Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1705-1 Final 1 1 2020-10-22T05:51:33Z current 2020-10-22T05:51:33Z 2020-10-22T05:51:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: -chromium was updated to 86.0.4240.75 (boo#1177408): - CVE-2020-15967: Fixed Use after free in payments. - CVE-2020-15968: Fixed Use after free in Blink. - CVE-2020-15969: Fixed Use after free in WebRTC. - CVE-2020-15970: Fixed Use after free in NFC. - CVE-2020-15971: Fixed Use after free in printing. - CVE-2020-15972: Fixed Use after free in audio. - CVE-2020-15990: Fixed Use after free in autofill. - CVE-2020-15991: Fixed Use after free in password manager. - CVE-2020-15973: Fixed Insufficient policy enforcement in extensions. - CVE-2020-15974: Fixed Integer overflow in Blink. - CVE-2020-15975: Fixed Integer overflow in SwiftShader. - CVE-2020-15976: Fixed Use after free in WebXR. - CVE-2020-6557: Fixed Inappropriate implementation in networking. - CVE-2020-15977: Fixed Insufficient data validation in dialogs. - CVE-2020-15978: Fixed Insufficient data validation in navigation. - CVE-2020-15979: Fixed Inappropriate implementation in V8. - CVE-2020-15980: Fixed Insufficient policy enforcement in Intents. - CVE-2020-15981: Fixed Out of bounds read in audio. - CVE-2020-15982: Fixed Side-channel information leakage in cache. - CVE-2020-15983: Fixed Insufficient data validation in webUI. - CVE-2020-15984: Fixed Insufficient policy enforcement in Omnibox. - CVE-2020-15985: Fixed Inappropriate implementation in Blink. - CVE-2020-15986: Fixed Integer overflow in media. - CVE-2020-15987: Fixed Use after free in WebRTC. - CVE-2020-15992: Fixed Insufficient policy enforcement in networking. - CVE-2020-15988: Fixed Insufficient policy enforcement in downloads. - CVE-2020-15989: Fixed Uninitialized Use in PDFium. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1705 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ E-Mail link for openSUSE-SU-2020:1705-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177408 SUSE Bug 1177408 https://www.suse.com/security/cve/CVE-2020-15967/ SUSE CVE CVE-2020-15967 page https://www.suse.com/security/cve/CVE-2020-15968/ SUSE CVE CVE-2020-15968 page https://www.suse.com/security/cve/CVE-2020-15969/ SUSE CVE CVE-2020-15969 page https://www.suse.com/security/cve/CVE-2020-15970/ SUSE CVE CVE-2020-15970 page https://www.suse.com/security/cve/CVE-2020-15971/ SUSE CVE CVE-2020-15971 page https://www.suse.com/security/cve/CVE-2020-15972/ SUSE CVE CVE-2020-15972 page https://www.suse.com/security/cve/CVE-2020-15973/ SUSE CVE CVE-2020-15973 page https://www.suse.com/security/cve/CVE-2020-15974/ SUSE CVE CVE-2020-15974 page https://www.suse.com/security/cve/CVE-2020-15975/ SUSE CVE CVE-2020-15975 page https://www.suse.com/security/cve/CVE-2020-15976/ SUSE CVE CVE-2020-15976 page https://www.suse.com/security/cve/CVE-2020-15977/ SUSE CVE CVE-2020-15977 page https://www.suse.com/security/cve/CVE-2020-15978/ SUSE CVE CVE-2020-15978 page https://www.suse.com/security/cve/CVE-2020-15979/ SUSE CVE CVE-2020-15979 page https://www.suse.com/security/cve/CVE-2020-15980/ SUSE CVE CVE-2020-15980 page https://www.suse.com/security/cve/CVE-2020-15981/ SUSE CVE CVE-2020-15981 page https://www.suse.com/security/cve/CVE-2020-15982/ SUSE CVE CVE-2020-15982 page https://www.suse.com/security/cve/CVE-2020-15983/ SUSE CVE CVE-2020-15983 page https://www.suse.com/security/cve/CVE-2020-15984/ SUSE CVE CVE-2020-15984 page https://www.suse.com/security/cve/CVE-2020-15985/ SUSE CVE CVE-2020-15985 page https://www.suse.com/security/cve/CVE-2020-15986/ SUSE CVE CVE-2020-15986 page https://www.suse.com/security/cve/CVE-2020-15987/ SUSE CVE CVE-2020-15987 page https://www.suse.com/security/cve/CVE-2020-15988/ SUSE CVE CVE-2020-15988 page https://www.suse.com/security/cve/CVE-2020-15989/ SUSE CVE CVE-2020-15989 page https://www.suse.com/security/cve/CVE-2020-15990/ SUSE CVE CVE-2020-15990 page https://www.suse.com/security/cve/CVE-2020-15991/ SUSE CVE CVE-2020-15991 page https://www.suse.com/security/cve/CVE-2020-15992/ SUSE CVE CVE-2020-15992 page https://www.suse.com/security/cve/CVE-2020-6557/ SUSE CVE CVE-2020-6557 page openSUSE Leap 15.1 openSUSE Leap 15.2 chromedriver-86.0.4240.75-lp152.2.39.1 chromium-86.0.4240.75-lp152.2.39.1 gn-0.1807-lp152.2.3.1 chromedriver-86.0.4240.75-lp152.2.39.1 as a component of openSUSE Leap 15.1 chromium-86.0.4240.75-lp152.2.39.1 as a component of openSUSE Leap 15.1 gn-0.1807-lp152.2.3.1 as a component of openSUSE Leap 15.1 chromedriver-86.0.4240.75-lp152.2.39.1 as a component of openSUSE Leap 15.2 chromium-86.0.4240.75-lp152.2.39.1 as a component of openSUSE Leap 15.2 gn-0.1807-lp152.2.3.1 as a component of openSUSE Leap 15.2 Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15967 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15967.html CVE-2020-15967 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15968 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15968.html CVE-2020-15968 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15969 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15969.html CVE-2020-15969 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 https://bugzilla.suse.com/1177872 SUSE Bug 1177872 https://bugzilla.suse.com/1177977 SUSE Bug 1177977 Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15970 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15970.html CVE-2020-15970 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15971 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15971.html CVE-2020-15971 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15972 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15972.html CVE-2020-15972 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. CVE-2020-15973 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15973.html CVE-2020-15973 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2020-15974 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15974.html CVE-2020-15974 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15975 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15975.html CVE-2020-15975 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15976 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15976.html CVE-2020-15976 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. CVE-2020-15977 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15977.html CVE-2020-15977 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. CVE-2020-15978 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15978.html CVE-2020-15978 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15979 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15979.html CVE-2020-15979 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. CVE-2020-15980 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15980.html CVE-2020-15980 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-15981 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15981.html CVE-2020-15981 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-15982 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15982.html CVE-2020-15982 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. CVE-2020-15983 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15983.html CVE-2020-15983 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL. CVE-2020-15984 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15984.html CVE-2020-15984 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-15985 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15985.html CVE-2020-15985 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15986 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15986.html CVE-2020-15986 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. CVE-2020-15987 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15987.html CVE-2020-15987 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. CVE-2020-15988 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15988.html CVE-2020-15988 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. CVE-2020-15989 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15989.html CVE-2020-15989 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15990 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15990.html CVE-2020-15990 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15991 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15991.html CVE-2020-15991 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. CVE-2020-15992 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-15992.html CVE-2020-15992 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2020-6557 openSUSE Leap 15.1:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.1:gn-0.1807-lp152.2.3.1 openSUSE Leap 15.2:chromedriver-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:chromium-86.0.4240.75-lp152.2.39.1 openSUSE Leap 15.2:gn-0.1807-lp152.2.3.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSRYM5HZR7DJFCM4PTV3322SCZDBNVEX/ https://www.suse.com/security/cve/CVE-2020-6557.html CVE-2020-6557 https://bugzilla.suse.com/1177408 SUSE Bug 1177408