ASA-202009-6 log generated external raw

[ASA-202009-6] chromium: multiple issues
Arch Linux Security Advisory ASA-202009-6 ========================================= Severity: High Date : 2020-09-09 CVE-ID : CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-6579 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1225 Summary ======= The package chromium before version 85.0.4183.102-1 is vulnerable to multiple issues including access restriction bypass and arbitrary code execution. Resolution ========== Upgrade to 85.0.4183.102-1. # pacman -Syu "chromium>=85.0.4183.102-1" The problems have been fixed upstream in version 85.0.4183.102. Workaround ========== None. Description =========== - CVE-2020-6573 (arbitrary code execution) A use after free security issue has been found in the video component of the chromium browser before 85.0.4183.102. - CVE-2020-6574 (access restriction bypass) An insufficient policy enforcement security issue has been found in the installer component of the chromium browser before 85.0.4183.102. - CVE-2020-6575 (access restriction bypass) A race security issue has been found in the Mojo component of the chromium browser before 85.0.4183.102. - CVE-2020-6576 (arbitrary code execution) A use after free security issue has been found in the offscreen canvas component of the chromium browser before 85.0.4183.102. - CVE-2020-6579 (access restriction bypass) An insufficient policy enforcement security issue has been found in the networking component of the chromium browser before 85.0.4183.102. Impact ====== A remote attacker might be able to bypass security measures or execute arbitrary code. References ========== https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html https://crbug.com/1116304 https://crbug.com/1102196 https://crbug.com/1081874 https://crbug.com/1111737 https://crbug.com/1122684 https://security.archlinux.org/CVE-2020-6573 https://security.archlinux.org/CVE-2020-6574 https://security.archlinux.org/CVE-2020-6575 https://security.archlinux.org/CVE-2020-6576 https://security.archlinux.org/CVE-2020-6579