ArchLinux: 202012-14: chromium: multiple issues
Summary
- CVE-2020-16037 (arbitrary code execution)
A use after free security issue has been found in the clipboard
component of the chromium browser before version 87.0.4280.88.
- CVE-2020-16038 (arbitrary code execution)
A use after free security issue has been found in the media component
of the chromium browser before version 87.0.4280.88.
- CVE-2020-16039 (arbitrary code execution)
A use after free security issue has been found in the extensions
component of the chromium browser before version 87.0.4280.88.
- CVE-2020-16040 (insufficient validation)
An insufficient data validation security issue has been found in the V8
component of the chromium browser before version 87.0.4280.88.
- CVE-2020-16041 (denial of service)
An out of bounds read security issue has been found in the networking
component of the chromium browser before version 87.0.4280.88.
- CVE-2020-16042 (information disclosure)
An uninitialized use security issue has been found in the V8 component
of the chromium browser before version 87.0.4280.88 and Firefox before
84.0.
Resolution
Upgrade to 87.0.4280.88-1.
# pacman -Syu "chromium>=87.0.4280.88-1"
The problems have been fixed upstream in version 87.0.4280.88.
References
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042 https://bugzilla.mozilla.org/show_bug.cgi?id=1679003 https://security.archlinux.org/CVE-2020-16037 https://security.archlinux.org/CVE-2020-16038 https://security.archlinux.org/CVE-2020-16039 https://security.archlinux.org/CVE-2020-16040 https://security.archlinux.org/CVE-2020-16041 https://security.archlinux.org/CVE-2020-16042
Workaround
None.