chromium, google-chrome: security update to 81.0.4044.113 #2138
Labels
aosa-pending
Pending AOSA (AOSC OS Security Advisory) assignment
security
Topic/issue involves a security issue/fixed
upgrade
Topic/issue involves a package upgrade
CVE IDs: CVE-2020-6450, CVE-2020-6451, CVE-2020-6452, CVE-2020-6454, CVE-2020-6423, CVE-2020-6455, CVE-2020-6430, CVE-2020-6456, CVE-2020-6431, CVE-2020-6432, CVE-2020-6433, CVE-2020-6434, CVE-2020-6435, CVE-2020-6436, CVE-2020-6437, CVE-2020-6438, CVE-2020-6439, CVE-2020-6440, CVE-2020-6441, CVE-2020-6442, CVE-2020-6443, CVE-2020-6444, CVE-2020-6445, CVE-2020-6446, CVE-2020-6447, CVE-2020-6448, CVE-2020-6457
Other security advisory IDs: ASA-202004-1, ASA-202004-9, ASA-202004-15, DSA-4654-1, openSUSE-SU-2020:0519-1, openSUSE-SU-2020:0541-1, RHSA-2020:1487-01
Descriptions:
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html
[$TBD][1062247] High CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo of GitHub Security Lab on 2020-03-17
[$TBD][1061018] High CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo of GitHub Security Lab on 2020-03-12
[$N/A][1059764] High CVE-2020-6452: Heap buffer overflow in media. Reported by asnine on 2020-03-09
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
[$7500][1019161] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29
[$5000][1043446] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18
[$3000][1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09
[$2000][1031479] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
[$2000][1040755] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-01-10
[$1000][852645] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14
[$1000][965611] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21
[$1000][1043965] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21
[$500][1048555] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04
[$N/A][1032158] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09
[$TBD][1034519] Medium CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov from Vivaldi on 2019-12-16
[$500][639173] Low CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19
[$500][714617] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24
[$500][868145] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26
[$500][894477] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11
[$500][959571] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04
[$500][1013906] Low CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey on 2019-10-12
[$500][1040080] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08
[$N/A][922882] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17
[$N/A][933171] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
[$N/A][933172] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
[$N/A][991217] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06
[$N/A][1037872] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
[$TBD][1067851] Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04
Architectural progress (Chromium):
amd64
arm64
Architectural progress (Google Chrome):
amd64
The text was updated successfully, but these errors were encountered: