{"id":"openSUSE-SU-2020:2010-1","summary":"Security update for chromium","details":"This update for chromium fixes the following issues:\n\n- Update to 87.0.4280.66 (boo#1178923)\n  - Wayland support by default\n  - CVE-2020-16018: Use after free in payments. \n  - CVE-2020-16019: Inappropriate implementation in filesystem. \n  - CVE-2020-16020: Inappropriate implementation in cryptohome. \n  - CVE-2020-16021: Race in ImageBurner. \n  - CVE-2020-16022: Insufficient policy enforcement in networking. \n  - CVE-2020-16015: Insufficient data validation in WASM. R\n  - CVE-2020-16014: Use after free in PPAPI. \n  - CVE-2020-16023: Use after free in WebCodecs. \n  - CVE-2020-16024: Heap buffer overflow in UI.\n  - CVE-2020-16025: Heap buffer overflow in clipboard. \n  - CVE-2020-16026: Use after free in WebRTC. \n  - CVE-2020-16027: Insufficient policy enforcement in developer tools. R\n  - CVE-2020-16028: Heap buffer overflow in WebRTC. \n  - CVE-2020-16029: Inappropriate implementation in PDFium. \n  - CVE-2020-16030: Insufficient data validation in Blink. \n  - CVE-2019-8075: Insufficient data validation in Flash. \n  - CVE-2020-16031: Incorrect security UI in tab preview. \n  - CVE-2020-16032: Incorrect security UI in sharing.\n  - CVE-2020-16033: Incorrect security UI in WebUSB. \n  - CVE-2020-16034: Inappropriate implementation in WebRTC. \n  - CVE-2020-16035: Insufficient data validation in cros-disks.\n  - CVE-2020-16012: Side-channel information leakage in graphics. \n  - CVE-2020-16036: Inappropriate implementation in cookies. \n","modified":"2026-02-04T03:02:29.000774Z","published":"2020-11-24T23:27:03Z","related":["CVE-2019-8075","CVE-2020-16012","CVE-2020-16014","CVE-2020-16015","CVE-2020-16018","CVE-2020-16019","CVE-2020-16020","CVE-2020-16021","CVE-2020-16022","CVE-2020-16023","CVE-2020-16024","CVE-2020-16025","CVE-2020-16026","CVE-2020-16027","CVE-2020-16028","CVE-2020-16029","CVE-2020-16030","CVE-2020-16031","CVE-2020-16032","CVE-2020-16033","CVE-2020-16034","CVE-2020-16035","CVE-2020-16036"],"upstream":["CVE-2019-8075","CVE-2020-16012","CVE-2020-16014","CVE-2020-16015","CVE-2020-16018","CVE-2020-16019","CVE-2020-16020","CVE-2020-16021","CVE-2020-16022","CVE-2020-16023","CVE-2020-16024","CVE-2020-16025","CVE-2020-16026","CVE-2020-16027","CVE-2020-16028","CVE-2020-16029","CVE-2020-16030","CVE-2020-16031","CVE-2020-16032","CVE-2020-16033","CVE-2020-16034","CVE-2020-16035","CVE-2020-16036"],"references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QY4HVSGBXI6UWJK3O7NRFLCCCLNP2X5N/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178923"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-8075"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16012"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16014"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16015"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16018"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16019"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16020"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16021"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16022"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16023"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16024"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16025"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16026"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16027"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16028"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16029"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16030"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16031"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16032"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16033"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16034"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16035"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16036"}],"affected":[{"package":{"name":"chromium","ecosystem":"SUSE:Package Hub 15 SP1","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"87.0.4280.66-bp151.3.131.1"}]}],"ecosystem_specific":{"binaries":[{"chromium":"87.0.4280.66-bp151.3.131.1","chromedriver":"87.0.4280.66-bp151.3.131.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:2010-1.json"}}],"schema_version":"1.7.3"}