Debian: Security Advisory for chromium (DSA-4714-1)

The remote host is missing an update for the 'chromium' package(s) announced via the DSA-4714-1 advisory.

Several vulnerabilities have been discovered in the chromium web browser. CVE-2020-6423 A use-after-free issue was found in the audio implementation. CVE-2020-6430 Avihay Cohen discovered a type confusion issue in the v8 javascript library. CVE-2020-6431 Luan Herrera discovered a policy enforcement error. CVE-2020-6432 Luan Herrera discovered a policy enforcement error. CVE-2020-6433 Luan Herrera discovered a policy enforcement error in extensions. CVE-2020-6434 HyungSeok Han discovered a use-after-free issue in the developer tools. CVE-2020-6435 Sergei Glazunov discovered a policy enforcement error in extensions. CVE-2020-6436 Igor Bukanov discovered a use-after-free issue. CVE-2020-6437 Jann Horn discovered an implementation error in WebView. CVE-2020-6438 Ng Yik Phang discovered a policy enforcement error in extensions. CVE-2020-6439 remkoboonstra discovered a policy enforcement error. CVE-2020-6440 David Erceg discovered an implementation error in extensions. CVE-2020-6441 David Erceg discovered a policy enforcement error. CVE-2020-6442 B@rMey discovered an implementation error in the page cache. CVE-2020-6443 @lovasoa discovered an implementation error in the developer tools. CVE-2020-6444 mlfbrown discovered an uninitialized variable in the WebRTC implementation. CVE-2020-6445 Jun Kokatsu discovered a policy enforcement error. CVE-2020-6446 Jun Kokatsu discovered a policy enforcement error. CVE-2020-6447 David Erceg discovered an implementation error in the developer tools. CVE-2020-6448 Guang Gong discovered a use-after-free issue in the v8 javascript library. CVE-2020-6454 Leecraso and Guang Gong discovered a use-after-free issue in extensions. CVE-2020-6455 Nan Wang and Guang Gong discovered an out-of-bounds read issue in the WebSQL implementation. CVE-2020-6456 Micha? Bentkowski discovered insufficient validation of untrusted input. CVE-2020-6457 Leecraso and Guang Gong discovered a use-after-free issue in the speech recognizer. CVE-2020-6458 Aleksandar Nikolic discoved an out-of-bounds read and write issue in the pdfium library. CVE-2020-6459 Zhe Jin discovered a use-after-free issue in the payments implementation. CVE-2020-6460 It was discovered that URL formatting was insufficiently validated. CVE-2020-6461 Zhe Jin discovered a use-after-free issue. CVE-2020-6462 Zhe Jin discovered a use-after-free issue in task scheduling. CVE-2020-6463 Pawel Wylecial discovered a use-after-free issue in the ANGLE library. CVE-2020-6464 Looben Yang discovered a type confusion issue in Blink/Webkit. CVE-2020-6465 Woojin Oh discovered a use-after-free iss ... Description truncated. Please see the references for more information.

'chromium' package(s) on Debian Linux.

Checks if a vulnerable package version is present on the target host.

For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 83.0.4103.116-1~deb10u1. We recommend that you upgrade your chromium packages.