Arch Linux Security Advisory ASA-202002-3
=========================================

Severity: Critical
Date    : 2020-02-06
CVE-ID  : CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 CVE-2019-19925
          CVE-2019-19926 CVE-2020-6381  CVE-2020-6382  CVE-2020-6385
          CVE-2020-6387  CVE-2020-6388  CVE-2020-6389  CVE-2020-6390
          CVE-2020-6391  CVE-2020-6392  CVE-2020-6393  CVE-2020-6394
          CVE-2020-6395  CVE-2020-6396  CVE-2020-6397  CVE-2020-6398
          CVE-2020-6399  CVE-2020-6400  CVE-2020-6401  CVE-2020-6402
          CVE-2020-6403  CVE-2020-6404  CVE-2020-6405  CVE-2020-6406
          CVE-2020-6408  CVE-2020-6409  CVE-2020-6410  CVE-2020-6411
          CVE-2020-6412  CVE-2020-6413  CVE-2020-6414  CVE-2020-6415
          CVE-2020-6416
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1092

Summary
=======

The package chromium before version 80.0.3987.87-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, information disclosure, insufficient validation and content
spoofing.

Resolution
==========

Upgrade to 80.0.3987.87-1.

# pacman -Syu "chromium>=80.0.3987.87-1"

The problems have been fixed upstream in version 80.0.3987.87.

Workaround
==========

None.

Description
===========

- CVE-2019-18197 (insufficient validation)

Multiple vulnerabilities have been found in the xml component of the
chromium browser before 80.0.3987.8.

- CVE-2019-19880 (insufficient validation)

Multiple vulnerabilities have been found in the SQLite component of the
chromium browser before 80.0.3987.8.

- CVE-2019-19923 (information disclosure)

An out of bounds memory access has been found in the SQLite component
of the chromium browser before 80.0.3987.8.

- CVE-2019-19925 (insufficient validation)

Multiple vulnerabilities have been found in the SQLite component of the
chromium browser before 80.0.3987.8.

- CVE-2019-19926 (insufficient validation)

An inappropriate implementation security issue has been found in the
SQLite component of the chromium browser before 80.0.3987.8.

- CVE-2020-6381 (arbitrary code execution)

An integer overflow security issue has been found in the javascript
component of the chromium browser before 80.0.3987.8.

- CVE-2020-6382 (arbitrary code execution)

A type confusion security issue has been found in the javascript
component of the chromium browser before 80.0.3987.8.

- CVE-2020-6385 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
storage component of the chromium browser before 80.0.3987.8.

- CVE-2020-6387 (arbitrary code execution)

An out of bounds write has been found in the WebRTC component of the
chromium browser before 80.0.3987.8.

- CVE-2020-6388 (information disclosure)

An out of bounds memory access has been found in the WebAudio component
of the chromium browser before 80.0.3987.8.

- CVE-2020-6389 (arbitrary code execution)

An out of bounds write has been found in the WebRTC component of the
chromium browser before 80.0.3987.8.

- CVE-2020-6390 (information disclosure)

An out of bounds memory access has been found in the streams component
of the chromium browser before 80.0.3987.8.

- CVE-2020-6391 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the Blink component of the chromium browser before
80.0.3987.8.

- CVE-2020-6392 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Extensions component of the chromium browser before 80.0.3987.8.

- CVE-2020-6393 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.

- CVE-2020-6394 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.

- CVE-2020-6395 (information disclosure)

An out of bounds read has been found in the javascript component of the
chromium browser before 80.0.3987.8.

- CVE-2020-6396 (access restriction bypass)

An inappropriate implementation security issue has been found in the
Skia component of the chromium browser before 80.0.3987.8.

- CVE-2020-6397 (content spoofing)

An incorrect security UI issue has been found in the sharing component
of the chromium browser before 80.0.3987.8.

- CVE-2020-6398 (information disclosure)

An uninitialized use has been found in the PDFium component of the
chromium browser before 80.0.3987.8.

- CVE-2020-6399 (access restriction bypass)

An insufficient policy enforcement issue has been found in the AppCache
component of the chromium browser before 80.0.3987.8.

- CVE-2020-6400 (access restriction bypass)

An inappropriate implementation issue has been found in the CORS
component of the chromium browser before 80.0.3987.8.

- CVE-2020-6401 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the OmniBox component of the chromium browser before
80.0.3987.8.

- CVE-2020-6402 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Downloads component of the chromium browser before 80.0.3987.8.

- CVE-2020-6403 (content spoofing)

A incorrect security UI issue has been found in the OmniBox component
of the chromium browser before 80.0.3987.8.

- CVE-2020-6404 (access restriction bypass)

An inappropriate implementation security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.

- CVE-2020-6405 (information disclosure)

An out of bounds read has been found in the SQLite component of the
chromium browser before 80.0.3987.8.

- CVE-2020-6406 (arbitrary code execution)

A use-after-free security issue has been found in the Audio component
of the chromium browser before 80.0.3987.8.

- CVE-2020-6408 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
CORS component of the chromium browser before 80.0.3987.8.

- CVE-2020-6409 (access restriction bypass)

An inappropriate implementation security issue has been found in the
OmniBox component of the chromium browser before 80.0.3987.8.

- CVE-2020-6410 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
navigation component of the chromium browser before 80.0.3987.8.

- CVE-2020-6411 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the OmniBox component of the chromium browser before
80.0.3987.8.

- CVE-2020-6412 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the OmniBox component of the chromium browser before
80.0.3987.8.

- CVE-2020-6413 (access restriction bypass)

An inappropriate implementation security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.

- CVE-2020-6414 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Safe Browsing component of the chromium browser before 80.0.3987.8.

- CVE-2020-6415 (access restriction bypass)

An inappropriate implementation security issue has been found in the
javascript component of the chromium browser before 80.0.3987.8.

- CVE-2020-6416 (insufficient validation)

An insufficient data validation security issue has been found in the
streams component of the chromium browser before 80.0.3987.8.

Impact
======

A remote attacker can bypass security measures, access sensitive
information, spoof the content of parts of the UI or execute arbitrary
code on the affected host.

References
==========

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
https://crbug.com/1020745
https://crbug.com/1038863
https://crbug.com/1042578
https://crbug.com/1042700
https://crbug.com/1034394
https://crbug.com/1031909
https://crbug.com/1035399
https://crbug.com/1042535
https://crbug.com/1042879
https://crbug.com/1042933
https://crbug.com/1045874
https://crbug.com/1017871
https://crbug.com/1030411
https://crbug.com/1035058
https://crbug.com/1014371
https://crbug.com/1022855
https://crbug.com/1035271
https://crbug.com/1027408
https://crbug.com/1032090
https://crbug.com/1039869
https://crbug.com/1038036
https://crbug.com/1017707
https://crbug.com/1029375
https://crbug.com/1006012
https://crbug.com/1024256
https://crbug.com/1042145
https://crbug.com/1042254
https://crbug.com/1026546
https://crbug.com/1037889
https://crbug.com/881675
https://crbug.com/929711
https://crbug.com/968505
https://crbug.com/1005713
https://crbug.com/1021855
https://crbug.com/1029576
https://crbug.com/1031895
https://security.archlinux.org/CVE-2019-18197
https://security.archlinux.org/CVE-2019-19880
https://security.archlinux.org/CVE-2019-19923
https://security.archlinux.org/CVE-2019-19925
https://security.archlinux.org/CVE-2019-19926
https://security.archlinux.org/CVE-2020-6381
https://security.archlinux.org/CVE-2020-6382
https://security.archlinux.org/CVE-2020-6385
https://security.archlinux.org/CVE-2020-6387
https://security.archlinux.org/CVE-2020-6388
https://security.archlinux.org/CVE-2020-6389
https://security.archlinux.org/CVE-2020-6390
https://security.archlinux.org/CVE-2020-6391
https://security.archlinux.org/CVE-2020-6392
https://security.archlinux.org/CVE-2020-6393
https://security.archlinux.org/CVE-2020-6394
https://security.archlinux.org/CVE-2020-6395
https://security.archlinux.org/CVE-2020-6396
https://security.archlinux.org/CVE-2020-6397
https://security.archlinux.org/CVE-2020-6398
https://security.archlinux.org/CVE-2020-6399
https://security.archlinux.org/CVE-2020-6400
https://security.archlinux.org/CVE-2020-6401
https://security.archlinux.org/CVE-2020-6402
https://security.archlinux.org/CVE-2020-6403
https://security.archlinux.org/CVE-2020-6404
https://security.archlinux.org/CVE-2020-6405
https://security.archlinux.org/CVE-2020-6406
https://security.archlinux.org/CVE-2020-6408
https://security.archlinux.org/CVE-2020-6409
https://security.archlinux.org/CVE-2020-6410
https://security.archlinux.org/CVE-2020-6411
https://security.archlinux.org/CVE-2020-6412
https://security.archlinux.org/CVE-2020-6413
https://security.archlinux.org/CVE-2020-6414
https://security.archlinux.org/CVE-2020-6415
https://security.archlinux.org/CVE-2020-6416