VYPR

rpm package

suse/chromium&distro=SUSE Package Hub 15 SP1

pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP1

Vulnerabilities (431)

  • CVE-2020-6438Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

  • CVE-2020-6437Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.

  • CVE-2020-6436Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6435Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6434Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6433Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6432Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6431Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.

  • CVE-2020-6430Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6423Apr 13, 2020
    affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1

    Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6425Mar 23, 2020
    affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3

    Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.

  • CVE-2020-6429Mar 20, 2020
    affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3

    Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6428Mar 20, 2020
    affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3

    Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6427Mar 20, 2020
    affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3

    Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6426Mar 20, 2020
    affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3

    Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6424Mar 20, 2020
    affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3

    Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6422Mar 20, 2020
    affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3

    Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6449Mar 20, 2020
    affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3

    Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-20503Mar 6, 2020
    affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3

    usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

  • CVE-2020-0561Feb 13, 2020
    affected < 81.0.4044.129-bp151.3.75.1fixed 81.0.4044.129-bp151.3.75.1

    Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Page 13 of 22