Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chromium, google-chrome: security update to 81.0.4044.113 #2138

Closed
3 tasks done
l2dy opened this issue Apr 20, 2020 · 4 comments
Closed
3 tasks done

chromium, google-chrome: security update to 81.0.4044.113 #2138

l2dy opened this issue Apr 20, 2020 · 4 comments
Labels
aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade

Comments

@l2dy
Copy link
Member

l2dy commented Apr 20, 2020

CVE IDs: CVE-2020-6450, CVE-2020-6451, CVE-2020-6452, CVE-2020-6454, CVE-2020-6423, CVE-2020-6455, CVE-2020-6430, CVE-2020-6456, CVE-2020-6431, CVE-2020-6432, CVE-2020-6433, CVE-2020-6434, CVE-2020-6435, CVE-2020-6436, CVE-2020-6437, CVE-2020-6438, CVE-2020-6439, CVE-2020-6440, CVE-2020-6441, CVE-2020-6442, CVE-2020-6443, CVE-2020-6444, CVE-2020-6445, CVE-2020-6446, CVE-2020-6447, CVE-2020-6448, CVE-2020-6457

Other security advisory IDs: ASA-202004-1, ASA-202004-9, ASA-202004-15, DSA-4654-1, openSUSE-SU-2020:0519-1, openSUSE-SU-2020:0541-1, RHSA-2020:1487-01

Descriptions:
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html
[$TBD][1062247] High CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo of GitHub Security Lab on 2020-03-17
[$TBD][1061018] High CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo of GitHub Security Lab on 2020-03-12
[$N/A][1059764] High CVE-2020-6452: Heap buffer overflow in media. Reported by asnine on 2020-03-09

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
[$7500][1019161] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29
[$5000][1043446] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18
[$3000][1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09
[$2000][1031479] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
[$2000][1040755] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-01-10
[$1000][852645] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14
[$1000][965611] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21
[$1000][1043965] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21
[$500][1048555] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04
[$N/A][1032158] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09
[$TBD][1034519] Medium CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov from Vivaldi on 2019-12-16
[$500][639173] Low CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19
[$500][714617] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24
[$500][868145] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26
[$500][894477] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11
[$500][959571] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04
[$500][1013906] Low CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey on 2019-10-12
[$500][1040080] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08
[$N/A][922882] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17
[$N/A][933171] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
[$N/A][933172] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
[$N/A][991217] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06
[$N/A][1037872] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
[$TBD][1067851] Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04

Architectural progress (Chromium):

  • AMD64 amd64
  • AArch64 arm64

Architectural progress (Google Chrome):

  • AMD64 amd64
@MingcongBai
Copy link
Member

@l2dy Please assign an AOSA for Google Chrome. Chromium later.

@MingcongBai MingcongBai added the aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment label Apr 20, 2020
@l2dy
Copy link
Member Author

l2dy commented Apr 21, 2020

Use AOSA-2020-0067 for Google Chrome.

@MingcongBai
Copy link
Member

All done. @l2dy Please assign an AOSA for Chromium.

@l2dy
Copy link
Member Author

l2dy commented Apr 22, 2020

Use AOSA-2020-0074 for Chromium.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade
Projects
None yet
Development

No branches or pull requests

2 participants