Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1737-1 Final 1 1 2020-10-25T18:34:10Z current 2020-10-25T18:34:10Z 2020-10-25T18:34:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: - Update to 86.0.4240.111 boo#1177936 - CVE-2020-16000: Inappropriate implementation in Blink. - CVE-2020-16001: Use after free in media. - CVE-2020-16002: Use after free in PDFium. - CVE-2020-15999: Heap buffer overflow in Freetype. - CVE-2020-16003: Use after free in printing. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1737 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00059.html E-Mail link for openSUSE-SU-2020:1737-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177936 SUSE Bug 1177936 https://www.suse.com/security/cve/CVE-2020-15999/ SUSE CVE CVE-2020-15999 page https://www.suse.com/security/cve/CVE-2020-16000/ SUSE CVE CVE-2020-16000 page https://www.suse.com/security/cve/CVE-2020-16001/ SUSE CVE CVE-2020-16001 page https://www.suse.com/security/cve/CVE-2020-16002/ SUSE CVE CVE-2020-16002 page https://www.suse.com/security/cve/CVE-2020-16003/ SUSE CVE CVE-2020-16003 page openSUSE Leap 15.2 chromedriver-86.0.4240.111-lp152.2.42.1 chromium-86.0.4240.111-lp152.2.42.1 chromedriver-86.0.4240.111-lp152.2.42.1 as a component of openSUSE Leap 15.2 chromium-86.0.4240.111-lp152.2.42.1 as a component of openSUSE Leap 15.2 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 openSUSE Leap 15.2:chromedriver-86.0.4240.111-lp152.2.42.1 openSUSE Leap 15.2:chromium-86.0.4240.111-lp152.2.42.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00059.html https://www.suse.com/security/cve/CVE-2020-15999.html CVE-2020-15999 https://bugzilla.suse.com/1177914 SUSE Bug 1177914 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 https://bugzilla.suse.com/1178824 SUSE Bug 1178824 https://bugzilla.suse.com/1178894 SUSE Bug 1178894 Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16000 openSUSE Leap 15.2:chromedriver-86.0.4240.111-lp152.2.42.1 openSUSE Leap 15.2:chromium-86.0.4240.111-lp152.2.42.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00059.html https://www.suse.com/security/cve/CVE-2020-16000.html CVE-2020-16000 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16001 openSUSE Leap 15.2:chromedriver-86.0.4240.111-lp152.2.42.1 openSUSE Leap 15.2:chromium-86.0.4240.111-lp152.2.42.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00059.html https://www.suse.com/security/cve/CVE-2020-16001.html CVE-2020-16001 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-16002 openSUSE Leap 15.2:chromedriver-86.0.4240.111-lp152.2.42.1 openSUSE Leap 15.2:chromium-86.0.4240.111-lp152.2.42.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00059.html https://www.suse.com/security/cve/CVE-2020-16002.html CVE-2020-16002 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16003 openSUSE Leap 15.2:chromedriver-86.0.4240.111-lp152.2.42.1 openSUSE Leap 15.2:chromium-86.0.4240.111-lp152.2.42.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00059.html https://www.suse.com/security/cve/CVE-2020-16003.html CVE-2020-16003 https://bugzilla.suse.com/1177936 SUSE Bug 1177936