Bug 1178923 – VUL-0: chromium: Update to 87.0.4280.66

Bug 1178923 - (CVE-2020-16018) VUL-0: chromium: Update to 87.0.4280.66

(CVE-2020-16018)
Summary:	VUL-0: chromium: Update to 87.0.4280.66

Status:	RESOLVED FIXED

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.1
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major (vote)
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2020-11-18 08:31 UTC by Alexandros Toptsoglou
Modified:	2021-12-15 09:41 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2020-11-18 08:31:43 UTC

CVE-2020-16018: Use after free in payments. 
CVE-2020-16019: Inappropriate implementation in filesystem. 
CVE-2020-16020: Inappropriate implementation in cryptohome. 
CVE-2020-16021: Race in ImageBurner. 
CVE-2020-16022: Insufficient policy enforcement in networking. 
CVE-2020-16015: Insufficient data validation in WASM. R
CVE-2020-16014: Use after free in PPAPI. 
CVE-2020-16023: Use after free in WebCodecs. 
CVE-2020-16024: Heap buffer overflow in UI.
CVE-2020-16025: Heap buffer overflow in clipboard. 
CVE-2020-16026: Use after free in WebRTC. 
CVE-2020-16027: Insufficient policy enforcement in developer tools. R
CVE-2020-16028: Heap buffer overflow in WebRTC. 
CVE-2020-16029: Inappropriate implementation in PDFium. 
CVE-2020-16030: Insufficient data validation in Blink. 
CVE-2019-8075: Insufficient data validation in Flash. 
CVE-2020-16031: Incorrect security UI in tab preview. 
CVE-2020-16032: Incorrect security UI in sharing.
CVE-2020-16033: Incorrect security UI in WebUSB. 
CVE-2020-16034: Inappropriate implementation in WebRTC. 
CVE-2020-16035: Insufficient data validation in cros-disks.
CVE-2020-16012: Side-channel information leakage in graphics. 
CVE-2020-16036: Inappropriate implementation in cookies.

Comment 1 Alexandros Toptsoglou 2020-11-18 08:32:01 UTC

Reference

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

Comment 2 Callum Farmer 2020-11-18 08:35:56 UTC

Yep, should be done today, already have the beta build building without error.

Comment 3 OBSbugzilla Bot 2020-11-19 23:10:11 UTC

This is an autogenerated message for OBS integration:
This bug (1178923) was mentioned in
https://build.opensuse.org/request/show/849507 Factory / chromium
https://build.opensuse.org/request/show/849508 15.1+15.2+Backports:SLE-15-SP1+Backports:SLE-15-SP2 / chromium

Comment 4 OBSbugzilla Bot 2020-11-23 16:30:06 UTC

This is an autogenerated message for OBS integration:
This bug (1178923) was mentioned in
https://build.opensuse.org/request/show/850254 15.2 / chromium
https://build.opensuse.org/request/show/850255 15.1 / chromium
https://build.opensuse.org/request/show/850256 Backports:SLE-15-SP2 / chromium
https://build.opensuse.org/request/show/850257 Backports:SLE-15-SP1 / chromium

Comment 5 Swamp Workflow Management 2020-11-25 05:15:41 UTC

openSUSE-SU-2020:2010-1: An update that fixes 23 vulnerabilities is now available.

Category: security (important)
Bug References: 1178923
CVE References: CVE-2019-8075,CVE-2020-16012,CVE-2020-16014,CVE-2020-16015,CVE-2020-16018,CVE-2020-16019,CVE-2020-16020,CVE-2020-16021,CVE-2020-16022,CVE-2020-16023,CVE-2020-16024,CVE-2020-16025,CVE-2020-16026,CVE-2020-16027,CVE-2020-16028,CVE-2020-16029,CVE-2020-16030,CVE-2020-16031,CVE-2020-16032,CVE-2020-16033,CVE-2020-16034,CVE-2020-16035,CVE-2020-16036
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    chromium-87.0.4280.66-bp151.3.131.1

Comment 6 Swamp Workflow Management 2020-11-25 14:35:08 UTC

openSUSE-SU-2020:2012-1: An update that fixes 23 vulnerabilities is now available.

Category: security (important)
Bug References: 1178923
CVE References: CVE-2019-8075,CVE-2020-16012,CVE-2020-16014,CVE-2020-16015,CVE-2020-16018,CVE-2020-16019,CVE-2020-16020,CVE-2020-16021,CVE-2020-16022,CVE-2020-16023,CVE-2020-16024,CVE-2020-16025,CVE-2020-16026,CVE-2020-16027,CVE-2020-16028,CVE-2020-16029,CVE-2020-16030,CVE-2020-16031,CVE-2020-16032,CVE-2020-16033,CVE-2020-16034,CVE-2020-16035,CVE-2020-16036
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    chromium-87.0.4280.66-bp152.2.32.1

Comment 7 Swamp Workflow Management 2020-11-25 23:20:30 UTC

openSUSE-SU-2020:2021-1: An update that fixes 23 vulnerabilities is now available.

Category: security (important)
Bug References: 1178923
CVE References: CVE-2019-8075,CVE-2020-16012,CVE-2020-16014,CVE-2020-16015,CVE-2020-16018,CVE-2020-16019,CVE-2020-16020,CVE-2020-16021,CVE-2020-16022,CVE-2020-16023,CVE-2020-16024,CVE-2020-16025,CVE-2020-16026,CVE-2020-16027,CVE-2020-16028,CVE-2020-16029,CVE-2020-16030,CVE-2020-16031,CVE-2020-16032,CVE-2020-16033,CVE-2020-16034,CVE-2020-16035,CVE-2020-16036
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    chromium-87.0.4280.66-lp152.2.51.1

Comment 8 Swamp Workflow Management 2020-11-26 14:16:19 UTC

openSUSE-SU-2020:2026-1: An update that fixes 23 vulnerabilities is now available.

Category: security (important)
Bug References: 1178923
CVE References: CVE-2019-8075,CVE-2020-16012,CVE-2020-16014,CVE-2020-16015,CVE-2020-16018,CVE-2020-16019,CVE-2020-16020,CVE-2020-16021,CVE-2020-16022,CVE-2020-16023,CVE-2020-16024,CVE-2020-16025,CVE-2020-16026,CVE-2020-16027,CVE-2020-16028,CVE-2020-16029,CVE-2020-16030,CVE-2020-16031,CVE-2020-16032,CVE-2020-16033,CVE-2020-16034,CVE-2020-16035,CVE-2020-16036
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    chromium-87.0.4280.66-bp152.2.38.1

Comment 9 Swamp Workflow Management 2020-11-26 17:41:52 UTC

openSUSE-SU-2020:2032-1: An update that fixes 23 vulnerabilities is now available.

Category: security (important)
Bug References: 1178923
CVE References: CVE-2019-8075,CVE-2020-16012,CVE-2020-16014,CVE-2020-16015,CVE-2020-16018,CVE-2020-16019,CVE-2020-16020,CVE-2020-16021,CVE-2020-16022,CVE-2020-16023,CVE-2020-16024,CVE-2020-16025,CVE-2020-16026,CVE-2020-16027,CVE-2020-16028,CVE-2020-16029,CVE-2020-16030,CVE-2020-16031,CVE-2020-16032,CVE-2020-16033,CVE-2020-16034,CVE-2020-16035,CVE-2020-16036
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    chromium-87.0.4280.66-lp151.2.156.1

Comment 10 Swamp Workflow Management 2020-11-26 23:15:08 UTC

openSUSE-SU-2020:2055-1: An update that fixes 23 vulnerabilities is now available.

Category: security (important)
Bug References: 1178923
CVE References: CVE-2019-8075,CVE-2020-16012,CVE-2020-16014,CVE-2020-16015,CVE-2020-16018,CVE-2020-16019,CVE-2020-16020,CVE-2020-16021,CVE-2020-16022,CVE-2020-16023,CVE-2020-16024,CVE-2020-16025,CVE-2020-16026,CVE-2020-16027,CVE-2020-16028,CVE-2020-16029,CVE-2020-16030,CVE-2020-16031,CVE-2020-16032,CVE-2020-16033,CVE-2020-16034,CVE-2020-16035,CVE-2020-16036
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    chromium-87.0.4280.66-bp151.3.137.1

Comment 11 Callum Farmer 2020-11-30 15:24:10 UTC

done

Comment 12 OBSbugzilla Bot 2021-12-15 09:41:02 UTC

This is an autogenerated message for OBS integration:
This bug (1178923) was mentioned in
https://build.opensuse.org/request/show/940663 Backports:SLE-12-SP3 / chromium