-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4714-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
July 01, 2020                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432
                 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
                 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440
                 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444
                 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448
                 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457
                 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461
                 CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465
                 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469
                 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473
                 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478
                 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482
                 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486
                 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490
                 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495
                 CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505
                 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2020-6423

    A use-after-free issue was found in the audio implementation.

CVE-2020-6430

    Avihay Cohen discovered a type confusion issue in the v8 javascript
    library.

CVE-2020-6431

    Luan Herrera discovered a policy enforcement error.

CVE-2020-6432

    Luan Herrera discovered a policy enforcement error.

CVE-2020-6433

    Luan Herrera discovered a policy enforcement error in extensions.

CVE-2020-6434

    HyungSeok Han discovered a use-after-free issue in the developer tools.

CVE-2020-6435

    Sergei Glazunov discovered a policy enforcement error in extensions.

CVE-2020-6436

    Igor Bukanov discovered a use-after-free issue.

CVE-2020-6437

    Jann Horn discovered an implementation error in WebView.

CVE-2020-6438

    Ng Yik Phang discovered a policy enforcement error in extensions.

CVE-2020-6439

    remkoboonstra discovered a policy enforcement error.

CVE-2020-6440

    David Erceg discovered an implementation error in extensions.

CVE-2020-6441

    David Erceg discovered a policy enforcement error.

CVE-2020-6442

    B@rMey discovered an implementation error in the page cache.

CVE-2020-6443

    @lovasoa discovered an implementation error in the developer tools.

CVE-2020-6444

    mlfbrown discovered an uninitialized variable in the WebRTC
    implementation.

CVE-2020-6445

    Jun Kokatsu discovered a policy enforcement error.

CVE-2020-6446

    Jun Kokatsu discovered a policy enforcement error.

CVE-2020-6447

    David Erceg discovered an implementation error in the developer tools.

CVE-2020-6448

    Guang Gong discovered a use-after-free issue in the v8 javascript library.

CVE-2020-6454

    Leecraso and Guang Gong discovered a use-after-free issue in extensions.

CVE-2020-6455

    Nan Wang and Guang Gong discovered an out-of-bounds read issue in the
    WebSQL implementation.

CVE-2020-6456

    Michał Bentkowski discovered insufficient validation of untrusted input.

CVE-2020-6457

    Leecraso and Guang Gong discovered a use-after-free issue in the speech
    recognizer.

CVE-2020-6458

    Aleksandar Nikolic discoved an out-of-bounds read and write issue in the
    pdfium library.

CVE-2020-6459

    Zhe Jin discovered a use-after-free issue in the payments implementation.

CVE-2020-6460

    It was discovered that URL formatting was insufficiently validated.

CVE-2020-6461

    Zhe Jin discovered a use-after-free issue.

CVE-2020-6462

    Zhe Jin discovered a use-after-free issue in task scheduling.

CVE-2020-6463

    Pawel Wylecial discovered a use-after-free issue in the ANGLE library.

CVE-2020-6464

    Looben Yang discovered a type confusion issue in Blink/Webkit.

CVE-2020-6465

    Woojin Oh discovered a use-after-free issue.

CVE-2020-6466

    Zhe Jin discovered a use-after-free issue.

CVE-2020-6467

    ZhanJia Song discovered a use-after-free issue in the WebRTC
    implementation.

CVE-2020-6468

    Chris Salls and Jake Corina discovered a type confusion issue in the v8
    javascript library.

CVE-2020-6469

    David Erceg discovered a policy enforcement error in the developer tools.

CVE-2020-6470

    Michał Bentkowski discovered insufficient validation of untrusted input.

CVE-2020-6471

    David Erceg discovered a policy enforcement error in the developer tools.

CVE-2020-6472

    David Erceg discovered a policy enforcement error in the developer tools.

CVE-2020-6473

    Soroush Karami and Panagiotis Ilia discovered a policy enforcement error
    in Blink/Webkit.

CVE-2020-6474

    Zhe Jin discovered a use-after-free issue in Blink/Webkit.

CVE-2020-6475

    Khalil Zhani discovered a user interface error.

CVE-2020-6476

    Alexandre Le Borgne discovered a policy enforcement error.

CVE-2020-6478

    Khalil Zhani discovered an implementation error in full screen mode.

CVE-2020-6479

    Zhong Zhaochen discovered an implementation error.

CVE-2020-6480

    Marvin Witt discovered a policy enforcement error.

CVE-2020-6481

    Rayyan Bijoora discovered a policy enforcement error.

CVE-2020-6482

    Abdulrahman Alqabandi discovered a policy enforcement error in the
    developer tools.

CVE-2020-6483

    Jun Kokatsu discovered a policy enforcement error in payments.

CVE-2020-6484

    Artem Zinenko discovered insufficient validation of user data in the
    ChromeDriver implementation.

CVE-2020-6485

    Sergei Glazunov discovered a policy enforcement error.

CVE-2020-6486

    David Erceg discovered a policy enforcement error.

CVE-2020-6487

    Jun Kokatsu discovered a policy enforcement error.

CVE-2020-6488

    David Erceg discovered a policy enforcement error.

CVE-2020-6489

    @lovasoa discovered an implementation error in the developer tools.

CVE-2020-6490

    Insufficient validation of untrusted data was discovered.

CVE-2020-6491

    Sultan Haikal discovered a user interface error.

CVE-2020-6493

    A use-after-free issue was discovered in the WebAuthentication
    implementation.

CVE-2020-6494

    Juho Nurimen discovered a user interface error.

CVE-2020-6495

    David Erceg discovered a policy enforcement error in the developer tools.

CVE-2020-6496

    Khalil Zhani discovered a use-after-free issue in payments.

CVE-2020-6497

    Rayyan Bijoora discovered a policy enforcement issue.

CVE-2020-6498

    Rayyan Bijoora discovered a user interface error.

CVE-2020-6505

    Khalil Zhani discovered a use-after-free issue.

CVE-2020-6506

    Alesandro Ortiz discovered a policy enforcement error.

CVE-2020-6507

    Sergei Glazunov discovered an out-of-bounds write issue in the v8
    javascript library.

CVE-2020-6509

    A use-after-free issue was discovered in extensions.

CVE-2020-6831

    Natalie Silvanovich discovered a buffer overflow issue in the SCTP
    library.

For the oldstable distribution (stretch), security support for chromium
has been discontinued.

For the stable distribution (buster), these problems have been fixed in
version 83.0.4103.116-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl79PrwACgkQmD40ZYkU
ayj+4yAAlij5zApfa++eXf4kRR0DaDUSLH20zppWCPo4Qj3MPsQFJ3F7onHl/aYS
QATCCzF+ZcA7c6Dw2k4fLv/+UNhI6FS1uioddeF8NWDantMu1xVxBsesGJTUiJk8
OatCzBXdhSF4Zr8VCNW6YsIoj2DKEY6e1bzjMxhzEWYzRDcX9pHbUZHX92b34A2M
VlnLdlPhfheiHxwlo6oaIGyDIZfjmCqTmlgv8RsxgGXn6OhfqL0MIMeirZLW6qJO
Pr/b2R35gN2jZkKvpJ/7m4rplwdN814Eo0dzkHXyry9VlhtRCxswYGfOkwDcZ6C4
/cESMESZime1B1Vq+Y1Ip9OhPj6hFY8zdwm56WNJPIHx97SH4dMfzNWpqGv+1dKN
6gQFUPeM0eTJr5wLb4lZJDx7DA3ioXbotmN/bb9PnIRI6pSVVZ2jXp6QRLpO0UmL
Akc/JkyMy3woVRkdy1tRN64YnvLeJZGUpL4aPykvkS6tgv5Kh9HD04B7BOHQl0HO
z3CAPdwA0rE2wXF0oHgDMgdf6GucfV5xIUHUDdpqpFmQWRHGjaKvD25CVn35FXmf
/YSs8VAK+EGqvXbhWhs6rxLaZ2DxmhCMyQ6RxnQ8BtAtvdGQ/r9h+yUzUJK3+NOo
8M67ADHz/bN2Iw4yQ57Bscq0bG6JlQ/2xEhu17cer2nw2X3cklckI6GaoRCIl/+M
6JHsTqQ1vNKlcLB8rwpJY2APfJHWR2el07VrCsk6h/Ojn0E9aSAhQiyaEoy3Eh1E
GafVuMPEgy2AzAOIhG6F1Kglt+S9SlaGFo0VDU00E4Fs0o/h1Wlu3/Goorpfz1qj
ZKvodZ1lDWbb2fhVMGOX3kTSHIWwnDoYv7zZXLvPSmMr7+TpVLLu4RrYPzBhaFYo
S3MMtYt7ZkVUufidT7dYb+E5QMjx2h7V2lQ6AaLAbLR9sjfpjqYQ+LNbhoMYo4US
MVT5c9Gw9v3jLPwD2N9K7stngpAISMyAEdXNwUMcGCaqhAiU3mo4s7/kFkKugyMA
NHt8oAsR6FZr9TNNrV4GX5HSsMpaYQIEMtyfi27UHlnEFEMteTjLi2aaK9Qg5LSX
qSqArjx4uzPL/YQx1bbm58NkQsJ6eNSYw3U1OFnEr5xhygFeb8qZ4HYuGc/Yzq29
j63tAshrWOu10I6DpZ8CjfI8VAv6xRkocW1oX9upEAP4E65iBzQiPbTQUZOexckt
iXd0dR4zHwfnzYpaVO+0hqf2z8NbkHZ3J9/3xrwmFqz0fKeLvBlMCnFIJo3elayN
uVnWN49zfreVQEE+NWjbEq2ScPygfYDrxc+nR6tZevlgLFvFTM3K2IwUMb8gnAS9
wcrW+6H7AjxgM4bKEC0Uy/7gThkVDw==
=15jh
-----END PGP SIGNATURE-----