Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202011-2: chromium: multiple issues

    Date 03 Nov 2020
    492
    Posted By LinuxSecurity Advisories
    The package chromium before version 86.0.4240.183-1 is vulnerable to multiple issues including arbitrary code execution and privilege escalation.
    Arch Linux Security Advisory ASA-202011-2
    =========================================
    
    Severity: Critical
    Date    : 2020-11-03
    CVE-ID  : CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007
              CVE-2020-16008 CVE-2020-16009
    Package : chromium
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1261
    
    Summary
    =======
    
    The package chromium before version 86.0.4240.183-1 is vulnerable to
    multiple issues including arbitrary code execution and privilege
    escalation.
    
    Resolution
    ==========
    
    Upgrade to 86.0.4240.183-1.
    
    # pacman -Syu "chromium>=86.0.4240.183-1"
    
    The problems have been fixed upstream in version 86.0.4240.183.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-16004 (arbitrary code execution)
    
    A use after free security issue has been found in the user interface
    component of the chromium browser before 86.0.4240.75.
    
    - CVE-2020-16005 (arbitrary code execution)
    
    An insufficient policy enforcement security issue has been found in the
    ANGLE component of the chromium browser before 86.0.4240.75, allowing a
    remote attacker to potentially exploit heap corruption via a crafted
    HTML page.
    
    - CVE-2020-16006 (arbitrary code execution)
    
    An inappropriate implementation security issue has been found in the V8
    component of the chromium browser before 86.0.4240.75, allowing a
    remote attacker to potentially exploit heap corruption via a crafted
    HTML page.
    
    - CVE-2020-16007 (privilege escalation)
    
    An insufficient data validation security issue has been found in the
    installer component of the chromium browser before 86.0.4240.75,
    allowing a local attacker to potentially elevate privilege via a
    crafted filesystem.
    
    - CVE-2020-16008 (arbitrary code execution)
    
    A stack-based buffer overflow security issue has been found in the
    WebRTC component of the chromium browser before 86.0.4240.75
    
    - CVE-2020-16009 (arbitrary code execution)
    
    An inappropriate implementation security issue has been found in the V8
    component of the chromium browser before 86.0.4240.75. Google is aware
    of reports that an exploit for this issue exists in the wild.
    
    Impact
    ======
    
    A remote attacker can bypass security measures and execute arbitrary
    code.
    
    References
    ==========
    
    https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
    https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
    https://crbug.com/1138911
    https://crbug.com/1139398
    https://crbug.com/1133527
    https://crbug.com/1125018
    https://crbug.com/1134107
    https://crbug.com/1143772
    https://security.archlinux.org/CVE-2020-16004
    https://security.archlinux.org/CVE-2020-16005
    https://security.archlinux.org/CVE-2020-16006
    https://security.archlinux.org/CVE-2020-16007
    https://security.archlinux.org/CVE-2020-16008
    https://security.archlinux.org/CVE-2020-16009
    
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.