[ASA-202004-9] chromium: multiple issues

Remi Gacogne rgacogne at archlinux.org
Fri Apr 10 12:30:21 UTC 2020


Arch Linux Security Advisory ASA-202004-9
=========================================

Severity: High
Date    : 2020-04-08
CVE-ID  : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432
          CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
          CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440
          CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444
          CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448
          CVE-2020-6454 CVE-2020-6455 CVE-2020-6456
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1128

Summary
=======

The package chromium before version 81.0.4044.92-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure, access restriction bypass and insufficient validation.

Resolution
==========

Upgrade to 81.0.4044.92-1.

# pacman -Syu "chromium>=81.0.4044.92-1"

The problems have been fixed upstream in version 81.0.4044.92.

Workaround
==========

None.

Description
===========

- CVE-2020-6423 (arbitrary code execution)

A use after free security issue has been found in the audio component
of the chromium browser before 81.0.4044.92.

- CVE-2020-6430 (arbitrary code execution)

A type confusion security issue has been found in the V8 component of
the chromium browser before 81.0.4044.92.

- CVE-2020-6431 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
full screen component of the chromium browser before 81.0.4044.92.

- CVE-2020-6432 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
navigations component of the chromium browser before 81.0.4044.92.

- CVE-2020-6433 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.

- CVE-2020-6434 (arbitrary code execution)

A use-after-free security issue has been found in the devtools
component of the chromium browser before 81.0.4044.92.

- CVE-2020-6435 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.

- CVE-2020-6436 (arbitrary code execution)

A use-after-free security issue has been found in the window management
component of the chromium browser before 81.0.4044.92.

- CVE-2020-6437 (access restriction bypass)

An inappropriate implementation security issue has been found in the
WebView component of the chromium browser before 81.0.4044.92.

- CVE-2020-6438 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.

- CVE-2020-6439 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
navigations component of the chromium browser before 81.0.4044.92.

- CVE-2020-6440 (access restriction bypass)

An inappropriate implementation security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.

- CVE-2020-6441 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
omnibox component of the chromium browser before 81.0.4044.92.

- CVE-2020-6442 (access restriction bypass)

An inappropriate implementation security issue has been found in the
cache component of the chromium browser before 81.0.4044.92.

- CVE-2020-6443 (insufficient validation)

An insufficient data validation security issue has been found in the
developer tools component of the chromium browser before 81.0.4044.92.

- CVE-2020-6444 (information disclosure)

An uninitialized memory use issue has been found in the WebRTC
component of the chromium browser before 81.0.4044.92.

- CVE-2020-6445 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
trusted types component of the chromium browser before 81.0.4044.92.

- CVE-2020-6446 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
trusted types component of the chromium browser before 81.0.4044.92.

- CVE-2020-6447 (access restriction bypass)

An inappropriate implementation security issue has been found in the
developer tools component of the chromium browser before 81.0.4044.92.

- CVE-2020-6448 (arbitrary code execution)

A use-after-free security issue has been found in the V8 component of
the chromium browser before 81.0.4044.92.

- CVE-2020-6454 (arbitrary code execution)

A use after free security issue has been found in the extensions
component of the chromium browser before 81.0.4044.92.

- CVE-2020-6455 (information disclosure)

A out of bounds read security issue has been found in the WebSQL
component of the chromium browser before 81.0.4044.92.

- CVE-2020-6456 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the clipboard component of the chromium browser before
81.0.4044.92.

Impact
======

A remote attacker might be able to access sensitive information, bypass
security measures or execute arbitrary code.

References
==========

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
https://crbug.com/1043446
https://crbug.com/1031479
https://crbug.com/852645
https://crbug.com/965611
https://crbug.com/1043965
https://crbug.com/1048555
https://crbug.com/1032158
https://crbug.com/1034519
https://crbug.com/639173
https://crbug.com/714617
https://crbug.com/868145
https://crbug.com/894477
https://crbug.com/959571
https://crbug.com/1013906
https://crbug.com/1040080
https://crbug.com/922882
https://crbug.com/933171
https://crbug.com/933172
https://crbug.com/991217
https://crbug.com/1037872
https://crbug.com/1019161
https://crbug.com/1059669
https://crbug.com/1040755
https://security.archlinux.org/CVE-2020-6423
https://security.archlinux.org/CVE-2020-6430
https://security.archlinux.org/CVE-2020-6431
https://security.archlinux.org/CVE-2020-6432
https://security.archlinux.org/CVE-2020-6433
https://security.archlinux.org/CVE-2020-6434
https://security.archlinux.org/CVE-2020-6435
https://security.archlinux.org/CVE-2020-6436
https://security.archlinux.org/CVE-2020-6437
https://security.archlinux.org/CVE-2020-6438
https://security.archlinux.org/CVE-2020-6439
https://security.archlinux.org/CVE-2020-6440
https://security.archlinux.org/CVE-2020-6441
https://security.archlinux.org/CVE-2020-6442
https://security.archlinux.org/CVE-2020-6443
https://security.archlinux.org/CVE-2020-6444
https://security.archlinux.org/CVE-2020-6445
https://security.archlinux.org/CVE-2020-6446
https://security.archlinux.org/CVE-2020-6447
https://security.archlinux.org/CVE-2020-6448
https://security.archlinux.org/CVE-2020-6454
https://security.archlinux.org/CVE-2020-6455
https://security.archlinux.org/CVE-2020-6456

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20200410/b86294c1/attachment-0001.sig>


More information about the arch-security mailing list