Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202002-3
HistoryFeb 06, 2020 - 12:00 a.m.

[ASA-202002-3] chromium: multiple issues

2020-02-0600:00:00
security.archlinux.org
11

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.194 Low

EPSS

Percentile

96.2%

JSON

Arch Linux Security Advisory ASA-202002-3

Severity: Critical
Date : 2020-02-06
CVE-ID : CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 CVE-2019-19925
CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6385
CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390
CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394
CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398
CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402
CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406
CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411
CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415
CVE-2020-6416
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1092

Summary

The package chromium before version 80.0.3987.87-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, information disclosure, insufficient validation and content
spoofing.

Resolution

Upgrade to 80.0.3987.87-1.

pacman -Syu “chromium>=80.0.3987.87-1”

The problems have been fixed upstream in version 80.0.3987.87.

Workaround

None.

Description

  • CVE-2019-18197 (insufficient validation)

Multiple vulnerabilities have been found in the xml component of the
chromium browser before 80.0.3987.8.

  • CVE-2019-19880 (insufficient validation)

Multiple vulnerabilities have been found in the SQLite component of the
chromium browser before 80.0.3987.8.

  • CVE-2019-19923 (information disclosure)

An out of bounds memory access has been found in the SQLite component
of the chromium browser before 80.0.3987.8.

  • CVE-2019-19925 (insufficient validation)

Multiple vulnerabilities have been found in the SQLite component of the
chromium browser before 80.0.3987.8.

  • CVE-2019-19926 (insufficient validation)

An inappropriate implementation security issue has been found in the
SQLite component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6381 (arbitrary code execution)

An integer overflow security issue has been found in the javascript
component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6382 (arbitrary code execution)

A type confusion security issue has been found in the javascript
component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6385 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
storage component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6387 (arbitrary code execution)

An out of bounds write has been found in the WebRTC component of the
chromium browser before 80.0.3987.8.

  • CVE-2020-6388 (information disclosure)

An out of bounds memory access has been found in the WebAudio component
of the chromium browser before 80.0.3987.8.

  • CVE-2020-6389 (arbitrary code execution)

An out of bounds write has been found in the WebRTC component of the
chromium browser before 80.0.3987.8.

  • CVE-2020-6390 (information disclosure)

An out of bounds memory access has been found in the streams component
of the chromium browser before 80.0.3987.8.

  • CVE-2020-6391 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the Blink component of the chromium browser before
80.0.3987.8.

  • CVE-2020-6392 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Extensions component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6393 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6394 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6395 (information disclosure)

An out of bounds read has been found in the javascript component of the
chromium browser before 80.0.3987.8.

  • CVE-2020-6396 (access restriction bypass)

An inappropriate implementation security issue has been found in the
Skia component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6397 (content spoofing)

An incorrect security UI issue has been found in the sharing component
of the chromium browser before 80.0.3987.8.

  • CVE-2020-6398 (information disclosure)

An uninitialized use has been found in the PDFium component of the
chromium browser before 80.0.3987.8.

  • CVE-2020-6399 (access restriction bypass)

An insufficient policy enforcement issue has been found in the AppCache
component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6400 (access restriction bypass)

An inappropriate implementation issue has been found in the CORS
component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6401 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the OmniBox component of the chromium browser before
80.0.3987.8.

  • CVE-2020-6402 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Downloads component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6403 (content spoofing)

A incorrect security UI issue has been found in the OmniBox component
of the chromium browser before 80.0.3987.8.

  • CVE-2020-6404 (access restriction bypass)

An inappropriate implementation security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6405 (information disclosure)

An out of bounds read has been found in the SQLite component of the
chromium browser before 80.0.3987.8.

  • CVE-2020-6406 (arbitrary code execution)

A use-after-free security issue has been found in the Audio component
of the chromium browser before 80.0.3987.8.

  • CVE-2020-6408 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
CORS component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6409 (access restriction bypass)

An inappropriate implementation security issue has been found in the
OmniBox component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6410 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
navigation component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6411 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the OmniBox component of the chromium browser before
80.0.3987.8.

  • CVE-2020-6412 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the OmniBox component of the chromium browser before
80.0.3987.8.

  • CVE-2020-6413 (access restriction bypass)

An inappropriate implementation security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6414 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
Safe Browsing component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6415 (access restriction bypass)

An inappropriate implementation security issue has been found in the
javascript component of the chromium browser before 80.0.3987.8.

  • CVE-2020-6416 (insufficient validation)

An insufficient data validation security issue has been found in the
streams component of the chromium browser before 80.0.3987.8.

Impact

A remote attacker can bypass security measures, access sensitive
information, spoof the content of parts of the UI or execute arbitrary
code on the affected host.

References

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
https://crbug.com/1020745
https://crbug.com/1038863
https://crbug.com/1042578
https://crbug.com/1042700
https://crbug.com/1034394
https://crbug.com/1031909
https://crbug.com/1035399
https://crbug.com/1042535
https://crbug.com/1042879
https://crbug.com/1042933
https://crbug.com/1045874
https://crbug.com/1017871
https://crbug.com/1030411
https://crbug.com/1035058
https://crbug.com/1014371
https://crbug.com/1022855
https://crbug.com/1035271
https://crbug.com/1027408
https://crbug.com/1032090
https://crbug.com/1039869
https://crbug.com/1038036
https://crbug.com/1017707
https://crbug.com/1029375
https://crbug.com/1006012
https://crbug.com/1024256
https://crbug.com/1042145
https://crbug.com/1042254
https://crbug.com/1026546
https://crbug.com/1037889
https://crbug.com/881675
https://crbug.com/929711
https://crbug.com/968505
https://crbug.com/1005713
https://crbug.com/1021855
https://crbug.com/1029576
https://crbug.com/1031895
https://security.archlinux.org/CVE-2019-18197
https://security.archlinux.org/CVE-2019-19880
https://security.archlinux.org/CVE-2019-19923
https://security.archlinux.org/CVE-2019-19925
https://security.archlinux.org/CVE-2019-19926
https://security.archlinux.org/CVE-2020-6381
https://security.archlinux.org/CVE-2020-6382
https://security.archlinux.org/CVE-2020-6385
https://security.archlinux.org/CVE-2020-6387
https://security.archlinux.org/CVE-2020-6388
https://security.archlinux.org/CVE-2020-6389
https://security.archlinux.org/CVE-2020-6390
https://security.archlinux.org/CVE-2020-6391
https://security.archlinux.org/CVE-2020-6392
https://security.archlinux.org/CVE-2020-6393
https://security.archlinux.org/CVE-2020-6394
https://security.archlinux.org/CVE-2020-6395
https://security.archlinux.org/CVE-2020-6396
https://security.archlinux.org/CVE-2020-6397
https://security.archlinux.org/CVE-2020-6398
https://security.archlinux.org/CVE-2020-6399
https://security.archlinux.org/CVE-2020-6400
https://security.archlinux.org/CVE-2020-6401
https://security.archlinux.org/CVE-2020-6402
https://security.archlinux.org/CVE-2020-6403
https://security.archlinux.org/CVE-2020-6404
https://security.archlinux.org/CVE-2020-6405
https://security.archlinux.org/CVE-2020-6406
https://security.archlinux.org/CVE-2020-6408
https://security.archlinux.org/CVE-2020-6409
https://security.archlinux.org/CVE-2020-6410
https://security.archlinux.org/CVE-2020-6411
https://security.archlinux.org/CVE-2020-6412
https://security.archlinux.org/CVE-2020-6413
https://security.archlinux.org/CVE-2020-6414
https://security.archlinux.org/CVE-2020-6415
https://security.archlinux.org/CVE-2020-6416

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanychromium< 80.0.3987.87-1UNKNOWN

References

Related

nessus 23
openvas 19
suse 3
kaspersky 2
redhat 1
chrome 1
debian 2
mageia 1
osv 5
fedora 2
gentoo 1
alpinelinux 5
ubuntucve 22
cve 24
prion 21
debiancve 22
redhatcve 23
ibm 3
photon 4
googleprojectzero 1
ubuntu 1
cloudfoundry 1
zdt 1
exploitdb 1
exploitpack 1
packetstorm 1
veracode 1
sqlite 3
symantec 2
checkpoint_advisories 2
nessus
nessus
Microsoft Edge (Chromium) < 80.0.361.48 Multiple Vulnerabilities
2020-07-07 00:00:00
Google Chrome < 80.0.3987.87 Multiple Vulnerabilities
2020-02-04 00:00:00
openSUSE Security Update : chromium (openSUSE-2020-189)
2020-02-10 00:00:00
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop-2020-02) - Windows
2020-02-05 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop-2020-02) - Mac OS X
2020-02-05 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2020:0189-1)
2020-02-10 00:00:00
suse
suse
Security update for chromium (important)
2020-02-12 00:00:00
Security update for chromium (important)
2020-02-09 00:00:00
Security update for chromium, re2 (important)
2020-02-19 00:00:00
kaspersky
kaspersky
KLA11660 Multiple vulnerabilities in Google Chrome
2020-02-04 00:00:00
KLA11721 Multiple vulnerabilities in Opera
2020-02-14 00:00:00
redhat
redhat
(RHSA-2020:0514) Important: chromium-browser security update
2020-02-17 08:02:41
chrome
chrome
Stable Channel Update for Desktop
2020-02-04 00:00:00
debian
debian
[SECURITY] [DSA 4638-1] chromium security update
2020-03-11 00:54:05
[SECURITY] [DLA 1973-1] libxslt security update
2019-10-27 21:17:53
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2020-03-06 19:13:58
osv
osv
chromium - security update
2020-03-10 00:00:00
CVE-2019-19926
2019-12-23 01:15:13
CVE-2019-19925
2019-12-24 17:15:10
fedora
fedora
[SECURITY] Fedora 31 Update: chromium-80.0.3987.132-1.fc31
2020-03-20 01:51:25
[SECURITY] Fedora 30 Update: chromium-80.0.3987.149-1.fc30
2020-03-27 10:46:23
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2020-03-13 00:00:00
alpinelinux
alpinelinux
CVE-2019-19926
2019-12-23 01:15:00
CVE-2019-18197
2019-10-18 21:15:00
CVE-2019-19925
2019-12-24 17:15:00
ubuntucve
ubuntucve
CVE-2019-19926
2019-12-23 00:00:00
CVE-2019-19880
2019-12-18 00:00:00
CVE-2020-6390
2020-02-11 00:00:00
cve
cve
CVE-2019-19926
2019-12-23 01:15:00
CVE-2020-6390
2020-02-11 15:15:00
CVE-2020-6398
2020-02-11 15:15:00
prion
prion
Code injection
2019-12-23 01:15:00
Hardcoded credentials
2020-02-11 15:15:00
Code injection
2019-12-24 17:15:00
debiancve
debiancve
CVE-2019-19926
2019-12-23 01:15:00
CVE-2020-6390
2020-02-11 15:15:00
CVE-2020-6398
2020-02-11 15:15:00
redhatcve
redhatcve
CVE-2019-19926
2020-01-09 13:09:02
CVE-2020-6404
2020-02-10 12:15:20
CVE-2019-19880
2019-12-30 14:08:55
ibm
ibm
Security Bulletin: A security vulnerability has been identified in the sqlite package shipped with IBM Watson Machine Learning Community Edition (WMLCE)
2020-05-20 00:26:41
Security Bulletin: A vulnerability in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent (CVE-2019-19925, CVE-2019-19645, CVE-2019-19924, CVE-2019-19923, CVE-2019-19880, CVE-2019-19646, CVE-2019-19926)
2020-04-07 13:33:23
Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability
2020-10-09 16:44:28
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0270
2020-02-05 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0204
2020-02-05 00:00:00
Important Photon OS Security Update - PHSA-2020-0270
2020-01-30 00:00:00
googleprojectzero
googleprojectzero
Exploiting Android Messengers with WebRTC: Part 1
2020-08-03 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2020-03-10 00:00:00
cloudfoundry
cloudfoundry
USN-4298-1: SQLite vulnerabilities | Cloud Foundry
2020-03-31 00:00:00
zdt
zdt
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service Exploit
2020-03-23 00:00:00
exploitdb
exploitdb
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
2020-03-23 00:00:00
exploitpack
exploitpack
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
2020-03-23 00:00:00
packetstorm
packetstorm
Google Chrome 80.0.3987.87 Denial Of Service
2020-03-23 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-10-23 05:35:33
sqlite
sqlite
SQLite report about CVE-2019-19925
2019-01-01 00:00:00
SQLite report about CVE-2019-19923
2019-01-01 00:00:00
SQLite report about CVE-2019-19926
2019-01-01 00:00:00
symantec
symantec
SQLite CVE-2019-19880 Denial of Service Vulnerability
2019-12-18 00:00:00
SQLite CVE-2019-19926 Incomplete Fix Denial of Service Vulnerability
2019-12-22 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Chrome Out of Bounds Read (CVE-2020-6390)
2021-03-30 00:00:00
Google Chrome Policy Bypass (CVE-2020-6385)
2020-10-19 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.194 Low

EPSS

Percentile

96.2%

JSON
Related for ASA-202002-3
nessus23openvas19suse3kaspersky2redhat1chrome1debian2mageia1osv5fedora2gentoo1alpinelinux5ubuntucve22cve24prion21debiancve22redhatcve23ibm3photon4googleprojectzero1ubuntu1cloudfoundry1zdt1exploitdb1exploitpack1packetstorm1veracode1sqlite3symantec2checkpoint_advisories2