Feeds

Actualités informatiques

DSA-4645 chromium

Debian Security Advisory

DSA-4645-1 chromium -- security update

Date Reported:
22 Mar 2020
Affected Packages:
chromium
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2019-20503, CVE-2020-6422, CVE-2020-6424, CVE-2020-6425, CVE-2020-6426, CVE-2020-6427, CVE-2020-6428, CVE-2020-6429, CVE-2020-6449.
More information:

Several vulnerabilities have been discovered in the chromium web browser.

  • CVE-2019-20503

    Natalie Silvanovich discovered an out-of-bounds read issue in the usrsctp library.

  • CVE-2020-6422

    David Manouchehri discovered a use-after-free issue in the WebGL implementation.

  • CVE-2020-6424

    Sergei Glazunov discovered a use-after-free issue.

  • CVE-2020-6425

    Sergei Glazunov discovered a policy enforcement error related to extensions.

  • CVE-2020-6426

    Avihay Cohen discovered an implementation error in the v8 javascript library.

  • CVE-2020-6427

    Man Yue Mo discovered a use-after-free issue in the audio implementation.

  • CVE-2020-6428

    Man Yue Mo discovered a use-after-free issue in the audio implementation.

  • CVE-2020-6429

    Man Yue Mo discovered a use-after-free issue in the audio implementation.

  • CVE-2020-6449

    Man Yue Mo discovered a use-after-free issue in the audio implementation.

For the oldstable distribution (stretch), security support for chromium has been discontinued.

For the stable distribution (buster), these problems have been fixed in version 80.0.3987.149-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium