1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4714-1] chromium security update (1/2)

    From Michael Gilbert@1:229/2 to All on Thu Jul 2 04:00:02 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4714-1 [email protected] https://www.debian.org/security/ Michael Gilbert
    July 01, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium
    CVE ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432
    CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
    CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440
    CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444
    CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448
    CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457
    CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461
    CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465
    CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469
    CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473
    CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478
    CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482
    CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486
    CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490
    CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495
    CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505
    CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2020-6423

    A use-after-free issue was found in the audio implementation.

    CVE-2020-6430

    Avihay Cohen discovered a type confusion issue in the v8 javascript
    library.

    CVE-2020-6431

    Luan Herrera discovered a policy enforcement error.

    CVE-2020-6432

    Luan Herrera discovered a policy enforcement error.

    CVE-2020-6433

    Luan Herrera discovered a policy enforcement error in extensions.

    CVE-2020-6434

    HyungSeok Han discovered a use-after-free issue in the developer tools.

    CVE-2020-6435

    Sergei Glazunov discovered a policy enforcement error in extensions.

    CVE-2020-6436

    Igor Bukanov discovered a use-after-free issue.

    CVE-2020-6437

    Jann Horn discovered an implementation error in WebView.

    CVE-2020-6438

    Ng Yik Phang discovered a policy enforcement error in extensions.

    CVE-2020-6439

    remkoboonstra discovered a policy enforcement error.

    CVE-2020-6440

    David Erceg discovered an implementation error in extensions.

    CVE-2020-6441

    David Erceg discovered a policy enforcement error.

    CVE-2020-6442

    B@rMey discovered an implementation error in the page cache.

    CVE-2020-6443

    @lovasoa discovered an implementation error in the developer tools.

    CVE-2020-6444

    mlfbrown discovered an uninitialized variable in the WebRTC
    implementation.

    CVE-2020-6445

    Jun Kokatsu discovered a policy enforcement error.

    CVE-2020-6446

    Jun Kokatsu discovered a policy enforcement error.

    CVE-2020-6447

    David Erceg discovered an implementation error in the developer tools.

    CVE-2020-6448

    Guang Gong discovered a use-after-free issue in the v8 javascript library.

    CVE-2020-6454

    Leecraso and Guang Gong discovered a use-after-free issue in extensions.

    CVE-2020-6455

    Nan Wang and Guang Gong discovered an out-of-bounds read issue in the
    WebSQL implementation.

    CVE-2020-6456

    MichaƂ Bentkowski discovered insufficient validation of untrusted input.

    CVE-2020-6457

    Leecraso and Guang Gong discovered a use-after-free issue in the speech
    recognizer.

    CVE-2020-6458

    Aleksandar Nikolic discoved an out-of-bounds read and write issue in the
    pdfium library.

    CVE-2020-6459

    Zhe Jin discovered a use-after-free issue in the payments implementation.

    CVE-2020-6460

    It was discovered that URL formatting was insufficiently validated.

    CVE-2020-6461

    Zhe Jin discovered a use-after-free issue.

    CVE-2020-6462

    Zhe Jin discovered a use-after-free issue in task scheduling.

    CVE-2020-6463

    Pawel Wylecial discovered a use-after-free issue in the ANGLE library.

    CVE-2020-6464

    Looben Yang discovered a type confusion issue in Blink/Webkit.

    CVE-2020-6465

    Woojin Oh discovered a use-after-free issue.

    CVE-2020-6466

    Zhe Jin discovered a use-after-free issue.

    CVE-2020-6467

    ZhanJia Song discovered a use-after-free issue in the WebRTC
    implementation.


    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)