Security Information / 2020 / Security Information -- DSA-4645-1 chromium

Debian Security Advisory

DSA-4645-1 chromium -- security update

Date Reported:

22 Mar 2020

Affected Packages:

chromium

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2019-20503, CVE-2020-6422, CVE-2020-6424, CVE-2020-6425, CVE-2020-6426, CVE-2020-6427, CVE-2020-6428, CVE-2020-6429, CVE-2020-6449.

More information:

Several vulnerabilities have been discovered in the chromium web browser.

• CVE-2019-20503

  Natalie Silvanovich discovered an out-of-bounds read issue in the usrsctp library.

• CVE-2020-6422

  David Manouchehri discovered a use-after-free issue in the WebGL implementation.

• CVE-2020-6424

  Sergei Glazunov discovered a use-after-free issue.

• CVE-2020-6425

  Sergei Glazunov discovered a policy enforcement error related to extensions.

• CVE-2020-6426

  Avihay Cohen discovered an implementation error in the v8 javascript library.

• CVE-2020-6427

  Man Yue Mo discovered a use-after-free issue in the audio implementation.

• CVE-2020-6428

  Man Yue Mo discovered a use-after-free issue in the audio implementation.

• CVE-2020-6429

  Man Yue Mo discovered a use-after-free issue in the audio implementation.

• CVE-2020-6449

  Man Yue Mo discovered a use-after-free issue in the audio implementation.

For the oldstable distribution (stretch), security support for chromium has been discontinued.

For the stable distribution (buster), these problems have been fixed in version 80.0.3987.149-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium