SB2020090118 - OpenSUSE Linux update for chromium
Published: September 1, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6558)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in iOS in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
2) Use-after-free (CVE-ID: CVE-2020-6559)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the presentation API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6560)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in autofill in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
4) Improperly implemented security check for standard (CVE-ID: CVE-2020-6561)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Content Security Policy in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6562)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Blink in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6563)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in intent handling in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
7) Spoofing attack (CVE-ID: CVE-2020-6564)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in permissions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
8) Spoofing attack (CVE-ID: CVE-2020-6565)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Omnibox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6566)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in media in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
10) Input validation error (CVE-ID: CVE-2020-6567)
The vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a improper input validation in command line handling in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6568)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in intent handling in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
12) Integer overflow (CVE-ID: CVE-2020-6569)
The vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a integer overflow in WebUSB in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.
13) Cryptographic issues (CVE-ID: CVE-2020-6570)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to side-channel information leak in WebRTC. Chrome Low. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.
14) Spoofing attack (CVE-ID: CVE-2020-6571)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Omnibox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
Remediation
Install update from vendor's website.