Bug 1167090 (CVE-2020-6422)

Summary: VUL-0: CVE-2020-6422: chromium: multiple security issues fixed in 80.0.3987.149
Product: [openSUSE] openSUSE Distribution Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P2 - High CC: security-team
Version: Leap 15.1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2020-03-19 10:56:24 UTC
This update includes 13 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

High CVE-2020-6422: Use after free in WebGL. 
High CVE-2020-6424: Use after free in media. 
High CVE-2020-6425: Insufficient policy enforcement in extensions. 
High CVE-2020-6426: Inappropriate implementation in V8. 
High CVE-2020-6427: Use after free in audio. 
High CVE-2020-6428: Use after free in audio. 
High CVE-2020-6429: Use after free in audio. 
High CVE-2019-20503: Out of bounds read in usersctplib.
High CVE-2020-6449: Use after free in audio. 
Various fixes from internal audits, fuzzing and other initiatives

https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
Comment 1 Tomáš Chvátal 2020-03-19 12:12:29 UTC
submitted to all codestreams.
Comment 2 Swamp Workflow Management 2020-03-22 14:12:46 UTC
openSUSE-SU-2020:0365-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1167090
CVE References: CVE-2019-20503,CVE-2020-6422,CVE-2020-6424,CVE-2020-6425,CVE-2020-6426,CVE-2020-6427,CVE-2020-6428,CVE-2020-6429,CVE-2020-6449
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-80.0.3987.149-41.1
Comment 3 Swamp Workflow Management 2020-03-22 14:14:04 UTC
openSUSE-SU-2020:0365-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1167090
CVE References: CVE-2019-20503,CVE-2020-6422,CVE-2020-6424,CVE-2020-6425,CVE-2020-6426,CVE-2020-6427,CVE-2020-6428,CVE-2020-6429,CVE-2020-6449
Sources used:
openSUSE Leap 15.1 (src):    chromium-80.0.3987.149-lp151.2.73.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-80.0.3987.149-41.1
Comment 4 Marcus Meissner 2020-03-23 10:33:50 UTC
rteleased
Comment 5 Swamp Workflow Management 2020-03-27 11:17:09 UTC
openSUSE-SU-2020:0389-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1167090
CVE References: CVE-2019-20503,CVE-2020-6422,CVE-2020-6424,CVE-2020-6425,CVE-2020-6426,CVE-2020-6427,CVE-2020-6428,CVE-2020-6429,CVE-2020-6449
Sources used:
openSUSE Backports SLE-15-SP1 (src):    chromium-80.0.3987.149-bp151.3.63.3