Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202010-1: chromium: multiple issues

    Date
    98
    Posted By
    The package chromium before version 86.0.4240.75-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, information disclosure and insufficient validation.
    Arch Linux Security Advisory ASA-202010-1
    =========================================
    
    Severity: Critical
    Date    : 2020-10-10
    CVE-ID  : CVE-2020-6557  CVE-2020-15967 CVE-2020-15968 CVE-2020-15969
              CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973
              CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977
              CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
              CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985
              CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989
              CVE-2020-15990 CVE-2020-15991 CVE-2020-15992
    Package : chromium
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1238
    
    Summary
    =======
    
    The package chromium before version 86.0.4240.75-1 is vulnerable to
    multiple issues including arbitrary code execution, access restriction
    bypass, information disclosure and insufficient validation.
    
    Resolution
    ==========
    
    Upgrade to 86.0.4240.75-1.
    
    # pacman -Syu "chromium>=86.0.4240.75-1"
    
    The problems have been fixed upstream in version 86.0.4240.75.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-6557 (access restriction bypass)
    
    An inappropriate implementation security issue has been found in the
    networking component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15967 (arbitrary code execution)
    
    A use after free security issue has been found in the payments
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15968 (arbitrary code execution)
    
    A use after free security issue has been found in the Blink component
    of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15969 (arbitrary code execution)
    
    A use after free security issue has been found in the WebRTC component
    of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15970 (arbitrary code execution)
    
    A use after free security issue has been found in the NFC component of
    the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15971 (arbitrary code execution)
    
    A use after free security issue has been found in the printing
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15972 (arbitrary code execution)
    
    A use after free security issue has been found in the audio component
    of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15973 (access restriction bypass)
    
    An insufficient policy enforcement security issue has been found in the
    extensions component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15974 (arbitrary code execution)
    
    An integer overflow security issue has been found in the Blink
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15975 (arbitrary code execution)
    
    An integer overflow security issue has been found in the SwiftShader
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15976 (arbitrary code execution)
    
    A use after free security issue has been found in the WebXR component
    of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15977 (insufficient validation)
    
    An insufficient data validation security issue has been found in the
    dialogs component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15978 (insufficient validation)
    
    An insufficient data validation security issue has been found in the
    navigation component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15979 (access restriction bypass)
    
    An inappropriate implementation security issue has been found in the V8
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15980 (access restriction bypass)
    
    An insufficient policy enforcement security issue has been found in the
    Intents component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15981 (information disclosure)
    
    An out of bounds read security issue has been found in the audio
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15982 (information disclosure)
    
    A side-channel information leakage security issue has been found in the
    cache component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15983 (insufficient validation)
    
    An insufficient data validation security issue has been found in the
    webUI component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15984 (access restriction bypass)
    
    An insufficient policy enforcement security issue has been found in the
    Omnibox component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15985 (access restriction bypass)
    
    An inappropriate implementation security issue has been found in the
    Blink component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15986 (arbitrary code execution)
    
    An integer overflow security issue has been found in the media
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15987 (arbitrary code execution)
    
    A use after free security issue has been found in the WebRTC component
    of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15988 (access restriction bypass)
    
    An insufficient policy enforcement security issue has been found in the
    downloads component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15989 (information disclosure)
    
    An uninitialized use security issue has been found in the PDFium
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15990 (arbitrary code execution)
    
    A use after free security issue has been found in the autofill
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15991 (arbitrary code execution)
    
    A use after free security issue has been found in the password manager
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-15992 (access restriction bypass)
    
    An insufficient policy enforcement security issue has been found in the
    networking component of the chromium browser before 86.0.4240.75.
    
    Impact
    ======
    
    A remote attacker can access sensitive information, bypass security
    measures and execute arbitrary code on the affected host.
    
    References
    ==========
    
    https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
    https://crbug.com/1083278
    https://crbug.com/1127322
    https://crbug.com/1126424
    https://crbug.com/1124659
    https://crbug.com/1108299
    https://crbug.com/1114062
    https://crbug.com/1115901
    https://crbug.com/1106890
    https://crbug.com/1104103
    https://crbug.com/1110800
    https://crbug.com/1123522
    https://crbug.com/1097724
    https://crbug.com/1116280
    https://crbug.com/1127319
    https://crbug.com/1092453
    https://crbug.com/1123023
    https://crbug.com/1039882
    https://crbug.com/1076786
    https://crbug.com/1080395
    https://crbug.com/1099276
    https://crbug.com/1100247
    https://crbug.com/1127774
    https://crbug.com/1092518
    https://crbug.com/1108351
    https://crbug.com/1133671
    https://crbug.com/1133688
    https://crbug.com/1110195
    https://security.archlinux.org/CVE-2020-6557
    https://security.archlinux.org/CVE-2020-15967
    https://security.archlinux.org/CVE-2020-15968
    https://security.archlinux.org/CVE-2020-15969
    https://security.archlinux.org/CVE-2020-15970
    https://security.archlinux.org/CVE-2020-15971
    https://security.archlinux.org/CVE-2020-15972
    https://security.archlinux.org/CVE-2020-15973
    https://security.archlinux.org/CVE-2020-15974
    https://security.archlinux.org/CVE-2020-15975
    https://security.archlinux.org/CVE-2020-15976
    https://security.archlinux.org/CVE-2020-15977
    https://security.archlinux.org/CVE-2020-15978
    https://security.archlinux.org/CVE-2020-15979
    https://security.archlinux.org/CVE-2020-15980
    https://security.archlinux.org/CVE-2020-15981
    https://security.archlinux.org/CVE-2020-15982
    https://security.archlinux.org/CVE-2020-15983
    https://security.archlinux.org/CVE-2020-15984
    https://security.archlinux.org/CVE-2020-15985
    https://security.archlinux.org/CVE-2020-15986
    https://security.archlinux.org/CVE-2020-15987
    https://security.archlinux.org/CVE-2020-15988
    https://security.archlinux.org/CVE-2020-15989
    https://security.archlinux.org/CVE-2020-15990
    https://security.archlinux.org/CVE-2020-15991
    https://security.archlinux.org/CVE-2020-15992
    
    

    Advisories

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.