8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.194 Low
EPSS
Percentile
96.2%
Severity: Critical
Date : 2020-02-06
CVE-ID : CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 CVE-2019-19925
CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6385
CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390
CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394
CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398
CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402
CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406
CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411
CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415
CVE-2020-6416
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1092
The package chromium before version 80.0.3987.87-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, information disclosure, insufficient validation and content
spoofing.
Upgrade to 80.0.3987.87-1.
The problems have been fixed upstream in version 80.0.3987.87.
None.
Multiple vulnerabilities have been found in the xml component of the
chromium browser before 80.0.3987.8.
Multiple vulnerabilities have been found in the SQLite component of the
chromium browser before 80.0.3987.8.
An out of bounds memory access has been found in the SQLite component
of the chromium browser before 80.0.3987.8.
Multiple vulnerabilities have been found in the SQLite component of the
chromium browser before 80.0.3987.8.
An inappropriate implementation security issue has been found in the
SQLite component of the chromium browser before 80.0.3987.8.
An integer overflow security issue has been found in the javascript
component of the chromium browser before 80.0.3987.8.
A type confusion security issue has been found in the javascript
component of the chromium browser before 80.0.3987.8.
An insufficient policy enforcement security issue has been found in the
storage component of the chromium browser before 80.0.3987.8.
An out of bounds write has been found in the WebRTC component of the
chromium browser before 80.0.3987.8.
An out of bounds memory access has been found in the WebAudio component
of the chromium browser before 80.0.3987.8.
An out of bounds write has been found in the WebRTC component of the
chromium browser before 80.0.3987.8.
An out of bounds memory access has been found in the streams component
of the chromium browser before 80.0.3987.8.
An insufficient validation of untrusted input security issue has been
found in the Blink component of the chromium browser before
80.0.3987.8.
An insufficient policy enforcement security issue has been found in the
Extensions component of the chromium browser before 80.0.3987.8.
An insufficient policy enforcement security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.
An insufficient policy enforcement security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.
An out of bounds read has been found in the javascript component of the
chromium browser before 80.0.3987.8.
An inappropriate implementation security issue has been found in the
Skia component of the chromium browser before 80.0.3987.8.
An incorrect security UI issue has been found in the sharing component
of the chromium browser before 80.0.3987.8.
An uninitialized use has been found in the PDFium component of the
chromium browser before 80.0.3987.8.
An insufficient policy enforcement issue has been found in the AppCache
component of the chromium browser before 80.0.3987.8.
An inappropriate implementation issue has been found in the CORS
component of the chromium browser before 80.0.3987.8.
An insufficient validation of untrusted input security issue has been
found in the OmniBox component of the chromium browser before
80.0.3987.8.
An insufficient policy enforcement security issue has been found in the
Downloads component of the chromium browser before 80.0.3987.8.
A incorrect security UI issue has been found in the OmniBox component
of the chromium browser before 80.0.3987.8.
An inappropriate implementation security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.
An out of bounds read has been found in the SQLite component of the
chromium browser before 80.0.3987.8.
A use-after-free security issue has been found in the Audio component
of the chromium browser before 80.0.3987.8.
An insufficient policy enforcement security issue has been found in the
CORS component of the chromium browser before 80.0.3987.8.
An inappropriate implementation security issue has been found in the
OmniBox component of the chromium browser before 80.0.3987.8.
An insufficient policy enforcement security issue has been found in the
navigation component of the chromium browser before 80.0.3987.8.
An insufficient validation of untrusted input security issue has been
found in the OmniBox component of the chromium browser before
80.0.3987.8.
An insufficient validation of untrusted input security issue has been
found in the OmniBox component of the chromium browser before
80.0.3987.8.
An inappropriate implementation security issue has been found in the
Blink component of the chromium browser before 80.0.3987.8.
An insufficient policy enforcement security issue has been found in the
Safe Browsing component of the chromium browser before 80.0.3987.8.
An inappropriate implementation security issue has been found in the
javascript component of the chromium browser before 80.0.3987.8.
An insufficient data validation security issue has been found in the
streams component of the chromium browser before 80.0.3987.8.
A remote attacker can bypass security measures, access sensitive
information, spoof the content of parts of the UI or execute arbitrary
code on the affected host.
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
https://crbug.com/1020745
https://crbug.com/1038863
https://crbug.com/1042578
https://crbug.com/1042700
https://crbug.com/1034394
https://crbug.com/1031909
https://crbug.com/1035399
https://crbug.com/1042535
https://crbug.com/1042879
https://crbug.com/1042933
https://crbug.com/1045874
https://crbug.com/1017871
https://crbug.com/1030411
https://crbug.com/1035058
https://crbug.com/1014371
https://crbug.com/1022855
https://crbug.com/1035271
https://crbug.com/1027408
https://crbug.com/1032090
https://crbug.com/1039869
https://crbug.com/1038036
https://crbug.com/1017707
https://crbug.com/1029375
https://crbug.com/1006012
https://crbug.com/1024256
https://crbug.com/1042145
https://crbug.com/1042254
https://crbug.com/1026546
https://crbug.com/1037889
https://crbug.com/881675
https://crbug.com/929711
https://crbug.com/968505
https://crbug.com/1005713
https://crbug.com/1021855
https://crbug.com/1029576
https://crbug.com/1031895
https://security.archlinux.org/CVE-2019-18197
https://security.archlinux.org/CVE-2019-19880
https://security.archlinux.org/CVE-2019-19923
https://security.archlinux.org/CVE-2019-19925
https://security.archlinux.org/CVE-2019-19926
https://security.archlinux.org/CVE-2020-6381
https://security.archlinux.org/CVE-2020-6382
https://security.archlinux.org/CVE-2020-6385
https://security.archlinux.org/CVE-2020-6387
https://security.archlinux.org/CVE-2020-6388
https://security.archlinux.org/CVE-2020-6389
https://security.archlinux.org/CVE-2020-6390
https://security.archlinux.org/CVE-2020-6391
https://security.archlinux.org/CVE-2020-6392
https://security.archlinux.org/CVE-2020-6393
https://security.archlinux.org/CVE-2020-6394
https://security.archlinux.org/CVE-2020-6395
https://security.archlinux.org/CVE-2020-6396
https://security.archlinux.org/CVE-2020-6397
https://security.archlinux.org/CVE-2020-6398
https://security.archlinux.org/CVE-2020-6399
https://security.archlinux.org/CVE-2020-6400
https://security.archlinux.org/CVE-2020-6401
https://security.archlinux.org/CVE-2020-6402
https://security.archlinux.org/CVE-2020-6403
https://security.archlinux.org/CVE-2020-6404
https://security.archlinux.org/CVE-2020-6405
https://security.archlinux.org/CVE-2020-6406
https://security.archlinux.org/CVE-2020-6408
https://security.archlinux.org/CVE-2020-6409
https://security.archlinux.org/CVE-2020-6410
https://security.archlinux.org/CVE-2020-6411
https://security.archlinux.org/CVE-2020-6412
https://security.archlinux.org/CVE-2020-6413
https://security.archlinux.org/CVE-2020-6414
https://security.archlinux.org/CVE-2020-6415
https://security.archlinux.org/CVE-2020-6416
chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
crbug.com/1005713
crbug.com/1006012
crbug.com/1014371
crbug.com/1017707
crbug.com/1017871
crbug.com/1020745
crbug.com/1021855
crbug.com/1022855
crbug.com/1024256
crbug.com/1026546
crbug.com/1027408
crbug.com/1029375
crbug.com/1029576
crbug.com/1030411
crbug.com/1031895
crbug.com/1031909
crbug.com/1032090
crbug.com/1034394
crbug.com/1035058
crbug.com/1035271
crbug.com/1035399
crbug.com/1037889
crbug.com/1038036
crbug.com/1038863
crbug.com/1039869
crbug.com/1042145
crbug.com/1042254
crbug.com/1042535
crbug.com/1042578
crbug.com/1042700
crbug.com/1042879
crbug.com/1042933
crbug.com/1045874
crbug.com/881675
crbug.com/929711
crbug.com/968505
security.archlinux.org/AVG-1092
security.archlinux.org/CVE-2019-18197
security.archlinux.org/CVE-2019-19880
security.archlinux.org/CVE-2019-19923
security.archlinux.org/CVE-2019-19925
security.archlinux.org/CVE-2019-19926
security.archlinux.org/CVE-2020-6381
security.archlinux.org/CVE-2020-6382
security.archlinux.org/CVE-2020-6385
security.archlinux.org/CVE-2020-6387
security.archlinux.org/CVE-2020-6388
security.archlinux.org/CVE-2020-6389
security.archlinux.org/CVE-2020-6390
security.archlinux.org/CVE-2020-6391
security.archlinux.org/CVE-2020-6392
security.archlinux.org/CVE-2020-6393
security.archlinux.org/CVE-2020-6394
security.archlinux.org/CVE-2020-6395
security.archlinux.org/CVE-2020-6396
security.archlinux.org/CVE-2020-6397
security.archlinux.org/CVE-2020-6398
security.archlinux.org/CVE-2020-6399
security.archlinux.org/CVE-2020-6400
security.archlinux.org/CVE-2020-6401
security.archlinux.org/CVE-2020-6402
security.archlinux.org/CVE-2020-6403
security.archlinux.org/CVE-2020-6404
security.archlinux.org/CVE-2020-6405
security.archlinux.org/CVE-2020-6406
security.archlinux.org/CVE-2020-6408
security.archlinux.org/CVE-2020-6409
security.archlinux.org/CVE-2020-6410
security.archlinux.org/CVE-2020-6411
security.archlinux.org/CVE-2020-6412
security.archlinux.org/CVE-2020-6413
security.archlinux.org/CVE-2020-6414
security.archlinux.org/CVE-2020-6415
security.archlinux.org/CVE-2020-6416
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.194 Low
EPSS
Percentile
96.2%