opensuse-su-2020:0210-1
Vulnerability from csaf_opensuse
Published
2020-02-12 05:12
Modified
2020-02-12 05:12
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium fixes the following issues:
Chromium was updated to version 80.0.3987.87 (boo#1162833).
Security issues fixed:
- CVE-2020-6381: Integer overflow in JavaScript (boo#1162833).
- CVE-2020-6382: Type Confusion in JavaScript (boo#1162833).
- CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833).
- CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833).
- CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833).
- CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833).
- CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833).
- CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833).
- CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833).
- CVE-2020-6390: Out of bounds memory access in streams (boo#1162833).
- CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833).
- CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833).
- CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833).
- CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833).
- CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833).
- CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833).
- CVE-2020-6397: Incorrect security UI in sharing (boo#1162833).
- CVE-2020-6398: Uninitialized use in PDFium (boo#1162833).
- CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833).
- CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833).
- CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833).
- CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833).
- CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833).
- CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833).
- CVE-2020-6405: Out of bounds read in SQLite (boo#1162833).
- CVE-2020-6406: Use after free in audio (boo#1162833).
- CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833).
- CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833).
- CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833).
- CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833).
- CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833).
- CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833).
- CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833).
- CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833).
- CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833).
- CVE-2020-6416: Insufficient data validation in streams (boo#1162833).
- CVE-2020-6417: Inappropriate implementation in installer (boo#1162833).
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2020-210
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium was updated to version 80.0.3987.87 (boo#1162833).\n\nSecurity issues fixed:\n\n- CVE-2020-6381: Integer overflow in JavaScript (boo#1162833).\n- CVE-2020-6382: Type Confusion in JavaScript (boo#1162833).\n- CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833).\n- CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833).\n- CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833).\n- CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833).\n- CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833).\n- CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833).\n- CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833).\n- CVE-2020-6390: Out of bounds memory access in streams (boo#1162833).\n- CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833).\n- CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833).\n- CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833).\n- CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833).\n- CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833).\n- CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833).\n- CVE-2020-6397: Incorrect security UI in sharing (boo#1162833).\n- CVE-2020-6398: Uninitialized use in PDFium (boo#1162833).\n- CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833).\n- CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833).\n- CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833).\n- CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833).\n- CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833).\n- CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833).\n- CVE-2020-6405: Out of bounds read in SQLite (boo#1162833).\n- CVE-2020-6406: Use after free in audio (boo#1162833).\n- CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833).\n- CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833).\n- CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833).\n- CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833).\n- CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833).\n- CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833).\n- CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833).\n- CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833).\n- CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833).\n- CVE-2020-6416: Insufficient data validation in streams (boo#1162833).\n- CVE-2020-6417: Inappropriate implementation in installer (boo#1162833).\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-210",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0210-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0210-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0210-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AAOUMLFZMVYH6TYWJSSQ6OXQGLVPDPJ6/"
},
{
"category": "self",
"summary": "SUSE Bug 1162833",
"url": "https://bugzilla.suse.com/1162833"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18197 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19880 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19923 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19925 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19926 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6381 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6382 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6385 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6387 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6388 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6389 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6390 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6391 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6392 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6393 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6394 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6395 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6396 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6397 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6398 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6399 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6400 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6401 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6402 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6403 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6404 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6405 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6406 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6408 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6409 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6410 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6411 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6412 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6413 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6414 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6415 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6416 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6417 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6417/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2020-02-12T05:12:32Z",
"generator": {
"date": "2020-02-12T05:12:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0210-1",
"initial_release_date": "2020-02-12T05:12:32Z",
"revision_history": [
{
"date": "2020-02-12T05:12:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"product": {
"name": "chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"product_id": "chromedriver-80.0.3987.87-bp151.3.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"product": {
"name": "chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"product_id": "chromium-80.0.3987.87-bp151.3.59.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"product": {
"name": "chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"product_id": "chromedriver-80.0.3987.87-bp151.3.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-80.0.3987.87-bp151.3.59.1.x86_64",
"product": {
"name": "chromium-80.0.3987.87-bp151.3.59.1.x86_64",
"product_id": "chromium-80.0.3987.87-bp151.3.59.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-80.0.3987.87-bp151.3.59.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64"
},
"product_reference": "chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-80.0.3987.87-bp151.3.59.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64"
},
"product_reference": "chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-80.0.3987.87-bp151.3.59.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64"
},
"product_reference": "chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-80.0.3987.87-bp151.3.59.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
},
"product_reference": "chromium-80.0.3987.87-bp151.3.59.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-18197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18197"
}
],
"notes": [
{
"category": "general",
"text": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18197",
"url": "https://www.suse.com/security/cve/CVE-2019-18197"
},
{
"category": "external",
"summary": "SUSE Bug 1154609 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1154609"
},
{
"category": "external",
"summary": "SUSE Bug 1157028 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1157028"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1162833"
},
{
"category": "external",
"summary": "SUSE Bug 1169511 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1169511"
},
{
"category": "external",
"summary": "SUSE Bug 1190108 for CVE-2019-18197",
"url": "https://bugzilla.suse.com/1190108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2019-18197"
},
{
"cve": "CVE-2019-19880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19880"
}
],
"notes": [
{
"category": "general",
"text": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19880",
"url": "https://www.suse.com/security/cve/CVE-2019-19880"
},
{
"category": "external",
"summary": "SUSE Bug 1159491 for CVE-2019-19880",
"url": "https://bugzilla.suse.com/1159491"
},
{
"category": "external",
"summary": "SUSE Bug 1159715 for CVE-2019-19880",
"url": "https://bugzilla.suse.com/1159715"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-19880",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2019-19880"
},
{
"cve": "CVE-2019-19923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19923"
}
],
"notes": [
{
"category": "general",
"text": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19923",
"url": "https://www.suse.com/security/cve/CVE-2019-19923"
},
{
"category": "external",
"summary": "SUSE Bug 1160309 for CVE-2019-19923",
"url": "https://bugzilla.suse.com/1160309"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-19923",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-19923"
},
{
"cve": "CVE-2019-19925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19925"
}
],
"notes": [
{
"category": "general",
"text": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19925",
"url": "https://www.suse.com/security/cve/CVE-2019-19925"
},
{
"category": "external",
"summary": "SUSE Bug 1159847 for CVE-2019-19925",
"url": "https://bugzilla.suse.com/1159847"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-19925",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "low"
}
],
"title": "CVE-2019-19925"
},
{
"cve": "CVE-2019-19926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19926"
}
],
"notes": [
{
"category": "general",
"text": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19926",
"url": "https://www.suse.com/security/cve/CVE-2019-19926"
},
{
"category": "external",
"summary": "SUSE Bug 1159491 for CVE-2019-19926",
"url": "https://bugzilla.suse.com/1159491"
},
{
"category": "external",
"summary": "SUSE Bug 1159715 for CVE-2019-19926",
"url": "https://bugzilla.suse.com/1159715"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2019-19926",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2019-19926"
},
{
"cve": "CVE-2020-6381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6381"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6381",
"url": "https://www.suse.com/security/cve/CVE-2020-6381"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6381",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6381"
},
{
"cve": "CVE-2020-6382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6382"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6382",
"url": "https://www.suse.com/security/cve/CVE-2020-6382"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6382",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6382"
},
{
"cve": "CVE-2020-6385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6385"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6385",
"url": "https://www.suse.com/security/cve/CVE-2020-6385"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6385",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6385"
},
{
"cve": "CVE-2020-6387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6387"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6387",
"url": "https://www.suse.com/security/cve/CVE-2020-6387"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6387",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6387"
},
{
"cve": "CVE-2020-6388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6388"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6388",
"url": "https://www.suse.com/security/cve/CVE-2020-6388"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6388",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6388"
},
{
"cve": "CVE-2020-6389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6389"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6389",
"url": "https://www.suse.com/security/cve/CVE-2020-6389"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6389",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6389"
},
{
"cve": "CVE-2020-6390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6390"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6390",
"url": "https://www.suse.com/security/cve/CVE-2020-6390"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6390",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6390"
},
{
"cve": "CVE-2020-6391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6391"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6391",
"url": "https://www.suse.com/security/cve/CVE-2020-6391"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6391",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6391"
},
{
"cve": "CVE-2020-6392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6392"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6392",
"url": "https://www.suse.com/security/cve/CVE-2020-6392"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6392",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6392"
},
{
"cve": "CVE-2020-6393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6393"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6393",
"url": "https://www.suse.com/security/cve/CVE-2020-6393"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6393",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6393"
},
{
"cve": "CVE-2020-6394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6394"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6394",
"url": "https://www.suse.com/security/cve/CVE-2020-6394"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6394",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6394"
},
{
"cve": "CVE-2020-6395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6395"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6395",
"url": "https://www.suse.com/security/cve/CVE-2020-6395"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6395",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6395"
},
{
"cve": "CVE-2020-6396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6396"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6396",
"url": "https://www.suse.com/security/cve/CVE-2020-6396"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6396",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6396"
},
{
"cve": "CVE-2020-6397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6397"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6397",
"url": "https://www.suse.com/security/cve/CVE-2020-6397"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6397",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6397"
},
{
"cve": "CVE-2020-6398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6398"
}
],
"notes": [
{
"category": "general",
"text": "Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6398",
"url": "https://www.suse.com/security/cve/CVE-2020-6398"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6398",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6398"
},
{
"cve": "CVE-2020-6399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6399"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6399",
"url": "https://www.suse.com/security/cve/CVE-2020-6399"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6399",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6399"
},
{
"cve": "CVE-2020-6400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6400"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6400",
"url": "https://www.suse.com/security/cve/CVE-2020-6400"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6400",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6400"
},
{
"cve": "CVE-2020-6401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6401"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6401",
"url": "https://www.suse.com/security/cve/CVE-2020-6401"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6401",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6401"
},
{
"cve": "CVE-2020-6402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6402"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6402",
"url": "https://www.suse.com/security/cve/CVE-2020-6402"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6402",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6402"
},
{
"cve": "CVE-2020-6403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6403"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6403",
"url": "https://www.suse.com/security/cve/CVE-2020-6403"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6403",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6403"
},
{
"cve": "CVE-2020-6404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6404"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6404",
"url": "https://www.suse.com/security/cve/CVE-2020-6404"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6404",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6404"
},
{
"cve": "CVE-2020-6405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6405"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6405",
"url": "https://www.suse.com/security/cve/CVE-2020-6405"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6405",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6405"
},
{
"cve": "CVE-2020-6406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6406"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6406",
"url": "https://www.suse.com/security/cve/CVE-2020-6406"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6406",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6406"
},
{
"cve": "CVE-2020-6408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6408"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6408",
"url": "https://www.suse.com/security/cve/CVE-2020-6408"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6408",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6408"
},
{
"cve": "CVE-2020-6409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6409"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6409",
"url": "https://www.suse.com/security/cve/CVE-2020-6409"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6409",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6409"
},
{
"cve": "CVE-2020-6410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6410"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6410",
"url": "https://www.suse.com/security/cve/CVE-2020-6410"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6410",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6410"
},
{
"cve": "CVE-2020-6411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6411"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6411",
"url": "https://www.suse.com/security/cve/CVE-2020-6411"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6411",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6411"
},
{
"cve": "CVE-2020-6412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6412"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6412",
"url": "https://www.suse.com/security/cve/CVE-2020-6412"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6412",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6412"
},
{
"cve": "CVE-2020-6413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6413"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6413",
"url": "https://www.suse.com/security/cve/CVE-2020-6413"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6413",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6413"
},
{
"cve": "CVE-2020-6414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6414"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6414",
"url": "https://www.suse.com/security/cve/CVE-2020-6414"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6414",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6414"
},
{
"cve": "CVE-2020-6415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6415"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6415",
"url": "https://www.suse.com/security/cve/CVE-2020-6415"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6415",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6415"
},
{
"cve": "CVE-2020-6416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6416"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6416",
"url": "https://www.suse.com/security/cve/CVE-2020-6416"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6416",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6416"
},
{
"cve": "CVE-2020-6417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6417"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6417",
"url": "https://www.suse.com/security/cve/CVE-2020-6417"
},
{
"category": "external",
"summary": "SUSE Bug 1162833 for CVE-2020-6417",
"url": "https://bugzilla.suse.com/1162833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-80.0.3987.87-bp151.3.59.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-80.0.3987.87-bp151.3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-12T05:12:32Z",
"details": "important"
}
],
"title": "CVE-2020-6417"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…