8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.244 Low
EPSS
Percentile
96.5%
Severity: High
Date : 2020-12-09
CVE-ID : CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040
CVE-2020-16041 CVE-2020-16042
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1323
The package chromium before version 87.0.4280.88-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure, insufficient validation and denial of service.
Upgrade to 87.0.4280.88-1.
The problems have been fixed upstream in version 87.0.4280.88.
None.
A use after free security issue has been found in the clipboard
component of the chromium browser before version 87.0.4280.88.
A use after free security issue has been found in the media component
of the chromium browser before version 87.0.4280.88.
A use after free security issue has been found in the extensions
component of the chromium browser before version 87.0.4280.88.
An insufficient data validation security issue has been found in the V8
component of the chromium browser before version 87.0.4280.88.
An out of bounds read security issue has been found in the networking
component of the chromium browser before version 87.0.4280.88.
An uninitialized use security issue has been found in the V8 component
of the chromium browser before version 87.0.4280.88 and Firefox before
84.0.
A remote attacker might be able to crash the application, read memory
or execute arbitrary code.
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
https://crbug.com/1142331
https://crbug.com/1138683
https://crbug.com/1149177
https://crbug.com/1150649
https://crbug.com/1151865
https://crbug.com/1151890
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042
https://bugzilla.mozilla.org/show_bug.cgi?id=1679003
https://security.archlinux.org/CVE-2020-16037
https://security.archlinux.org/CVE-2020-16038
https://security.archlinux.org/CVE-2020-16039
https://security.archlinux.org/CVE-2020-16040
https://security.archlinux.org/CVE-2020-16041
https://security.archlinux.org/CVE-2020-16042
bugzilla.mozilla.org/show_bug.cgi?id=1679003
chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
crbug.com/1138683
crbug.com/1142331
crbug.com/1149177
crbug.com/1150649
crbug.com/1151865
crbug.com/1151890
security.archlinux.org/AVG-1323
security.archlinux.org/CVE-2020-16037
security.archlinux.org/CVE-2020-16038
security.archlinux.org/CVE-2020-16039
security.archlinux.org/CVE-2020-16040
security.archlinux.org/CVE-2020-16041
security.archlinux.org/CVE-2020-16042
www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.244 Low
EPSS
Percentile
96.5%