Security update of chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1161-1 Final 1 1 2020-08-07T12:33:03Z current 2020-08-07T12:33:03Z 2020-08-07T12:33:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update of chromium Chromium was updated to 84.0.4147.105 (boo#1174582): * CVE-2020-6537: Type Confusion in V8 * CVE-2020-6538: Inappropriate implementation in WebView * CVE-2020-6532: Use after free in SCTP * CVE-2020-6539: Use after free in CSS * CVE-2020-6540: Heap buffer overflow in Skia * CVE-2020-6541: Use after free in WebUSB This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1161 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00013.html E-Mail link for openSUSE-SU-2020:1161-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1174582 SUSE Bug 1174582 https://www.suse.com/security/cve/CVE-2020-6532/ SUSE CVE CVE-2020-6532 page https://www.suse.com/security/cve/CVE-2020-6537/ SUSE CVE CVE-2020-6537 page https://www.suse.com/security/cve/CVE-2020-6538/ SUSE CVE CVE-2020-6538 page https://www.suse.com/security/cve/CVE-2020-6539/ SUSE CVE CVE-2020-6539 page https://www.suse.com/security/cve/CVE-2020-6540/ SUSE CVE CVE-2020-6540 page https://www.suse.com/security/cve/CVE-2020-6541/ SUSE CVE CVE-2020-6541 page SUSE Package Hub 15 SP1 chromedriver-84.0.4147.105-bp151.3.97.1 chromium-84.0.4147.105-bp151.3.97.1 chromedriver-84.0.4147.105-bp151.3.97.1 as a component of SUSE Package Hub 15 SP1 chromium-84.0.4147.105-bp151.3.97.1 as a component of SUSE Package Hub 15 SP1 Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6532 SUSE Package Hub 15 SP1:chromedriver-84.0.4147.105-bp151.3.97.1 SUSE Package Hub 15 SP1:chromium-84.0.4147.105-bp151.3.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00013.html https://www.suse.com/security/cve/CVE-2020-6532.html CVE-2020-6532 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2020-6537 SUSE Package Hub 15 SP1:chromedriver-84.0.4147.105-bp151.3.97.1 SUSE Package Hub 15 SP1:chromium-84.0.4147.105-bp151.3.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00013.html https://www.suse.com/security/cve/CVE-2020-6537.html CVE-2020-6537 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6538 SUSE Package Hub 15 SP1:chromedriver-84.0.4147.105-bp151.3.97.1 SUSE Package Hub 15 SP1:chromium-84.0.4147.105-bp151.3.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00013.html https://www.suse.com/security/cve/CVE-2020-6538.html CVE-2020-6538 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6539 SUSE Package Hub 15 SP1:chromedriver-84.0.4147.105-bp151.3.97.1 SUSE Package Hub 15 SP1:chromium-84.0.4147.105-bp151.3.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00013.html https://www.suse.com/security/cve/CVE-2020-6539.html CVE-2020-6539 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6540 SUSE Package Hub 15 SP1:chromedriver-84.0.4147.105-bp151.3.97.1 SUSE Package Hub 15 SP1:chromium-84.0.4147.105-bp151.3.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00013.html https://www.suse.com/security/cve/CVE-2020-6540.html CVE-2020-6540 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6541 SUSE Package Hub 15 SP1:chromedriver-84.0.4147.105-bp151.3.97.1 SUSE Package Hub 15 SP1:chromium-84.0.4147.105-bp151.3.97.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00013.html https://www.suse.com/security/cve/CVE-2020-6541.html CVE-2020-6541 https://bugzilla.suse.com/1174582 SUSE Bug 1174582