Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202009-6: chromium: multiple issues

    Date
    257
    Posted By
    The package chromium before version 85.0.4183.102-1 is vulnerable to multiple issues including access restriction bypass and arbitrary code execution.
    Arch Linux Security Advisory ASA-202009-6
    =========================================
    
    Severity: High
    Date    : 2020-09-09
    CVE-ID  : CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576
              CVE-2020-6579
    Package : chromium
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1225
    
    Summary
    =======
    
    The package chromium before version 85.0.4183.102-1 is vulnerable to
    multiple issues including access restriction bypass and arbitrary code
    execution.
    
    Resolution
    ==========
    
    Upgrade to 85.0.4183.102-1.
    
    # pacman -Syu "chromium>=85.0.4183.102-1"
    
    The problems have been fixed upstream in version 85.0.4183.102.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-6573 (arbitrary code execution)
    
    A use after free security issue has been found in the video component
    of the chromium browser before 85.0.4183.102.
    
    - CVE-2020-6574 (access restriction bypass)
    
    An insufficient policy enforcement security issue has been found in the
    installer component of the chromium browser before 85.0.4183.102.
    
    - CVE-2020-6575 (access restriction bypass)
    
    A race security issue has been found in the Mojo component of the
    chromium browser before 85.0.4183.102.
    
    - CVE-2020-6576 (arbitrary code execution)
    
    A use after free security issue has been found in the offscreen canvas
    component of the chromium browser before 85.0.4183.102.
    
    - CVE-2020-6579 (access restriction bypass)
    
    An insufficient policy enforcement security issue has been found in the
    networking component of the chromium browser before 85.0.4183.102.
    
    Impact
    ======
    
    A remote attacker might be able to bypass security measures or execute
    arbitrary code.
    
    References
    ==========
    
    https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html
    https://crbug.com/1116304
    https://crbug.com/1102196
    https://crbug.com/1081874
    https://crbug.com/1111737
    https://crbug.com/1122684
    https://security.archlinux.org/CVE-2020-6573
    https://security.archlinux.org/CVE-2020-6574
    https://security.archlinux.org/CVE-2020-6575
    https://security.archlinux.org/CVE-2020-6576
    https://security.archlinux.org/CVE-2020-6579
    

    Advisories

    LinuxSecurity Poll

    Tails is the most secure Linux distro out there.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/41-ubuntu-is-a-more-secure-distro-than-fedora?task=poll.vote&format=json
    41
    radio
    [{"id":"142","title":"Yes - Tails get my vote!","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"143","title":"Nope - Parrot OS has surpassed Tails in its security and privacy.","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.