8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.466 Medium
EPSS
Percentile
97.4%
Severity: High
Date : 2020-04-08
CVE-ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432
CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440
CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444
CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448
CVE-2020-6454 CVE-2020-6455 CVE-2020-6456
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1128
The package chromium before version 81.0.4044.92-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure, access restriction bypass and insufficient validation.
Upgrade to 81.0.4044.92-1.
The problems have been fixed upstream in version 81.0.4044.92.
None.
A use after free security issue has been found in the audio component
of the chromium browser before 81.0.4044.92.
A type confusion security issue has been found in the V8 component of
the chromium browser before 81.0.4044.92.
An insufficient policy enforcement security issue has been found in the
full screen component of the chromium browser before 81.0.4044.92.
An insufficient policy enforcement security issue has been found in the
navigations component of the chromium browser before 81.0.4044.92.
An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.
A use-after-free security issue has been found in the devtools
component of the chromium browser before 81.0.4044.92.
An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.
A use-after-free security issue has been found in the window management
component of the chromium browser before 81.0.4044.92.
An inappropriate implementation security issue has been found in the
WebView component of the chromium browser before 81.0.4044.92.
An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.
An insufficient policy enforcement security issue has been found in the
navigations component of the chromium browser before 81.0.4044.92.
An inappropriate implementation security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.
An insufficient policy enforcement security issue has been found in the
omnibox component of the chromium browser before 81.0.4044.92.
An inappropriate implementation security issue has been found in the
cache component of the chromium browser before 81.0.4044.92.
An insufficient data validation security issue has been found in the
developer tools component of the chromium browser before 81.0.4044.92.
An uninitialized memory use issue has been found in the WebRTC
component of the chromium browser before 81.0.4044.92.
An insufficient policy enforcement security issue has been found in the
trusted types component of the chromium browser before 81.0.4044.92.
An insufficient policy enforcement security issue has been found in the
trusted types component of the chromium browser before 81.0.4044.92.
An inappropriate implementation security issue has been found in the
developer tools component of the chromium browser before 81.0.4044.92.
A use-after-free security issue has been found in the V8 component of
the chromium browser before 81.0.4044.92.
A use after free security issue has been found in the extensions
component of the chromium browser before 81.0.4044.92.
A out of bounds read security issue has been found in the WebSQL
component of the chromium browser before 81.0.4044.92.
An insufficient validation of untrusted input security issue has been
found in the clipboard component of the chromium browser before
81.0.4044.92.
A remote attacker might be able to access sensitive information, bypass
security measures or execute arbitrary code.
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
https://crbug.com/1043446
https://crbug.com/1031479
https://crbug.com/852645
https://crbug.com/965611
https://crbug.com/1043965
https://crbug.com/1048555
https://crbug.com/1032158
https://crbug.com/1034519
https://crbug.com/639173
https://crbug.com/714617
https://crbug.com/868145
https://crbug.com/894477
https://crbug.com/959571
https://crbug.com/1013906
https://crbug.com/1040080
https://crbug.com/922882
https://crbug.com/933171
https://crbug.com/933172
https://crbug.com/991217
https://crbug.com/1037872
https://crbug.com/1019161
https://crbug.com/1059669
https://crbug.com/1040755
https://security.archlinux.org/CVE-2020-6423
https://security.archlinux.org/CVE-2020-6430
https://security.archlinux.org/CVE-2020-6431
https://security.archlinux.org/CVE-2020-6432
https://security.archlinux.org/CVE-2020-6433
https://security.archlinux.org/CVE-2020-6434
https://security.archlinux.org/CVE-2020-6435
https://security.archlinux.org/CVE-2020-6436
https://security.archlinux.org/CVE-2020-6437
https://security.archlinux.org/CVE-2020-6438
https://security.archlinux.org/CVE-2020-6439
https://security.archlinux.org/CVE-2020-6440
https://security.archlinux.org/CVE-2020-6441
https://security.archlinux.org/CVE-2020-6442
https://security.archlinux.org/CVE-2020-6443
https://security.archlinux.org/CVE-2020-6444
https://security.archlinux.org/CVE-2020-6445
https://security.archlinux.org/CVE-2020-6446
https://security.archlinux.org/CVE-2020-6447
https://security.archlinux.org/CVE-2020-6448
https://security.archlinux.org/CVE-2020-6454
https://security.archlinux.org/CVE-2020-6455
https://security.archlinux.org/CVE-2020-6456
chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
crbug.com/1013906
crbug.com/1019161
crbug.com/1031479
crbug.com/1032158
crbug.com/1034519
crbug.com/1037872
crbug.com/1040080
crbug.com/1040755
crbug.com/1043446
crbug.com/1043965
crbug.com/1048555
crbug.com/1059669
crbug.com/639173
crbug.com/714617
crbug.com/852645
crbug.com/868145
crbug.com/894477
crbug.com/922882
crbug.com/933171
crbug.com/933172
crbug.com/959571
crbug.com/965611
crbug.com/991217
security.archlinux.org/AVG-1128
security.archlinux.org/CVE-2020-6423
security.archlinux.org/CVE-2020-6430
security.archlinux.org/CVE-2020-6431
security.archlinux.org/CVE-2020-6432
security.archlinux.org/CVE-2020-6433
security.archlinux.org/CVE-2020-6434
security.archlinux.org/CVE-2020-6435
security.archlinux.org/CVE-2020-6436
security.archlinux.org/CVE-2020-6437
security.archlinux.org/CVE-2020-6438
security.archlinux.org/CVE-2020-6439
security.archlinux.org/CVE-2020-6440
security.archlinux.org/CVE-2020-6441
security.archlinux.org/CVE-2020-6442
security.archlinux.org/CVE-2020-6443
security.archlinux.org/CVE-2020-6444
security.archlinux.org/CVE-2020-6445
security.archlinux.org/CVE-2020-6446
security.archlinux.org/CVE-2020-6447
security.archlinux.org/CVE-2020-6448
security.archlinux.org/CVE-2020-6454
security.archlinux.org/CVE-2020-6455
security.archlinux.org/CVE-2020-6456
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.466 Medium
EPSS
Percentile
97.4%