ArchLinux: 202001-5: chromium: multiple issues

    Date16 Jan 2020
    249
    Posted ByLinuxSecurity Advisories
    The package chromium before version 79.0.3945.130-1 is vulnerable to multiple issues including arbitrary code execution and insufficient validation.
    Arch Linux Security Advisory ASA-202001-5
    =========================================
    
    Severity: Critical
    Date    : 2020-01-17
    CVE-ID  : CVE-2020-6378 CVE-2020-6379 CVE-2020-6380
    Package : chromium
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1088
    
    Summary
    =======
    
    The package chromium before version 79.0.3945.130-1 is vulnerable to
    multiple issues including arbitrary code execution and insufficient
    validation.
    
    Resolution
    ==========
    
    Upgrade to 79.0.3945.130-1.
    
    # pacman -Syu "chromium>=79.0.3945.130-1"
    
    The problems have been fixed upstream in version 79.0.3945.130.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-6378 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the speech recognizer
    component of the chromium browser before 79.0.3945.130.
    
    - CVE-2020-6379 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the speech recognizer
    component of the chromium browser before 79.0.3945.130.
    
    - CVE-2020-6380 (insufficient validation)
    
    An extension message verification error has been found in the chromium
    browser before 79.0.3945.130.
    
    Impact
    ======
    
    A remote attacker can bypass security measures or execute arbitrary
    code on the affected host.
    
    References
    ==========
    
    https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html
    https://crbug.com/1018677
    https://crbug.com/1033407
    https://crbug.com/1032170
    https://security.archlinux.org/CVE-2020-6378
    https://security.archlinux.org/CVE-2020-6379
    https://security.archlinux.org/CVE-2020-6380
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"30","type":"x","order":"1","pct":90.91,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":6.06,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":3.03,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.