Debian Security Advisory DSA Chromium

English

Debian security advisory DSA Chromium.

Several vulnerabilities have been discovered in the chromium web browser.

Chromium is a free and open-source software project from Google.

Debian security advisory DSA Chromium.

Package: chromium
CVE ID:

  • CVE-2020-6423
  • CVE-2020-6430
  • CVE-2020-6431
  • CVE-2020-6432
  • CVE-2020-6433
  • CVE-2020-6434
  • CVE-2020-6435
  • CVE-2020-6436
  • CVE-2020-6437
  • CVE-2020-6438
  • CVE-2020-6439
  • CVE-2020-6440
  • CVE-2020-6441
  • CVE-2020-6442
  • CVE-2020-6443
  • CVE-2020-6444
  • CVE-2020-6445
  • CVE-2020-6446
  • CVE-2020-6447
  • CVE-2020-6448
  • CVE-2020-6454
  • CVE-2020-6455
  • CVE-2020-6456
  • CVE-2020-6457
  • CVE-2020-6458
  • CVE-2020-6459
  • CVE-2020-6460
  • CVE-2020-6461
  • CVE-2020-6462
  • CVE-2020-6463
  • CVE-2020-6464
  • CVE-2020-6465
  • CVE-2020-6466
  • CVE-2020-6467
  • CVE-2020-6468
  • CVE-2020-6469
  • CVE-2020-6470
  • CVE-2020-6471
  • CVE-2020-6472
  • CVE-2020-6473
  • CVE-2020-6474
  • CVE-2020-6475
  • CVE-2020-6476
  • CVE-2020-6478
  • CVE-2020-6479
  • CVE-2020-6480
  • CVE-2020-6481
  • CVE-2020-6482
  • CVE-2020-6483
  • CVE-2020-6484
  • CVE-2020-6485
  • CVE-2020-6486
  • CVE-2020-6487
  • CVE-2020-6488
  • CVE-2020-6489
  • CVE-2020-6490
  • CVE-2020-6491
  • CVE-2020-6493
  • CVE-2020-6494
  • CVE-2020-6495
  • CVE-2020-6496
  • CVE-2020-6497
  • CVE-2020-6498
  • CVE-2020-6505
  • CVE-2020-6506
  • CVE-2020-6507
  • CVE-2020-6509
  • CVE-2020-6831

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2020-6423:

A use-after-free issue was found in the audio implementation.

CVE-2020-6430:

Avihay Cohen discovered a type confusion issue in the v8 javascript library.

CVE-2020-6431:

Luan Herrera discovered a policy enforcement error.

CVE-2020-6432:

Luan Herrera discovered a policy enforcement error.

CVE-2020-6433:

Luan Herrera discovered a policy enforcement error in extensions.

CVE-2020-6434:

HyungSeok Han discovered a use-after-free issue in the developer tools.

CVE-2020-6435:

Sergei Glazunov discovered a policy enforcement error in extensions.

CVE-2020-6436:

Igor Bukanov discovered a use-after-free issue.

CVE-2020-6437:

Jann Horn discovered an implementation error in WebView.

CVE-2020-6438:

Ng Yik Phang discovered a policy enforcement error in extensions.

CVE-2020-6439:

remkoboonstra discovered a policy enforcement error.

CVE-2020-6440:

David Erceg discovered an implementation error in extensions.

CVE-2020-6441:

David Erceg discovered a policy enforcement error.

CVE-2020-6442:

B@rMey discovered an implementation error in the page cache.

CVE-2020-6443:

@lovasoa discovered an implementation error in the developer tools.

CVE-2020-6444:

mlfbrown discovered an uninitialized variable in the WebRTC implementation.

CVE-2020-6445:

Jun Kokatsu discovered a policy enforcement error.

CVE-2020-6446:

Jun Kokatsu discovered a policy enforcement error.

CVE-2020-6447:

David Erceg discovered an implementation error in the developer tools.

CVE-2020-6448:

Guang Gong discovered a use-after-free issue in the v8 javascript library.

CVE-2020-6454:

Leecraso and Guang Gong discovered a use-after-free issue in extensions.

CVE-2020-6455:

Nan Wang and Guang Gong discovered an out-of-bounds read issue in the WebSQL implementation.

CVE-2020-6456:

Michał Bentkowski discovered insufficient validation of untrusted input.

CVE-2020-6457:

Leecraso and Guang Gong discovered a use-after-free issue in the speech recognizer.

CVE-2020-6458:

Aleksandar Nikolic discoved an out-of-bounds read and write issue in the pdfium library.

CVE-2020-6459:

Zhe Jin discovered a use-after-free issue in the payments implementation.

CVE-2020-6460:

It was discovered that URL formatting was insufficiently validated.

CVE-2020-6461:

Zhe Jin discovered a use-after-free issue.

CVE-2020-6462:

Zhe Jin discovered a use-after-free issue in task scheduling.

CVE-2020-6463:

Pawel Wylecial discovered a use-after-free issue in the ANGLE library.

CVE-2020-6464:

Looben Yang discovered a type confusion issue in Blink/Webkit.

CVE-2020-6465:

Woojin Oh discovered a use-after-free issue.

CVE-2020-6466:

Zhe Jin discovered a use-after-free issue.

CVE-2020-6467:

ZhanJia Song discovered a use-after-free issue in the WebRTC implementation.

CVE-2020-6468:

Chris Salls and Jake Corina discovered a type confusion issue in the v8 javascript library.

CVE-2020-6469:

David Erceg discovered a policy enforcement error in the developer tools.

CVE-2020-6470:

Michał Bentkowski discovered insufficient validation of untrusted input.

CVE-2020-6471:

David Erceg discovered a policy enforcement error in the developer tools.

CVE-2020-6472:

David Erceg discovered a policy enforcement error in the developer tools.

CVE-2020-6473:

Soroush Karami and Panagiotis Ilia discovered a policy enforcement error in Blink/Webkit.

CVE-2020-6474:

Zhe Jin discovered a use-after-free issue in Blink/Webkit.

CVE-2020-6475:

Khalil Zhani discovered a user interface error.

CVE-2020-6476:

Alexandre Le Borgne discovered a policy enforcement error.

CVE-2020-6478:

Khalil Zhani discovered an implementation error in full screen mode.

CVE-2020-6479:

Zhong Zhaochen discovered an implementation error.

CVE-2020-6480:

Marvin Witt discovered a policy enforcement error.

CVE-2020-6481:

Rayyan Bijoora discovered a policy enforcement error.

CVE-2020-6482:

Abdulrahman Alqabandi discovered a policy enforcement error in the developer tools.

CVE-2020-6483:

Jun Kokatsu discovered a policy enforcement error in payments.

CVE-2020-6484:

Artem Zinenko discovered insufficient validation of user data in the ChromeDriver implementation.

CVE-2020-6485:

Sergei Glazunov discovered a policy enforcement error.

CVE-2020-6486:

David Erceg discovered a policy enforcement error.

CVE-2020-6487:

Jun Kokatsu discovered a policy enforcement error.

CVE-2020-6488:

David Erceg discovered a policy enforcement error.

CVE-2020-6489:

@lovasoa discovered an implementation error in the developer tools.

CVE-2020-6490:

Insufficient validation of untrusted data was discovered.

CVE-2020-6491:

Sultan Haikal discovered a user interface error.

CVE-2020-6493:

A use-after-free issue was discovered in the WebAuthentication implementation.

CVE-2020-6494:

Juho Nurimen discovered a user interface error.

CVE-2020-6495:

David Erceg discovered a policy enforcement error in the developer tools.

CVE-2020-6496:

Khalil Zhani discovered a use-after-free issue in payments.

CVE-2020-6497:

Rayyan Bijoora discovered a policy enforcement issue.

CVE-2020-6498:

Rayyan Bijoora discovered a user interface error.

CVE-2020-6505:

Khalil Zhani discovered a use-after-free issue.

CVE-2020-6506:

Alesandro Ortiz discovered a policy enforcement error.

CVE-2020-6507:

Sergei Glazunov discovered an out-of-bounds write issue in the v8 javascript library.

CVE-2020-6509:

A use-after-free issue was discovered in extensions.

CVE-2020-6831:

Natalie Silvanovich discovered a buffer overflow issue in the SCTP library.

For the oldstable distribution (stretch), security support for chromium has been discontinued.

For the stable distribution (buster), these problems have been fixed in version 83.0.4103.116-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its security tracker page.

Featured Sponsors

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.