Bug 1167090 - (CVE-2020-6422) VUL-0: CVE-2020-6422: chromium: multiple security issues fixed in 80.0.3987.149
(CVE-2020-6422)
VUL-0: CVE-2020-6422: chromium: multiple security issues fixed in 80.0.3987.149
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P2 - High : Major (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-03-19 10:56 UTC by Alexandros Toptsoglou
Modified: 2020-03-27 11:17 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-03-19 10:56:24 UTC
This update includes 13 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

High CVE-2020-6422: Use after free in WebGL. 
High CVE-2020-6424: Use after free in media. 
High CVE-2020-6425: Insufficient policy enforcement in extensions. 
High CVE-2020-6426: Inappropriate implementation in V8. 
High CVE-2020-6427: Use after free in audio. 
High CVE-2020-6428: Use after free in audio. 
High CVE-2020-6429: Use after free in audio. 
High CVE-2019-20503: Out of bounds read in usersctplib.
High CVE-2020-6449: Use after free in audio. 
Various fixes from internal audits, fuzzing and other initiatives

https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
Comment 1 Tomáš Chvátal 2020-03-19 12:12:29 UTC
submitted to all codestreams.
Comment 2 Swamp Workflow Management 2020-03-22 14:12:46 UTC
openSUSE-SU-2020:0365-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1167090
CVE References: CVE-2019-20503,CVE-2020-6422,CVE-2020-6424,CVE-2020-6425,CVE-2020-6426,CVE-2020-6427,CVE-2020-6428,CVE-2020-6429,CVE-2020-6449
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-80.0.3987.149-41.1
Comment 3 Swamp Workflow Management 2020-03-22 14:14:04 UTC
openSUSE-SU-2020:0365-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1167090
CVE References: CVE-2019-20503,CVE-2020-6422,CVE-2020-6424,CVE-2020-6425,CVE-2020-6426,CVE-2020-6427,CVE-2020-6428,CVE-2020-6429,CVE-2020-6449
Sources used:
openSUSE Leap 15.1 (src):    chromium-80.0.3987.149-lp151.2.73.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-80.0.3987.149-41.1
Comment 4 Marcus Meissner 2020-03-23 10:33:50 UTC
rteleased
Comment 5 Swamp Workflow Management 2020-03-27 11:17:09 UTC
openSUSE-SU-2020:0389-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1167090
CVE References: CVE-2019-20503,CVE-2020-6422,CVE-2020-6424,CVE-2020-6425,CVE-2020-6426,CVE-2020-6427,CVE-2020-6428,CVE-2020-6429,CVE-2020-6449
Sources used:
openSUSE Backports SLE-15-SP1 (src):    chromium-80.0.3987.149-bp151.3.63.3