AVG-1206 log

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 83.0.4103.116-3
Fixed 84.0.4147.89-1
Current 85.0.4183.121-1 [extra]
Ticket None
Created Wed Jul 15 07:50:40 2020
Issue Severity Remote Type Description
CVE-2020-6536 Low No Content spoofing
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the...
CVE-2020-6535 Low Yes Content spoofing
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject...
CVE-2020-6534 Low Yes Denial of service
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6533 Low Yes Denial of service
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6531 Low No Information disclosure
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted...
CVE-2020-6530 Low Yes Denial of service
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious...
CVE-2020-6529 Low Yes Information disclosure
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data...
CVE-2020-6528 Low Yes Information disclosure
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar)...
CVE-2020-6527 Low Yes Certificate verification bypass
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6526 Low Yes Authentication bypass
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a...
CVE-2020-6525 Medium Yes Arbitrary code execution
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6524 Medium Yes Arbitrary code execution
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6523 Medium Yes Arbitrary code execution
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6522 Medium Yes Sandbox escape
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox...
CVE-2020-6521 Medium Yes Information disclosure
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information...
CVE-2020-6520 Medium Yes Denial of service
Heap buffer overflow in Skia.
CVE-2020-6519 Medium Yes Insufficient validation
Policy bypass in CSP
CVE-2020-6518 Medium Yes Arbitrary code execution
Use after free in developer tools.
CVE-2020-6517 High Yes Arbitrary code execution
Heap buffer overflow in history.
CVE-2020-6516 High Yes Information disclosure
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6515 High Yes Arbitrary code execution
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6514 High Yes Arbitrary code execution
Inappropriate implementation in WebRTC.
CVE-2020-6513 High Yes Arbitrary code execution
Heap buffer overflow in PDFium.
CVE-2020-6512 High Yes Insufficient validation
Type Confusion in V8.
CVE-2020-6511 High Yes Information disclosure
Side-channel information leakage in content security policy.
CVE-2020-6510 Critical Yes Arbitrary code execution
Heap buffer overflow in background fetch.
References
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html