ SUSE CVE CVE-2020-6423 page https://www.suse.com/security/cve/CVE-2020-6430/ SUSE CVE CVE-2020-6430 page https://www.suse.com/security/cve/CVE-2020-6431/ SUSE CVE CVE-2020-6431 page https://www.suse.com/security/cve/CVE-2020-6432/ SUSE CVE CVE-2020-6432 page https://www.suse.com/security/cve/CVE-2020-6433/ SUSE CVE CVE-2020-6433 page https://www.suse.com/security/cve/CVE-2020-6434/ SUSE CVE CVE-2020-6434 page https://www.suse.com/security/cve/CVE-2020-6435/ SUSE CVE CVE-2020-6435 page https://www.suse.com/security/cve/CVE-2020-6436/ SUSE CVE CVE-2020-6436 page https://www.suse.com/security/cve/CVE-2020-6437/ SUSE CVE CVE-2020-6437 page https://www.suse.com/security/cve/CVE-2020-6438/ SUSE CVE CVE-2020-6438 page https://www.suse.com/security/cve/CVE-2020-6439/ SUSE CVE CVE-2020-6439 page https://www.suse.com/security/cve/CVE-2020-6440/ SUSE CVE CVE-2020-6440 page https://www.suse.com/security/cve/CVE-2020-6441/ SUSE CVE CVE-2020-6441 page https://www.suse.com/security/cve/CVE-2020-6442/ SUSE CVE CVE-2020-6442 page https://www.suse.com/security/cve/CVE-2020-6443/ SUSE CVE CVE-2020-6443 page https://www.suse.com/security/cve/CVE-2020-6444/ SUSE CVE CVE-2020-6444 page https://www.suse.com/security/cve/CVE-2020-6445/ SUSE CVE CVE-2020-6445 page https://www.suse.com/security/cve/CVE-2020-6446/ SUSE CVE CVE-2020-6446 page https://www.suse.com/security/cve/CVE-2020-6447/ SUSE CVE CVE-2020-6447 page https://www.suse.com/security/cve/CVE-2020-6448/ SUSE CVE CVE-2020-6448 page https://www.suse.com/security/cve/CVE-2020-6450/ SUSE CVE CVE-2020-6450 page https://www.suse.com/security/cve/CVE-2020-6451/ SUSE CVE CVE-2020-6451 page https://www.suse.com/security/cve/CVE-2020-6452/ SUSE CVE CVE-2020-6452 page https://www.suse.com/security/cve/CVE-2020-6454/ SUSE CVE CVE-2020-6454 page https://www.suse.com/security/cve/CVE-2020-6455/ SUSE CVE CVE-2020-6455 page https://www.suse.com/security/cve/CVE-2020-6456/ SUSE CVE CVE-2020-6456 page openSUSE Leap 15.1 chromedriver-81.0.4044.92-lp151.2.77.1 chromium-81.0.4044.92-lp151.2.77.1 chromedriver-81.0.4044.92-lp151.2.77.1 as a component of openSUSE Leap 15.1 chromium-81.0.4044.92-lp151.2.77.1 as a component of openSUSE Leap 15.1 Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6423 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6423.html CVE-2020-6423 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6430 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6430.html CVE-2020-6430 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6431 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6431.html CVE-2020-6431 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6432 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6432.html CVE-2020-6432 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6433 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6433.html CVE-2020-6433 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6434 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6434.html CVE-2020-6434 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. CVE-2020-6435 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6435.html CVE-2020-6435 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6436 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6436.html CVE-2020-6436 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. CVE-2020-6437 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6437.html CVE-2020-6437 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. CVE-2020-6438 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6438.html CVE-2020-6438 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. CVE-2020-6439 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6439.html CVE-2020-6439 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. CVE-2020-6440 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6440.html CVE-2020-6440 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. CVE-2020-6441 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6441.html CVE-2020-6441 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6442 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6442.html CVE-2020-6442 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. CVE-2020-6443 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6443.html CVE-2020-6443 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6444 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6444.html CVE-2020-6444 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6445 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6445.html CVE-2020-6445 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6446 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6446.html CVE-2020-6446 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6447 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6447.html CVE-2020-6447 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6448 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6448.html CVE-2020-6448 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6450 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6450.html CVE-2020-6450 https://bugzilla.suse.com/1168421 SUSE Bug 1168421 Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6451 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6451.html CVE-2020-6451 https://bugzilla.suse.com/1168421 SUSE Bug 1168421 Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6452 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6452.html CVE-2020-6452 https://bugzilla.suse.com/1168421 SUSE Bug 1168421 Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2020-6454 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6454.html CVE-2020-6454 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6455 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6455.html CVE-2020-6455 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. CVE-2020-6456 openSUSE Leap 15.1:chromedriver-81.0.4044.92-lp151.2.77.1 openSUSE Leap 15.1:chromium-81.0.4044.92-lp151.2.77.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/ https://www.suse.com/security/cve/CVE-2020-6456.html CVE-2020-6456 https://bugzilla.suse.com/1168911 SUSE Bug 1168911