Arch Linux Security Advisory ASA-202011-11 ========================================== Severity: High Date : 2020-11-17 CVE-ID : CVE-2020-16012 CVE-2020-16014 CVE-2020-16015 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1277 Summary ======= The package chromium before version 87.0.4280.66-1 is vulnerable to multiple issues including access restriction bypass, arbitrary code execution, insufficient validation, content spoofing and information disclosure. Resolution ========== Upgrade to 87.0.4280.66-1. # pacman -Syu "chromium>=87.0.4280.66-1" The problems have been fixed upstream in version 87.0.4280.66. Workaround ========== None. Description =========== - CVE-2020-16012 (information disclosure) An information disclosure issue has been found in Firefox before 83.0 and chromium before 87.0.4280.66. When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks. - CVE-2020-16014 (arbitrary code execution) A use after free security issue has been found in the PPAPI component of the chromium browser before 87.0.4280.66. - CVE-2020-16015 (insufficient validation) An insufficient data validation security issue has been found in the WASM component of the chromium browser before 87.0.4280.66. - CVE-2020-16018 (arbitrary code execution) A use after free security issue has been found in the payments component of the chromium browser before 87.0.4280.66. - CVE-2020-16019 (access restriction bypass) An inappropriate implementation security issue has been found in the filesystem component of the chromium browser before 87.0.4280.66. - CVE-2020-16020 (access restriction bypass) An inappropriate implementation security issue has been found in the cryptohome component of the chromium browser before 87.0.4280.66. - CVE-2020-16021 (arbitrary code execution) A race condition has been found in the ImageBurner component of the chromium browser before 87.0.4280.66, leading to possible memory corruption. - CVE-2020-16022 (access restriction bypass) An insufficient policy enforcement security issue has been found in the networking component of the chromium browser before 87.0.4280.66. - CVE-2020-16023 (arbitrary code execution) A use after free security issue has been found in the WebCodecs component of the chromium browser before 87.0.4280.66. - CVE-2020-16024 (arbitrary code execution) A heap-based buffer overflow has been found in the UI component of the chromium browser before 87.0.4280.66. - CVE-2020-16025 (arbitrary code execution) A heap-based buffer overflow has been found in the clipboard component of the chromium browser before 87.0.4280.66. - CVE-2020-16026 (arbitrary code execution) A use after free security issue has been found in the WebRTC component of the chromium browser before 87.0.4280.66. - CVE-2020-16027 (access restriction bypass) An insufficient policy enforcement security issue has been found in the developer tools component of the chromium browser before 87.0.4280.66. - CVE-2020-16028 (arbitrary code execution) A heap-based buffer overflow has been found in the WebRTC component of the chromium browser before 87.0.4280.66. - CVE-2020-16029 (access restriction bypass) An inappropriate implementation security issue has been found in the PDFium component of the chromium browser before 87.0.4280.66. - CVE-2020-16030 (insufficient validation) An insufficient data validation security issue has been found in the Blink component of the chromium browser before 87.0.4280.66. - CVE-2020-16031 (content spoofing) An incorrect security UI issue has been found in the tab preview component of the chromium browser before 87.0.4280.66. - CVE-2020-16032 (content spoofing) An incorrect security UI issue has been found in the sharing component of the chromium browser before 87.0.4280.66. - CVE-2020-16033 (content spoofing) A incorrect security UI issue has been found in the WebUSB component of the chromium browser before 87.0.4280.66. - CVE-2020-16034 (access restriction bypass) An inappropriate implementation security issue has been found in the WebRTC component of the chromium browser before 87.0.4280.66. - CVE-2020-16035 (insufficient validation) An insufficient data validation security issue has been found in the cros-disks component of the chromium browser before 87.0.4280.66. - CVE-2020-16036 (access restriction bypass) An inappropriate implementation security issue has been found in the cookies component of the chromium browser before 87.0.4280.66. Impact ====== A remote attacker might be able to trick a user into wrongly assessing the security of a website, WebUSB connection or a tab preview via UI spoofing. Further, a remote attacker may be able to bypass security restrictions, access sensitive information and execute arbitrary code References ========== https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012 https://bugzilla.mozilla.org/show_bug.cgi?id=1642028 https://crbug.com/1146675 https://crbug.com/1146673 https://crbug.com/1136078 https://crbug.com/1139408 https://crbug.com/1139411 https://crbug.com/1139414 https://crbug.com/1145680 https://crbug.com/1146761 https://crbug.com/1147430 https://crbug.com/1147431 https://crbug.com/1139153 https://crbug.com/1116444 https://crbug.com/1138446 https://crbug.com/1134338 https://crbug.com/1141350 https://crbug.com/1133183 https://crbug.com/1136714 https://crbug.com/1143057 https://crbug.com/1137362 https://crbug.com/1139409 https://crbug.com/830808 https://security.archlinux.org/CVE-2020-16012 https://security.archlinux.org/CVE-2020-16014 https://security.archlinux.org/CVE-2020-16015 https://security.archlinux.org/CVE-2020-16018 https://security.archlinux.org/CVE-2020-16019 https://security.archlinux.org/CVE-2020-16020 https://security.archlinux.org/CVE-2020-16021 https://security.archlinux.org/CVE-2020-16022 https://security.archlinux.org/CVE-2020-16023 https://security.archlinux.org/CVE-2020-16024 https://security.archlinux.org/CVE-2020-16025 https://security.archlinux.org/CVE-2020-16026 https://security.archlinux.org/CVE-2020-16027 https://security.archlinux.org/CVE-2020-16028 https://security.archlinux.org/CVE-2020-16029 https://security.archlinux.org/CVE-2020-16030 https://security.archlinux.org/CVE-2020-16031 https://security.archlinux.org/CVE-2020-16032 https://security.archlinux.org/CVE-2020-16033 https://security.archlinux.org/CVE-2020-16034 https://security.archlinux.org/CVE-2020-16035 https://security.archlinux.org/CVE-2020-16036