*** This bug is a security vulnerability *** Public security bug reported:
chromium (79.0.3945.130-1) corrects: * New upstream security release. - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang Gong - CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov - CVE-2019-13767: Use after free in media picker. Reported by Sergei Glazunov * Fix memory instrumentation singleton initialization errors caused by tracing patch included in the previous upload (closes: #945920 https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1718620.html). https://security-tracker.debian.org/tracker/source-package/chromium https://metadata.ftp-master.debian.org/changelogs//main/c/chromium/chromium_79.0.3945.130-2_changelog ** Affects: chromium-browser (Ubuntu) Importance: Undecided Assignee: Leandro Cunha (leandrocunha526) Status: Confirmed ** Affects: chromium-browser (Debian) Importance: Unknown Status: Unknown ** Changed in: chromium-browser (Ubuntu) Assignee: (unassigned) => Leandro Cunha (leandrocunha526) ** Changed in: chromium-browser (Ubuntu) Status: New => Confirmed ** Information type changed from Private Security to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-6377 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-6378 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-6379 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-6380 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13767 ** Description changed: chromium (79.0.3945.130-1) corrects: * New upstream security release. - - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin - - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti - Levomäki and Christian Jalio - - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang - Gong - - CVE-2020-6380: Extension message verification error. Reported by Sergei - Glazunov - - CVE-2019-13767: Use after free in media picker. Reported by Sergei - Glazunov + - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin + - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti + Levomäki and Christian Jalio + - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang + Gong + - CVE-2020-6380: Extension message verification error. Reported by Sergei + Glazunov + - CVE-2019-13767: Use after free in media picker. Reported by Sergei + Glazunov * Fix memory instrumentation singleton initialization errors caused by tracing patch included in the previous upload (closes: #945920 https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1718620.html). https://security-tracker.debian.org/tracker/source-package/chromium + https://metadata.ftp-master.debian.org/changelogs//main/c/chromium/chromium_79.0.3945.130-2_changelog ** Bug watch added: Debian Bug tracker #946648 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946648 ** Also affects: chromium-browser (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946648 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860872 Title: Security problems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1860872/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
