Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0823-1 Final 1 1 2020-06-17T16:18:21Z current 2020-06-17T16:18:21Z 2020-06-17T16:18:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496): * CVE-2020-6463: Use after free in ANGLE (boo#1170107 boo#1171975). * CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21 * CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26 * CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06 * CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30 * CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02 * CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30 * CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08 * CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25 * CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06 * CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07 * CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31 * CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18 * CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26 * CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24 * CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14 * CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21 * CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07 * CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17 * CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23 * CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26 * CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30 * CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24 * CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06 * CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21 * CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10 * CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19 * CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07 * CVE-2020-6493: Use after free in WebAuthentication. * CVE-2020-6494: Incorrect security UI in payments. * CVE-2020-6495: Insufficient policy enforcement in developer tools. * CVE-2020-6496: Use after free in payments. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-823 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ E-Mail link for openSUSE-SU-2020:0823-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1170107 SUSE Bug 1170107 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 https://bugzilla.suse.com/1171975 SUSE Bug 1171975 https://bugzilla.suse.com/1172496 SUSE Bug 1172496 https://www.suse.com/security/cve/CVE-2020-6463/ SUSE CVE CVE-2020-6463 page https://www.suse.com/security/cve/CVE-2020-6465/ SUSE CVE CVE-2020-6465 page https://www.suse.com/security/cve/CVE-2020-6466/ SUSE CVE CVE-2020-6466 page https://www.suse.com/security/cve/CVE-2020-6467/ SUSE CVE CVE-2020-6467 page https://www.suse.com/security/cve/CVE-2020-6468/ SUSE CVE CVE-2020-6468 page https://www.suse.com/security/cve/CVE-2020-6469/ SUSE CVE CVE-2020-6469 page https://www.suse.com/security/cve/CVE-2020-6470/ SUSE CVE CVE-2020-6470 page https://www.suse.com/security/cve/CVE-2020-6471/ SUSE CVE CVE-2020-6471 page https://www.suse.com/security/cve/CVE-2020-6472/ SUSE CVE CVE-2020-6472 page https://www.suse.com/security/cve/CVE-2020-6473/ SUSE CVE CVE-2020-6473 page https://www.suse.com/security/cve/CVE-2020-6474/ SUSE CVE CVE-2020-6474 page https://www.suse.com/security/cve/CVE-2020-6475/ SUSE CVE CVE-2020-6475 page https://www.suse.com/security/cve/CVE-2020-6476/ SUSE CVE CVE-2020-6476 page https://www.suse.com/security/cve/CVE-2020-6477/ SUSE CVE CVE-2020-6477 page https://www.suse.com/security/cve/CVE-2020-6478/ SUSE CVE CVE-2020-6478 page https://www.suse.com/security/cve/CVE-2020-6479/ SUSE CVE CVE-2020-6479 page https://www.suse.com/security/cve/CVE-2020-6480/ SUSE CVE CVE-2020-6480 page https://www.suse.com/security/cve/CVE-2020-6481/ SUSE CVE CVE-2020-6481 page https://www.suse.com/security/cve/CVE-2020-6482/ SUSE CVE CVE-2020-6482 page https://www.suse.com/security/cve/CVE-2020-6483/ SUSE CVE CVE-2020-6483 page https://www.suse.com/security/cve/CVE-2020-6484/ SUSE CVE CVE-2020-6484 page https://www.suse.com/security/cve/CVE-2020-6485/ SUSE CVE CVE-2020-6485 page https://www.suse.com/security/cve/CVE-2020-6486/ SUSE CVE CVE-2020-6486 page https://www.suse.com/security/cve/CVE-2020-6487/ SUSE CVE CVE-2020-6487 page https://www.suse.com/security/cve/CVE-2020-6488/ SUSE CVE CVE-2020-6488 page https://www.suse.com/security/cve/CVE-2020-6489/ SUSE CVE CVE-2020-6489 page https://www.suse.com/security/cve/CVE-2020-6490/ SUSE CVE CVE-2020-6490 page https://www.suse.com/security/cve/CVE-2020-6491/ SUSE CVE CVE-2020-6491 page https://www.suse.com/security/cve/CVE-2020-6493/ SUSE CVE CVE-2020-6493 page https://www.suse.com/security/cve/CVE-2020-6494/ SUSE CVE CVE-2020-6494 page https://www.suse.com/security/cve/CVE-2020-6495/ SUSE CVE CVE-2020-6495 page https://www.suse.com/security/cve/CVE-2020-6496/ SUSE CVE CVE-2020-6496 page openSUSE Leap 15.1 chromedriver-83.0.4103.97-lp151.2.96.1 chromium-83.0.4103.97-lp151.2.96.1 chromedriver-83.0.4103.97-lp151.2.96.1 as a component of openSUSE Leap 15.1 chromium-83.0.4103.97-lp151.2.96.1 as a component of openSUSE Leap 15.1 Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6463 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6463.html CVE-2020-6463 https://bugzilla.suse.com/1171975 SUSE Bug 1171975 https://bugzilla.suse.com/1174538 SUSE Bug 1174538 Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6465 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6465.html CVE-2020-6465 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6466 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6466.html CVE-2020-6466 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6467 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6467.html CVE-2020-6467 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6468 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6468.html CVE-2020-6468 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6469 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6469.html CVE-2020-6469 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. CVE-2020-6470 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6470.html CVE-2020-6470 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6471 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6471.html CVE-2020-6471 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. CVE-2020-6472 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6472.html CVE-2020-6472 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6473 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6473.html CVE-2020-6473 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6474 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6474.html CVE-2020-6474 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6475 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6475.html CVE-2020-6475 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2020-6476 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6476.html CVE-2020-6476 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. CVE-2020-6477 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6477.html CVE-2020-6477 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6478 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6478.html CVE-2020-6478 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6479 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6479.html CVE-2020-6479 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions. CVE-2020-6480 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6480.html CVE-2020-6480 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name. CVE-2020-6481 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6481.html CVE-2020-6481 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2020-6482 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6482.html CVE-2020-6482 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6483 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6483.html CVE-2020-6483 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. CVE-2020-6484 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6484.html CVE-2020-6484 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. CVE-2020-6485 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6485.html CVE-2020-6485 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6486 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6486.html CVE-2020-6486 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6487 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6487.html CVE-2020-6487 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6488 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6488.html CVE-2020-6488 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. CVE-2020-6489 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6489.html CVE-2020-6489 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. CVE-2020-6490 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6490.html CVE-2020-6490 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. CVE-2020-6491 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6491.html CVE-2020-6491 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6493 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6493.html CVE-2020-6493 https://bugzilla.suse.com/1172496 SUSE Bug 1172496 Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-6494 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6494.html CVE-2020-6494 https://bugzilla.suse.com/1172496 SUSE Bug 1172496 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6495 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6495.html CVE-2020-6495 https://bugzilla.suse.com/1172496 SUSE Bug 1172496 Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6496 openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1 openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/ https://www.suse.com/security/cve/CVE-2020-6496.html CVE-2020-6496 https://bugzilla.suse.com/1172496 SUSE Bug 1172496