Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

                     Stable Channel Update for Desktop
                             18 November 2020


        AusCERT Security Bulletin Summary

Product:           Google Chrome
Publisher:         Google
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service              -- Remote with User Interaction
                   Provide Misleading Information -- Remote with User Interaction
                   Access Confidential Data       -- Remote with User Interaction
                   Unauthorised Access            -- Remote with User Interaction
                   Reduced Security               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-16036 CVE-2020-16035 CVE-2020-16034
                   CVE-2020-16033 CVE-2020-16032 CVE-2020-16031
                   CVE-2020-16030 CVE-2020-16029 CVE-2020-16028
                   CVE-2020-16027 CVE-2020-16026 CVE-2020-16025
                   CVE-2020-16024 CVE-2020-16023 CVE-2020-16022
                   CVE-2020-16021 CVE-2020-16020 CVE-2020-16019
                   CVE-2020-16018 CVE-2020-16015 CVE-2020-16014
                   CVE-2020-16012 CVE-2019-8075 

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

Stable Channel Update for Desktop

Tuesday, November 17, 2020

The Chrome team is delighted to announce the promotion of Chrome 87 to the  
Stable channel for Windows, Mac and Linux. 

This will roll out over the coming days/weeks.

Chrome 87.0.4280.66 contains a number of fixes and  
improvements -- a list of changes is available in the log. Watch out for  
upcoming Chrome and Chromium blog posts about new features and big efforts  
delivered in 87.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of 
users are updated with a fix. We will also retain restrictions if the bug exists in 
a third party library that other  projects similarly depend on, but havent yet fixed.

This update includes 33 security fixes. Below, we highlight fixes that were  
contributed by external researchers. 
Please see the Chrome Security Page for more information.

[$TBD][1136078] High CVE-2020-16018: Use after free in payments. Reported  
by Man Yue Mo of GitHub Security Lab on 2020-10-07
[$TBD][1139408] High CVE-2020-16019: Inappropriate implementation in filesystem. Reported by  
Rory McNamara on 2020-10-16
[$TBD][1139411] High CVE-2020-16020: Inappropriate implementation in cryptohome. 
Reported by Rory McNamara on 2020-10-16
[$TBD][1139414] High CVE-2020-16021: Race in ImageBurner.  
Reported by Rory McNamara on 2020-10-16
[$TBD][1145680] High CVE-2020-16022:  
Insufficient policy enforcement in networking. Reported by @SamyKamkar on  
[$TBD][1146673] High CVE-2020-16015: Insufficient data validation  
in WASM. Reported by Rong Jian and Leecraso of 360 Alpha Lab on  
[$TBD][1146675] High CVE-2020-16014: Use after free in PPAPI.  
Reported by Rong Jian and Leecraso of 360 Alpha Lab on  
[$TBD][1146761] High CVE-2020-16023: Use after free in WebCodecs.  
Reported by Brendon Tiszka and David Manouchehri supporting the @eff on  
[$NA][1147430] High CVE-2020-16024: Heap buffer overflow in UI.  
Reported by Sergei Glazunov of Google Project Zero on  
[$NA][1147431] High CVE-2020-16025: Heap buffer overflow in  
clipboard. Reported by Sergei Glazunov of Google Project Zero on  
[$7500][1139153] Medium CVE-2020-16026: Use after free in WebRTC.  
Reported by Jong-Gwon Kim (kkwon) on 2020-10-16
[$5000][1116444] Medium  
CVE-2020-16027: Insufficient policy enforcement in developer tools.  
Reported by David Erceg on 2020-08-14
[$5000][1138446] Medium  
CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine on  
[$3000][1134338] Medium CVE-2020-16029: Inappropriate  
implementation in PDFium. Reported by Anonymous on  
[$3000][1141350] Medium CVE-2020-16030: Insufficient data  
validation in Blink. Reported by Michal Bentkowski of Securitum on  
[$1000][945997] Medium CVE-2019-8075: Insufficient data  
validation in Flash. Reported by Nethanel Gelernter, Cyberpion  
(https://www.cyberpion.com) on 2019-03-26
[$500][1133183] Medium  
CVE-2020-16031: Incorrect security UI in tab preview. Reported by  
wester0x01(https://twitter.com/wester0x01) on 2020-09-29
Medium CVE-2020-16032: Incorrect security UI in sharing. Reported by  
wester0x01(https://twitter.com/wester0x01) on 2020-10-09
Medium CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil  
Zhani on 2020-10-28
[$TBD][1137362] Medium CVE-2020-16034: Inappropriate  
implementation in WebRTC. Reported by vvmute (Benjamin Petermaier) on  
[$TBD][1139409] Medium CVE-2020-16035: Insufficient data  
validation in cros-disks. Reported by Rory McNamara on  
[$5000][1088224] Low CVE-2020-16012: Side-channel information  
leakage in graphics. Reported by Aleksejs Popovs on  
[$500][830808] Low CVE-2020-16036: Inappropriate implementation  
in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-09

We would also like to thank all security researchers that worked with us  
during the development cycle to prevent security bugs from ever reaching  
the stable channel.

As usual, our ongoing internal security work was responsible for a wide  
range of fixes:
[1149434] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer,  
MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity,  
libFuzzer, or AFL.

Lakshmana Pamarthy
Google Chrome

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967