Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:2181-1 Final 1 1 2020-12-07T08:14:34Z current 2020-12-07T08:14:34Z 2020-12-07T08:14:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Update to 87.0.4280.88 (boo#1179576) - CVE-2020-16037: Use after free in clipboard - CVE-2020-16038: Use after free in media - CVE-2020-16039: Use after free in extensions - CVE-2020-16040: Insufficient data validation in V8 - CVE-2020-16041: Out of bounds read in networking - CVE-2020-16042: Uninitialized Use in V8 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-2181 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CDMZGVMNSMD6LDMI25NDRZ36NEBSFUHY/ E-Mail link for openSUSE-SU-2020:2181-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1179576 SUSE Bug 1179576 https://www.suse.com/security/cve/CVE-2020-16037/ SUSE CVE CVE-2020-16037 page https://www.suse.com/security/cve/CVE-2020-16038/ SUSE CVE CVE-2020-16038 page https://www.suse.com/security/cve/CVE-2020-16039/ SUSE CVE CVE-2020-16039 page https://www.suse.com/security/cve/CVE-2020-16040/ SUSE CVE CVE-2020-16040 page https://www.suse.com/security/cve/CVE-2020-16041/ SUSE CVE CVE-2020-16041 page https://www.suse.com/security/cve/CVE-2020-16042/ SUSE CVE CVE-2020-16042 page openSUSE Leap 15.2 chromedriver-87.0.4280.88-lp152.2.57.1 chromium-87.0.4280.88-lp152.2.57.1 chromedriver-87.0.4280.88-lp152.2.57.1 as a component of openSUSE Leap 15.2 chromium-87.0.4280.88-lp152.2.57.1 as a component of openSUSE Leap 15.2 Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16037 openSUSE Leap 15.2:chromedriver-87.0.4280.88-lp152.2.57.1 openSUSE Leap 15.2:chromium-87.0.4280.88-lp152.2.57.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CDMZGVMNSMD6LDMI25NDRZ36NEBSFUHY/ https://www.suse.com/security/cve/CVE-2020-16037.html CVE-2020-16037 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16038 openSUSE Leap 15.2:chromedriver-87.0.4280.88-lp152.2.57.1 openSUSE Leap 15.2:chromium-87.0.4280.88-lp152.2.57.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CDMZGVMNSMD6LDMI25NDRZ36NEBSFUHY/ https://www.suse.com/security/cve/CVE-2020-16038.html CVE-2020-16038 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16039 openSUSE Leap 15.2:chromedriver-87.0.4280.88-lp152.2.57.1 openSUSE Leap 15.2:chromium-87.0.4280.88-lp152.2.57.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CDMZGVMNSMD6LDMI25NDRZ36NEBSFUHY/ https://www.suse.com/security/cve/CVE-2020-16039.html CVE-2020-16039 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16040 openSUSE Leap 15.2:chromedriver-87.0.4280.88-lp152.2.57.1 openSUSE Leap 15.2:chromium-87.0.4280.88-lp152.2.57.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CDMZGVMNSMD6LDMI25NDRZ36NEBSFUHY/ https://www.suse.com/security/cve/CVE-2020-16040.html CVE-2020-16040 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-16041 openSUSE Leap 15.2:chromedriver-87.0.4280.88-lp152.2.57.1 openSUSE Leap 15.2:chromium-87.0.4280.88-lp152.2.57.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CDMZGVMNSMD6LDMI25NDRZ36NEBSFUHY/ https://www.suse.com/security/cve/CVE-2020-16041.html CVE-2020-16041 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-16042 openSUSE Leap 15.2:chromedriver-87.0.4280.88-lp152.2.57.1 openSUSE Leap 15.2:chromium-87.0.4280.88-lp152.2.57.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CDMZGVMNSMD6LDMI25NDRZ36NEBSFUHY/ https://www.suse.com/security/cve/CVE-2020-16042.html CVE-2020-16042 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 https://bugzilla.suse.com/1180039 SUSE Bug 1180039