opensuse-su-2020:0823-1
Vulnerability from csaf_opensuse
Published
2020-06-17 16:18
Modified
2020-06-17 16:18
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium fixes the following issues:
Chromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496):
* CVE-2020-6463: Use after free in ANGLE (boo#1170107 boo#1171975).
* CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21
* CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26
* CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06
* CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30
* CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02
* CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30
* CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08
* CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25
* CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06
* CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07
* CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31
* CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18
* CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26
* CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24
* CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14
* CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21
* CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07
* CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17
* CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23
* CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26
* CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30
* CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24
* CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06
* CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21
* CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10
* CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19
* CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07
* CVE-2020-6493: Use after free in WebAuthentication.
* CVE-2020-6494: Incorrect security UI in payments.
* CVE-2020-6495: Insufficient policy enforcement in developer tools.
* CVE-2020-6496: Use after free in payments.
Patchnames
openSUSE-2020-823
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496):\n\n* CVE-2020-6463: Use after free in ANGLE (boo#1170107 boo#1171975).\n* CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21\n* CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26\n* CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06\n* CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30\n* CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02\n* CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Micha\u0142 Bentkowski of Securitum on 2020-03-30\n* CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08\n* CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25\n* CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06\n* CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07\n* CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31\n* CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18\n* CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26\n* CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24\n* CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14\n* CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21\n* CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07\n* CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17\n* CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23\n* CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26\n* CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30\n* CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24\n* CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06\n* CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21\n* CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10\n* CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19\n* CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07\n* CVE-2020-6493: Use after free in WebAuthentication.\n* CVE-2020-6494: Incorrect security UI in payments.\n* CVE-2020-6495: Insufficient policy enforcement in developer tools.\n* CVE-2020-6496: Use after free in payments.\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-823",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0823-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0823-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0823-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2O6PVTTGIFWWYECON2SKIS2UIAMBVTM3/"
},
{
"category": "self",
"summary": "SUSE Bug 1170107",
"url": "https://bugzilla.suse.com/1170107"
},
{
"category": "self",
"summary": "SUSE Bug 1171910",
"url": "https://bugzilla.suse.com/1171910"
},
{
"category": "self",
"summary": "SUSE Bug 1171975",
"url": "https://bugzilla.suse.com/1171975"
},
{
"category": "self",
"summary": "SUSE Bug 1172496",
"url": "https://bugzilla.suse.com/1172496"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6463 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6465 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6466 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6467 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6468 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6469 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6470 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6471 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6472 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6473 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6474 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6475 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6476 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6477 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6478 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6479 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6480 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6481 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6482 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6483 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6484 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6484/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6485 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6486/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6487 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6488 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6489 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6490 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6491 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6493 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6494 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6495 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6496 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6496/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2020-06-17T16:18:21Z",
"generator": {
"date": "2020-06-17T16:18:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0823-1",
"initial_release_date": "2020-06-17T16:18:21Z",
"revision_history": [
{
"date": "2020-06-17T16:18:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"product": {
"name": "chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"product_id": "chromedriver-83.0.4103.97-lp151.2.96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-83.0.4103.97-lp151.2.96.1.x86_64",
"product": {
"name": "chromium-83.0.4103.97-lp151.2.96.1.x86_64",
"product_id": "chromium-83.0.4103.97-lp151.2.96.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-83.0.4103.97-lp151.2.96.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64"
},
"product_reference": "chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-83.0.4103.97-lp151.2.96.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
},
"product_reference": "chromium-83.0.4103.97-lp151.2.96.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-6463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6463"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6463",
"url": "https://www.suse.com/security/cve/CVE-2020-6463"
},
{
"category": "external",
"summary": "SUSE Bug 1171975 for CVE-2020-6463",
"url": "https://bugzilla.suse.com/1171975"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-6463",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "moderate"
}
],
"title": "CVE-2020-6463"
},
{
"cve": "CVE-2020-6465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6465"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6465",
"url": "https://www.suse.com/security/cve/CVE-2020-6465"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6465",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6465"
},
{
"cve": "CVE-2020-6466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6466"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6466",
"url": "https://www.suse.com/security/cve/CVE-2020-6466"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6466",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6466"
},
{
"cve": "CVE-2020-6467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6467"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6467",
"url": "https://www.suse.com/security/cve/CVE-2020-6467"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6467",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6467"
},
{
"cve": "CVE-2020-6468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6468"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6468",
"url": "https://www.suse.com/security/cve/CVE-2020-6468"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6468",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6468"
},
{
"cve": "CVE-2020-6469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6469"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6469",
"url": "https://www.suse.com/security/cve/CVE-2020-6469"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6469",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6469"
},
{
"cve": "CVE-2020-6470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6470"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6470",
"url": "https://www.suse.com/security/cve/CVE-2020-6470"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6470",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6470"
},
{
"cve": "CVE-2020-6471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6471"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6471",
"url": "https://www.suse.com/security/cve/CVE-2020-6471"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6471",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6471"
},
{
"cve": "CVE-2020-6472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6472"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6472",
"url": "https://www.suse.com/security/cve/CVE-2020-6472"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6472",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6472"
},
{
"cve": "CVE-2020-6473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6473"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6473",
"url": "https://www.suse.com/security/cve/CVE-2020-6473"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6473",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6473"
},
{
"cve": "CVE-2020-6474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6474"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6474",
"url": "https://www.suse.com/security/cve/CVE-2020-6474"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6474",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6474"
},
{
"cve": "CVE-2020-6475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6475"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6475",
"url": "https://www.suse.com/security/cve/CVE-2020-6475"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6475",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6475"
},
{
"cve": "CVE-2020-6476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6476"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6476",
"url": "https://www.suse.com/security/cve/CVE-2020-6476"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6476",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6476"
},
{
"cve": "CVE-2020-6477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6477"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6477",
"url": "https://www.suse.com/security/cve/CVE-2020-6477"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6477",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6477"
},
{
"cve": "CVE-2020-6478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6478"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6478",
"url": "https://www.suse.com/security/cve/CVE-2020-6478"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6478",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6478"
},
{
"cve": "CVE-2020-6479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6479"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6479",
"url": "https://www.suse.com/security/cve/CVE-2020-6479"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6479",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6479"
},
{
"cve": "CVE-2020-6480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6480"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6480",
"url": "https://www.suse.com/security/cve/CVE-2020-6480"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6480",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6480"
},
{
"cve": "CVE-2020-6481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6481"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6481",
"url": "https://www.suse.com/security/cve/CVE-2020-6481"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6481",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6481"
},
{
"cve": "CVE-2020-6482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6482"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6482",
"url": "https://www.suse.com/security/cve/CVE-2020-6482"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6482",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6482"
},
{
"cve": "CVE-2020-6483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6483"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6483",
"url": "https://www.suse.com/security/cve/CVE-2020-6483"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6483",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6483"
},
{
"cve": "CVE-2020-6484",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6484"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6484",
"url": "https://www.suse.com/security/cve/CVE-2020-6484"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6484",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6484"
},
{
"cve": "CVE-2020-6485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6485"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6485",
"url": "https://www.suse.com/security/cve/CVE-2020-6485"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6485",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6485"
},
{
"cve": "CVE-2020-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6486"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6486",
"url": "https://www.suse.com/security/cve/CVE-2020-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6486",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6486"
},
{
"cve": "CVE-2020-6487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6487"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6487",
"url": "https://www.suse.com/security/cve/CVE-2020-6487"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6487",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6487"
},
{
"cve": "CVE-2020-6488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6488"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6488",
"url": "https://www.suse.com/security/cve/CVE-2020-6488"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6488",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6488"
},
{
"cve": "CVE-2020-6489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6489"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6489",
"url": "https://www.suse.com/security/cve/CVE-2020-6489"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6489",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6489"
},
{
"cve": "CVE-2020-6490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6490"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6490",
"url": "https://www.suse.com/security/cve/CVE-2020-6490"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6490",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6490"
},
{
"cve": "CVE-2020-6491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6491"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6491",
"url": "https://www.suse.com/security/cve/CVE-2020-6491"
},
{
"category": "external",
"summary": "SUSE Bug 1171910 for CVE-2020-6491",
"url": "https://bugzilla.suse.com/1171910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6491"
},
{
"cve": "CVE-2020-6493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6493"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6493",
"url": "https://www.suse.com/security/cve/CVE-2020-6493"
},
{
"category": "external",
"summary": "SUSE Bug 1172496 for CVE-2020-6493",
"url": "https://bugzilla.suse.com/1172496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "critical"
}
],
"title": "CVE-2020-6493"
},
{
"cve": "CVE-2020-6494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6494"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6494",
"url": "https://www.suse.com/security/cve/CVE-2020-6494"
},
{
"category": "external",
"summary": "SUSE Bug 1172496 for CVE-2020-6494",
"url": "https://bugzilla.suse.com/1172496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "moderate"
}
],
"title": "CVE-2020-6494"
},
{
"cve": "CVE-2020-6495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6495"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6495",
"url": "https://www.suse.com/security/cve/CVE-2020-6495"
},
{
"category": "external",
"summary": "SUSE Bug 1172496 for CVE-2020-6495",
"url": "https://bugzilla.suse.com/1172496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "moderate"
}
],
"title": "CVE-2020-6495"
},
{
"cve": "CVE-2020-6496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6496"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6496",
"url": "https://www.suse.com/security/cve/CVE-2020-6496"
},
{
"category": "external",
"summary": "SUSE Bug 1172496 for CVE-2020-6496",
"url": "https://bugzilla.suse.com/1172496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-83.0.4103.97-lp151.2.96.1.x86_64",
"openSUSE Leap 15.1:chromium-83.0.4103.97-lp151.2.96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-17T16:18:21Z",
"details": "important"
}
],
"title": "CVE-2020-6496"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…