Debian Security Advisory
DSA-4638-1 chromium -- security update
- Date Reported:
- 10 Mar 2020
- Affected Packages:
- chromium
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-19880, CVE-2019-19923, CVE-2019-19925, CVE-2019-19926, CVE-2020-6381, CVE-2020-6382, CVE-2020-6383, CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2020-6420.
- More information:
-
Several vulnerabilities have been discovered in the chromium web browser.
- CVE-2019-19880
Richard Lorenz discovered an issue in the sqlite library.
- CVE-2019-19923
Richard Lorenz discovered an out-of-bounds read issue in the sqlite library.
- CVE-2019-19925
Richard Lorenz discovered an issue in the sqlite library.
- CVE-2019-19926
Richard Lorenz discovered an implementation error in the sqlite library.
- CVE-2020-6381
UK's National Cyber Security Centre discovered an integer overflow issue in the v8 javascript library.
- CVE-2020-6382
Soyeon Park and Wen Xu discovered a type error in the v8 javascript library.
- CVE-2020-6383
Sergei Glazunov discovered a type error in the v8 javascript library.
- CVE-2020-6384
David Manoucheri discovered a use-after-free issue in WebAudio.
- CVE-2020-6385
Sergei Glazunov discovered a policy enforcement error.
- CVE-2020-6386
Zhe Jin discovered a use-after-free issue in speech processing.
- CVE-2020-6387
Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation.
- CVE-2020-6388
Sergei Glazunov discovered an out-of-bounds read error in the WebRTC implementation.
- CVE-2020-6389
Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation.
- CVE-2020-6390
Sergei Glazunov discovered an out-of-bounds read error.
- CVE-2020-6391
Michał Bentkowski discoverd that untrusted input was insufficiently validated.
- CVE-2020-6392
The Microsoft Edge Team discovered a policy enforcement error.
- CVE-2020-6393
Mark Amery discovered a policy enforcement error.
- CVE-2020-6394
Phil Freo discovered a policy enforcement error.
- CVE-2020-6395
Pierre Langlois discovered an out-of-bounds read error in the v8 javascript library.
- CVE-2020-6396
William Luc Ritchie discovered an error in the skia library.
- CVE-2020-6397
Khalil Zhani discovered a user interface error.
- CVE-2020-6398
pdknsk discovered an uninitialized variable in the pdfium library.
- CVE-2020-6399
Luan Herrera discovered a policy enforcement error.
- CVE-2020-6400
Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing.
- CVE-2020-6401
Tzachy Horesh discovered that user input was insufficiently validated.
- CVE-2020-6402
Vladimir Metnew discovered a policy enforcement error.
- CVE-2020-6403
Khalil Zhani discovered a user interface error.
- CVE-2020-6404
kanchi discovered an error in Blink/Webkit.
- CVE-2020-6405
Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the sqlite library.
- CVE-2020-6406
Sergei Glazunov discovered a use-after-free issue.
- CVE-2020-6407
Sergei Glazunov discovered an out-of-bounds read error.
- CVE-2020-6408
Zhong Zhaochen discovered a policy enforcement error in Cross-Origin Resource Sharing.
- CVE-2020-6409
Divagar S and Bharathi V discovered an error in the omnibox implementation.
- CVE-2020-6410
evil1m0 discovered a policy enforcement error.
- CVE-2020-6411
Khalil Zhani discovered that user input was insufficiently validated.
- CVE-2020-6412
Zihan Zheng discovered that user input was insufficiently validated.
- CVE-2020-6413
Michał Bentkowski discovered an error in Blink/Webkit.
- CVE-2020-6414
Lijo A.T discovered a policy safe browsing policy enforcement error.
- CVE-2020-6415
Avihay Cohen discovered an implementation error in the v8 javascript library.
- CVE-2020-6416
Woojin Oh discovered that untrusted input was insufficiently validated.
- CVE-2020-6418
Clement Lecigne discovered a type error in the v8 javascript library.
- CVE-2020-6420
Taras Uzdenov discovered a policy enforcement error.
For the oldstable distribution (stretch), security support for chromium has been discontinued.
For the stable distribution (buster), these problems have been fixed in version 80.0.3987.132-1~deb10u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium
- CVE-2019-19880