8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%
Severity: High
Date : 2020-03-19
CVE-ID : CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425
CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429
CVE-2020-6449
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1118
The package chromium before version 80.0.3987.149-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution and information disclosure.
Upgrade to 80.0.3987.149-1.
The problems have been fixed upstream in version 80.0.3987.149.
None.
An out-of-bounds read has been found in Firefox before 74, Thunderbird
before 68.6 and chromium before 80.0.3987.149. The inputs to
sctp_load_addresses_from_init are verified by
sctp_arethere_unrecognized_parameters; however, the two functions
handled parameter bounds differently, resulting in out of bounds reads
when parameters are partially outside a chunk.
A use-after-free security issue has been found in the WebGL component
of the chromium browser before 80.0.3987.149.
A use-after-free security issue has been found in the media component
of the chromium browser before 80.0.3987.149.
An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 80.0.3987.149.
An inappropriate implementation security issue has been found in the V8
component of the chromium browser before 80.0.3987.149.
A use after free security issue has been found in the audio component
of the chromium browser before 80.0.3987.149.
A use-after-free security issue has been found in the audio component
of the chromium browser before 80.0.3987.149.
A use-after-free security issue has been found in the audio component
of the chromium browser before 80.0.3987.149.
A use-after-free security issue has been found in the audio component
of the chromium browser before 80.0.3987.149.
A remote attacker can access sensitive information, bypass security
measures and possibly execute arbitrary code on the affected host.
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
https://bugzilla.mozilla.org/show_bug.cgi?id=1613765
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
https://crbug.com/1059349
https://crbug.com/1051748
https://crbug.com/1031142
https://crbug.com/1031670
https://crbug.com/1052647
https://crbug.com/1055788
https://crbug.com/1057593
https://crbug.com/1057627
https://crbug.com/1059686
https://security.archlinux.org/CVE-2019-20503
https://security.archlinux.org/CVE-2020-6422
https://security.archlinux.org/CVE-2020-6424
https://security.archlinux.org/CVE-2020-6425
https://security.archlinux.org/CVE-2020-6426
https://security.archlinux.org/CVE-2020-6427
https://security.archlinux.org/CVE-2020-6428
https://security.archlinux.org/CVE-2020-6429
https://security.archlinux.org/CVE-2020-6449
bugzilla.mozilla.org/show_bug.cgi?id=1613765
chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
crbug.com/1031142
crbug.com/1031670
crbug.com/1051748
crbug.com/1052647
crbug.com/1055788
crbug.com/1057593
crbug.com/1057627
crbug.com/1059349
crbug.com/1059686
security.archlinux.org/AVG-1118
security.archlinux.org/CVE-2019-20503
security.archlinux.org/CVE-2020-6422
security.archlinux.org/CVE-2020-6424
security.archlinux.org/CVE-2020-6425
security.archlinux.org/CVE-2020-6426
security.archlinux.org/CVE-2020-6427
security.archlinux.org/CVE-2020-6428
security.archlinux.org/CVE-2020-6429
security.archlinux.org/CVE-2020-6449
www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%