Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202004-9
HistoryApr 08, 2020 - 12:00 a.m.

[ASA-202004-9] chromium: multiple issues

2020-04-0800:00:00
security.archlinux.org
13

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.466 Medium

EPSS

Percentile

97.4%

JSON

Arch Linux Security Advisory ASA-202004-9

Severity: High
Date : 2020-04-08
CVE-ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432
CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440
CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444
CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448
CVE-2020-6454 CVE-2020-6455 CVE-2020-6456
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1128

Summary

The package chromium before version 81.0.4044.92-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure, access restriction bypass and insufficient validation.

Resolution

Upgrade to 81.0.4044.92-1.

pacman -Syu “chromium>=81.0.4044.92-1”

The problems have been fixed upstream in version 81.0.4044.92.

Workaround

None.

Description

  • CVE-2020-6423 (arbitrary code execution)

A use after free security issue has been found in the audio component
of the chromium browser before 81.0.4044.92.

  • CVE-2020-6430 (arbitrary code execution)

A type confusion security issue has been found in the V8 component of
the chromium browser before 81.0.4044.92.

  • CVE-2020-6431 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
full screen component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6432 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
navigations component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6433 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6434 (arbitrary code execution)

A use-after-free security issue has been found in the devtools
component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6435 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6436 (arbitrary code execution)

A use-after-free security issue has been found in the window management
component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6437 (access restriction bypass)

An inappropriate implementation security issue has been found in the
WebView component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6438 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6439 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
navigations component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6440 (access restriction bypass)

An inappropriate implementation security issue has been found in the
extensions component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6441 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
omnibox component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6442 (access restriction bypass)

An inappropriate implementation security issue has been found in the
cache component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6443 (insufficient validation)

An insufficient data validation security issue has been found in the
developer tools component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6444 (information disclosure)

An uninitialized memory use issue has been found in the WebRTC
component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6445 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
trusted types component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6446 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
trusted types component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6447 (access restriction bypass)

An inappropriate implementation security issue has been found in the
developer tools component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6448 (arbitrary code execution)

A use-after-free security issue has been found in the V8 component of
the chromium browser before 81.0.4044.92.

  • CVE-2020-6454 (arbitrary code execution)

A use after free security issue has been found in the extensions
component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6455 (information disclosure)

A out of bounds read security issue has been found in the WebSQL
component of the chromium browser before 81.0.4044.92.

  • CVE-2020-6456 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the clipboard component of the chromium browser before
81.0.4044.92.

Impact

A remote attacker might be able to access sensitive information, bypass
security measures or execute arbitrary code.

References

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
https://crbug.com/1043446
https://crbug.com/1031479
https://crbug.com/852645
https://crbug.com/965611
https://crbug.com/1043965
https://crbug.com/1048555
https://crbug.com/1032158
https://crbug.com/1034519
https://crbug.com/639173
https://crbug.com/714617
https://crbug.com/868145
https://crbug.com/894477
https://crbug.com/959571
https://crbug.com/1013906
https://crbug.com/1040080
https://crbug.com/922882
https://crbug.com/933171
https://crbug.com/933172
https://crbug.com/991217
https://crbug.com/1037872
https://crbug.com/1019161
https://crbug.com/1059669
https://crbug.com/1040755
https://security.archlinux.org/CVE-2020-6423
https://security.archlinux.org/CVE-2020-6430
https://security.archlinux.org/CVE-2020-6431
https://security.archlinux.org/CVE-2020-6432
https://security.archlinux.org/CVE-2020-6433
https://security.archlinux.org/CVE-2020-6434
https://security.archlinux.org/CVE-2020-6435
https://security.archlinux.org/CVE-2020-6436
https://security.archlinux.org/CVE-2020-6437
https://security.archlinux.org/CVE-2020-6438
https://security.archlinux.org/CVE-2020-6439
https://security.archlinux.org/CVE-2020-6440
https://security.archlinux.org/CVE-2020-6441
https://security.archlinux.org/CVE-2020-6442
https://security.archlinux.org/CVE-2020-6443
https://security.archlinux.org/CVE-2020-6444
https://security.archlinux.org/CVE-2020-6445
https://security.archlinux.org/CVE-2020-6446
https://security.archlinux.org/CVE-2020-6447
https://security.archlinux.org/CVE-2020-6448
https://security.archlinux.org/CVE-2020-6454
https://security.archlinux.org/CVE-2020-6455
https://security.archlinux.org/CVE-2020-6456

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanychromium< 81.0.4044.92-1UNKNOWN

References

Related

freebsd 1
nessus 10
kaspersky 2
openvas 9
redhat 1
chrome 1
mageia 1
suse 2
gentoo 1
fedora 3
osv 1
debian 2
prion 23
ubuntucve 23
redhatcve 23
debiancve 23
cve 23
checkpoint_advisories 1
mscve 1
photon 1
freebsd
freebsd
chromium -- multiple vulnerabilities
2020-04-07 00:00:00
nessus
nessus
Microsoft Edge (Chromium) < 81.0.416.53 Multiple Vulnerabilities
2020-07-09 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (6e3b700a-7ca3-11ea-b594-3065ec8fd3ec)
2020-04-14 00:00:00
RHEL 6 : chromium-browser (RHSA-2020:1487)
2020-04-16 00:00:00
kaspersky
kaspersky
KLA11751 Multiple vulnerabilities in Opera
2020-04-15 00:00:00
KLA11727 Multiple vulnerabilities in Google Chrome
2020-04-07 00:00:00
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop_7-2020-04) - Mac OS X
2020-04-08 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_7-2020-04) - Windows
2020-04-08 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_7-2020-04) - Linux
2020-04-08 00:00:00
redhat
redhat
(RHSA-2020:1487) Important: chromium-browser security update
2020-04-16 06:55:24
chrome
chrome
Stable Channel Update for Desktop
2020-04-07 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2020-04-17 02:01:23
suse
suse
Security update for chromium (important)
2020-04-19 00:00:00
Security update for chromium (important)
2020-04-15 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2020-04-10 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: chromium-81.0.4044.122-1.fc30
2020-05-03 04:41:39
[SECURITY] Fedora 32 Update: chromium-81.0.4044.122-1.fc32
2020-04-28 02:34:05
[SECURITY] Fedora 31 Update: chromium-81.0.4044.138-1.fc31
2020-05-17 03:49:25
osv
osv
chromium - security update
2020-07-01 00:00:00
debian
debian
[SECURITY] [DSA 4714-1] chromium security update
2020-07-02 01:58:01
[SECURITY] [DSA 4714-1] chromium security update
2020-07-02 01:58:01
prion
prion
Design/Logic Flaw
2020-04-13 18:15:00
Design/Logic Flaw
2020-04-13 18:15:00
Design/Logic Flaw
2020-04-13 18:15:00
ubuntucve
ubuntucve
CVE-2020-6455
2020-04-13 00:00:00
CVE-2020-6444
2020-04-13 00:00:00
CVE-2020-6445
2020-04-13 00:00:00
redhatcve
redhatcve
CVE-2020-6455
2020-04-09 14:07:42
CVE-2020-6444
2020-04-09 14:07:25
CVE-2020-6434
2020-04-09 14:06:51
debiancve
debiancve
CVE-2020-6447
2020-04-13 18:15:00
CVE-2020-6445
2020-04-13 18:15:00
CVE-2020-6437
2020-04-13 18:15:00
cve
cve
CVE-2020-6437
2020-04-13 18:15:00
CVE-2020-6445
2020-04-13 18:15:00
CVE-2020-6455
2020-04-13 18:15:00
checkpoint_advisories
checkpoint_advisories
Google Chrome Heap Corruption (CVE-2020-6455)
2020-10-15 00:00:00
mscve
mscve
Chromium Security Updates for Microsoft Edge (Chromium-Based)
2020-01-28 08:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0602
2023-06-21 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.466 Medium

EPSS

Percentile

97.4%

JSON
Related for ASA-202004-9
freebsd1nessus10kaspersky2openvas9redhat1chrome1mageia1suse2gentoo1fedora3osv1debian2prion23ubuntucve23redhatcve23debiancve23cve23checkpoint_advisories1mscve1photon1