rpm package
suse/chromium&distro=SUSE Package Hub 15 SP1
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP1
Vulnerabilities (431)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-6438 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. | ||
| CVE-2020-6437 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. | ||
| CVE-2020-6436 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6435 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2020-6434 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6433 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2020-6432 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2020-6431 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2020-6430 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6423 | — | < 81.0.4044.92-bp151.3.66.1 | 81.0.4044.92-bp151.3.66.1 | Apr 13, 2020 | Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6425 | — | < 80.0.3987.149-bp151.3.63.3 | 80.0.3987.149-bp151.3.63.3 | Mar 23, 2020 | Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. | ||
| CVE-2020-6429 | — | < 80.0.3987.149-bp151.3.63.3 | 80.0.3987.149-bp151.3.63.3 | Mar 20, 2020 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6428 | — | < 80.0.3987.149-bp151.3.63.3 | 80.0.3987.149-bp151.3.63.3 | Mar 20, 2020 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6427 | — | < 80.0.3987.149-bp151.3.63.3 | 80.0.3987.149-bp151.3.63.3 | Mar 20, 2020 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6426 | — | < 80.0.3987.149-bp151.3.63.3 | 80.0.3987.149-bp151.3.63.3 | Mar 20, 2020 | Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6424 | — | < 80.0.3987.149-bp151.3.63.3 | 80.0.3987.149-bp151.3.63.3 | Mar 20, 2020 | Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6422 | — | < 80.0.3987.149-bp151.3.63.3 | 80.0.3987.149-bp151.3.63.3 | Mar 20, 2020 | Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6449 | — | < 80.0.3987.149-bp151.3.63.3 | 80.0.3987.149-bp151.3.63.3 | Mar 20, 2020 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-20503 | — | < 80.0.3987.149-bp151.3.63.3 | 80.0.3987.149-bp151.3.63.3 | Mar 6, 2020 | usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | ||
| CVE-2020-0561 | — | < 81.0.4044.129-bp151.3.75.1 | 81.0.4044.129-bp151.3.75.1 | Feb 13, 2020 | Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
- CVE-2020-6438Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
- CVE-2020-6437Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
- CVE-2020-6436Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6435Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
- CVE-2020-6434Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6433Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- CVE-2020-6432Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- CVE-2020-6431Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
- CVE-2020-6430Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6423Apr 13, 2020affected < 81.0.4044.92-bp151.3.66.1fixed 81.0.4044.92-bp151.3.66.1
Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6425Mar 23, 2020affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
- CVE-2020-6429Mar 20, 2020affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6428Mar 20, 2020affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6427Mar 20, 2020affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6426Mar 20, 2020affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6424Mar 20, 2020affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6422Mar 20, 2020affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6449Mar 20, 2020affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-20503Mar 6, 2020affected < 80.0.3987.149-bp151.3.63.3fixed 80.0.3987.149-bp151.3.63.3
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
- CVE-2020-0561Feb 13, 2020affected < 81.0.4044.129-bp151.3.75.1fixed 81.0.4044.129-bp151.3.75.1
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Page 13 of 22