rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-16007 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | ||
| CVE-2020-16006 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-16005 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-16004 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-16003 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-16002 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2020-16001 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-16000 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-15995 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-15992 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | ||
| CVE-2020-15991 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2020-15990 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2020-15989 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | ||
| CVE-2020-15988 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. | ||
| CVE-2020-15987 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. | ||
| CVE-2020-15986 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-15985 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2020-15984 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL. | ||
| CVE-2020-15983 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2020-15982 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 3, 2020 | Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
- CVE-2020-16007Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
- CVE-2020-16006Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16005Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16004Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16003Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16002Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2020-16001Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16000Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15995Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15992Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
- CVE-2020-15991Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-15990Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-15989Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
- CVE-2020-15988Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
- CVE-2020-15987Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
- CVE-2020-15986Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15985Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
- CVE-2020-15984Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
- CVE-2020-15983Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
- CVE-2020-15982Nov 3, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Page 128 of 203