AVG-1277 log

Package chromium
Status Fixed
Severity High
Type multiple issues
Affected 86.0.4240.193-1
Fixed 87.0.4280.66-1
Current 94.0.4606.61-1 [extra]
Ticket None
Created Thu Nov 12 17:05:12 2020
Issue Severity Remote Type Description
CVE-2020-16036 Low Yes Access restriction bypass
An inappropriate implementation security issue has been found in the cookies component of the chromium browser before 87.0.4280.66.
CVE-2020-16035 Medium Yes Insufficient validation
An insufficient data validation security issue has been found in the cros-disks component of the chromium browser before 87.0.4280.66.
CVE-2020-16034 Medium Yes Access restriction bypass
An inappropriate implementation security issue has been found in the WebRTC component of the chromium browser before 87.0.4280.66.
CVE-2020-16033 Medium Yes Content spoofing
A incorrect security UI issue has been found in the WebUSB component of the chromium browser before 87.0.4280.66.
CVE-2020-16032 Medium Yes Content spoofing
An incorrect security UI issue has been found in the sharing component of the chromium browser before 87.0.4280.66.
CVE-2020-16031 Medium Yes Content spoofing
An incorrect security UI issue has been found in the tab preview component of the chromium browser before 87.0.4280.66.
CVE-2020-16030 Medium Yes Insufficient validation
An insufficient data validation security issue has been found in the Blink component of the chromium browser before 87.0.4280.66.
CVE-2020-16029 Medium Yes Access restriction bypass
An inappropriate implementation security issue has been found in the PDFium component of the chromium browser before 87.0.4280.66.
CVE-2020-16028 High Yes Arbitrary code execution
A heap-based buffer overflow has been found in the WebRTC component of the chromium browser before 87.0.4280.66.
CVE-2020-16027 Medium Yes Access restriction bypass
An insufficient policy enforcement security issue has been found in the developer tools component of the chromium browser before 87.0.4280.66.
CVE-2020-16026 High Yes Arbitrary code execution
A use after free security issue has been found in the WebRTC component of the chromium browser before 87.0.4280.66.
CVE-2020-16025 High Yes Arbitrary code execution
A heap-based buffer overflow has been found in the clipboard component of the chromium browser before 87.0.4280.66.
CVE-2020-16024 High Yes Arbitrary code execution
A heap-based buffer overflow has been found in the UI component of the chromium browser before 87.0.4280.66.
CVE-2020-16023 High Yes Arbitrary code execution
A use after free security issue has been found in the WebCodecs component of the chromium browser before 87.0.4280.66.
CVE-2020-16022 High Yes Access restriction bypass
An insufficient policy enforcement security issue has been found in the networking component of the chromium browser before 87.0.4280.66.
CVE-2020-16021 High Yes Arbitrary code execution
A race condition has been found in the ImageBurner component of the chromium browser before 87.0.4280.66, leading to possible memory corruption.
CVE-2020-16020 High Yes Access restriction bypass
An inappropriate implementation security issue has been found in the cryptohome component of the chromium browser before 87.0.4280.66.
CVE-2020-16019 High Yes Access restriction bypass
An inappropriate implementation security issue has been found in the filesystem component of the chromium browser before 87.0.4280.66.
CVE-2020-16018 High Yes Arbitrary code execution
A use after free security issue has been found in the payments component of the chromium browser before 87.0.4280.66.
CVE-2020-16015 High Yes Insufficient validation
An insufficient data validation security issue has been found in the WASM component of the chromium browser before 87.0.4280.66.
CVE-2020-16014 High Yes Arbitrary code execution
A use after free security issue has been found in the PPAPI component of the chromium browser before 87.0.4280.66.
CVE-2020-16012 Medium Yes Information disclosure
An information disclosure issue has been found in Firefox before 83.0 and chromium before 87.0.4280.66. When drawing a transparent image on top of an...
Date Advisory Package Type
17 Nov 2020 ASA-202011-11 chromium multiple issues
References
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html