8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.0%
Severity: Critical
Date : 2020-10-10
CVE-ID : CVE-2020-6557 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969
CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973
CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977
CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985
CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989
CVE-2020-15990 CVE-2020-15991 CVE-2020-15992
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1238
The package chromium before version 86.0.4240.75-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, information disclosure and insufficient validation.
Upgrade to 86.0.4240.75-1.
The problems have been fixed upstream in version 86.0.4240.75.
None.
An inappropriate implementation security issue has been found in the
networking component of the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the payments
component of the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the Blink component
of the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the WebRTC component
of the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the NFC component of
the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the printing
component of the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the audio component
of the chromium browser before 86.0.4240.75.
An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 86.0.4240.75.
An integer overflow security issue has been found in the Blink
component of the chromium browser before 86.0.4240.75.
An integer overflow security issue has been found in the SwiftShader
component of the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the WebXR component
of the chromium browser before 86.0.4240.75.
An insufficient data validation security issue has been found in the
dialogs component of the chromium browser before 86.0.4240.75.
An insufficient data validation security issue has been found in the
navigation component of the chromium browser before 86.0.4240.75.
An inappropriate implementation security issue has been found in the V8
component of the chromium browser before 86.0.4240.75.
An insufficient policy enforcement security issue has been found in the
Intents component of the chromium browser before 86.0.4240.75.
An out of bounds read security issue has been found in the audio
component of the chromium browser before 86.0.4240.75.
A side-channel information leakage security issue has been found in the
cache component of the chromium browser before 86.0.4240.75.
An insufficient data validation security issue has been found in the
webUI component of the chromium browser before 86.0.4240.75.
An insufficient policy enforcement security issue has been found in the
Omnibox component of the chromium browser before 86.0.4240.75.
An inappropriate implementation security issue has been found in the
Blink component of the chromium browser before 86.0.4240.75.
An integer overflow security issue has been found in the media
component of the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the WebRTC component
of the chromium browser before 86.0.4240.75.
An insufficient policy enforcement security issue has been found in the
downloads component of the chromium browser before 86.0.4240.75.
An uninitialized use security issue has been found in the PDFium
component of the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the autofill
component of the chromium browser before 86.0.4240.75.
A use after free security issue has been found in the password manager
component of the chromium browser before 86.0.4240.75.
An insufficient policy enforcement security issue has been found in the
networking component of the chromium browser before 86.0.4240.75.
A remote attacker can access sensitive information, bypass security
measures and execute arbitrary code on the affected host.
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
https://crbug.com/1083278
https://crbug.com/1127322
https://crbug.com/1126424
https://crbug.com/1124659
https://crbug.com/1108299
https://crbug.com/1114062
https://crbug.com/1115901
https://crbug.com/1106890
https://crbug.com/1104103
https://crbug.com/1110800
https://crbug.com/1123522
https://crbug.com/1097724
https://crbug.com/1116280
https://crbug.com/1127319
https://crbug.com/1092453
https://crbug.com/1123023
https://crbug.com/1039882
https://crbug.com/1076786
https://crbug.com/1080395
https://crbug.com/1099276
https://crbug.com/1100247
https://crbug.com/1127774
https://crbug.com/1092518
https://crbug.com/1108351
https://crbug.com/1133671
https://crbug.com/1133688
https://crbug.com/1110195
https://security.archlinux.org/CVE-2020-6557
https://security.archlinux.org/CVE-2020-15967
https://security.archlinux.org/CVE-2020-15968
https://security.archlinux.org/CVE-2020-15969
https://security.archlinux.org/CVE-2020-15970
https://security.archlinux.org/CVE-2020-15971
https://security.archlinux.org/CVE-2020-15972
https://security.archlinux.org/CVE-2020-15973
https://security.archlinux.org/CVE-2020-15974
https://security.archlinux.org/CVE-2020-15975
https://security.archlinux.org/CVE-2020-15976
https://security.archlinux.org/CVE-2020-15977
https://security.archlinux.org/CVE-2020-15978
https://security.archlinux.org/CVE-2020-15979
https://security.archlinux.org/CVE-2020-15980
https://security.archlinux.org/CVE-2020-15981
https://security.archlinux.org/CVE-2020-15982
https://security.archlinux.org/CVE-2020-15983
https://security.archlinux.org/CVE-2020-15984
https://security.archlinux.org/CVE-2020-15985
https://security.archlinux.org/CVE-2020-15986
https://security.archlinux.org/CVE-2020-15987
https://security.archlinux.org/CVE-2020-15988
https://security.archlinux.org/CVE-2020-15989
https://security.archlinux.org/CVE-2020-15990
https://security.archlinux.org/CVE-2020-15991
https://security.archlinux.org/CVE-2020-15992
chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
crbug.com/1039882
crbug.com/1076786
crbug.com/1080395
crbug.com/1083278
crbug.com/1092453
crbug.com/1092518
crbug.com/1097724
crbug.com/1099276
crbug.com/1100247
crbug.com/1104103
crbug.com/1106890
crbug.com/1108299
crbug.com/1108351
crbug.com/1110195
crbug.com/1110800
crbug.com/1114062
crbug.com/1115901
crbug.com/1116280
crbug.com/1123023
crbug.com/1123522
crbug.com/1124659
crbug.com/1126424
crbug.com/1127319
crbug.com/1127322
crbug.com/1127774
crbug.com/1133671
crbug.com/1133688
security.archlinux.org/AVG-1238
security.archlinux.org/CVE-2020-15967
security.archlinux.org/CVE-2020-15968
security.archlinux.org/CVE-2020-15969
security.archlinux.org/CVE-2020-15970
security.archlinux.org/CVE-2020-15971
security.archlinux.org/CVE-2020-15972
security.archlinux.org/CVE-2020-15973
security.archlinux.org/CVE-2020-15974
security.archlinux.org/CVE-2020-15975
security.archlinux.org/CVE-2020-15976
security.archlinux.org/CVE-2020-15977
security.archlinux.org/CVE-2020-15978
security.archlinux.org/CVE-2020-15979
security.archlinux.org/CVE-2020-15980
security.archlinux.org/CVE-2020-15981
security.archlinux.org/CVE-2020-15982
security.archlinux.org/CVE-2020-15983
security.archlinux.org/CVE-2020-15984
security.archlinux.org/CVE-2020-15985
security.archlinux.org/CVE-2020-15986
security.archlinux.org/CVE-2020-15987
security.archlinux.org/CVE-2020-15988
security.archlinux.org/CVE-2020-15989
security.archlinux.org/CVE-2020-15990
security.archlinux.org/CVE-2020-15991
security.archlinux.org/CVE-2020-15992
security.archlinux.org/CVE-2020-6557
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.0%