Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
chromeHttps://chromereleases.googleblog.comGCSA-2509954079155194578
HistoryOct 13, 2020 - 12:00 a.m.

Chrome for Android Update

2020-10-1300:00:00
https://chromereleases.googleblog.com
chromereleases.googleblog.com
16

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.9%

JSON

Hi, everyone! We’ve just released Chrome 86 (86.0.4240.99) for Android: it’ll become available on Google Play over the next few weeks.

This release includes Security, stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.

This update includes 8 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$5000][1133983] High CVE-2020-15993: Use after free in printing. Reported by Khalil Zhani on 2020-10-01

[$500][1117367] High CVE-2020-13871, CVE-2020-15358: Use after free in SQLite. Reported by Richard Lorenz, SAP on 2020-08-18

[$N/A][1117258] High CVE-2020-15994: Use after free in V8. Reported by Johnathan Norman Microsoft Browser Vulnerability Research on 2020-08-17

[$TBD][1132111] High CVE-2020-15995: Out of bounds write in V8. Reported by Anonymous on 2020-09-24

[$TBD][1133635] High CVE-2020-15996: Use after free in passwords. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2020-09-30

[$N/A][1133668] High CVE-2020-15997: Use after free in Mojo. Reported by Piotr Tworek on 2020-09-30

[$TBD][1135857] High CVE-2020-15998: Use after free in USB. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-07

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [1137972] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Krishna Govind
Google Chrome

CPENameOperatorVersion
google chromelt86.0.4240.99

Related

nessus 43
debiancve 8
prion 8
cve 8
osv 8
veracode 3
sqlite 2
redhatcve 2
photon 10
ibm 10
fedora 3
ubuntucve 2
archlinux 3
ubuntu 1
alpinelinux 1
cbl_mariner 1
threatpost 3
oraclelinux 1
almalinux 1
redhat 15
rocky 1
mageia 1
apple 12
gentoo 2
kaspersky 3
freebsd 1
chrome 1
suse 8
debian 3
rosalinux 1
ics 2
tenable 1
oracle 4
mscve 1
nessus
nessus
EulerOS Virtualization 2.9.1 : sqlite (EulerOS-SA-2021-1626)
2021-03-10 00:00:00
Fedora 32 : sqlite (2020-d0f892b069)
2020-08-20 00:00:00
Ubuntu 20.04 LTS : SQLite vulnerability (USN-4438-1)
2020-07-28 00:00:00
debiancve
debiancve
CVE-2020-13871
2020-06-06 16:15:00
CVE-2020-15998
2020-11-03 03:15:00
CVE-2020-15994
2020-11-03 03:15:00
prion
prion
Double free
2020-11-03 03:15:00
Design/Logic Flaw
2020-11-03 03:15:00
Double free
2020-11-03 03:15:00
cve
cve
CVE-2020-15998
2020-11-03 03:15:00
CVE-2020-15996
2020-11-03 03:15:00
CVE-2020-15994
2020-11-03 03:15:00
osv
osv
Malicious SQL statement causes a read-only use-after-free memory error.
2021-11-01 00:00:00
CVE-2020-15358
2020-06-27 12:15:11
BIT-sqlite-2020-13871
2024-03-06 11:07:31
veracode
veracode
Use-After-Free
2020-12-06 04:19:53
Arbitrary Code Execution
2021-01-11 22:47:17
Denial Of Service (DoS)
2021-05-20 15:25:52
sqlite
sqlite
SQLite report about CVE-2020-13871
2020-01-01 00:00:00
SQLite report about CVE-2020-15358
2020-01-01 00:00:00
redhatcve
redhatcve
CVE-2020-13871
2020-06-09 14:55:56
CVE-2020-15358
2020-06-29 14:20:54
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0261
2020-07-10 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0113
2020-07-15 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0261
2020-07-10 00:00:00
ibm
ibm
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-15358)
2020-09-22 02:34:28
Security Bulletin: WML CE: SQLite through 3.32.2 has has a use-after-free problem.
2020-07-17 23:00:57
Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-15358)
2021-01-13 18:05:54
fedora
fedora
[SECURITY] Fedora 32 Update: sqlite-3.33.0-1.fc32
2020-08-20 01:13:16
[SECURITY] Fedora 33 Update: chromium-87.0.4280.141-1.fc33
2021-01-17 01:51:52
[SECURITY] Fedora 32 Update: chromium-87.0.4280.141-1.fc32
2021-01-23 01:30:25
ubuntucve
ubuntucve
CVE-2020-13871
2020-06-06 00:00:00
CVE-2020-15358
2020-06-27 00:00:00
archlinux
archlinux
[ASA-202006-11] sqlite: arbitrary code execution
2020-06-28 00:00:00
[ASA-202101-20] vivaldi: multiple issues
2021-01-12 00:00:00
[ASA-202101-6] chromium: multiple issues
2021-01-08 00:00:00
ubuntu
ubuntu
SQLite vulnerability
2020-07-27 00:00:00
alpinelinux
alpinelinux
CVE-2020-15358
2020-06-27 12:15:00
cbl_mariner
cbl_mariner
CVE-2020-15358 affecting package mysql 8.0.22-2
2021-08-25 19:57:27
threatpost
threatpost
Google Chrome Zero-Day Afflicts Windows, Mac Users
2021-02-05 15:47:55
Google Patches Actively Exploited Flaw in Chrome Browser
2021-03-03 21:17:14
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
2021-01-08 06:00:28
oraclelinux
oraclelinux
sqlite security update
2021-05-25 00:00:00
almalinux
almalinux
Moderate: sqlite security update
2021-05-18 05:34:24
redhat
redhat
(RHSA-2021:1581) Moderate: sqlite security update
2021-05-18 05:34:24
(RHSA-2021:2705) Moderate: Release of OpenShift Serverless 1.16.0
2021-07-13 16:31:04
(RHSA-2021:2130) Moderate: Windows Container Support for Red Hat OpenShift 2.0.1 security and bug fix update
2021-06-23 05:30:08
rocky
rocky
sqlite security update
2021-05-18 05:34:24
mageia
mageia
Updated sqlite3 packages fix security vulnerabilities
2021-07-01 02:58:41
apple
apple
About the security content of iCloud for Windows 7.21 - Apple Support
2020-11-12 10:19:34
About the security content of iCloud for Windows 7.21
2020-09-24 00:00:00
About the security content of watchOS 7.0 - Apple Support
2020-12-15 05:33:40
gentoo
gentoo
SQLite: Multiple vulnerabilities
2020-07-27 00:00:00
Chromium, Google Chrome: Multiple vulnerabilities
2021-01-10 00:00:00
kaspersky
kaspersky
KLA12006 Multiple vulnerabilities in Apple iCloud
2020-11-12 00:00:00
KLA12046 Multiple vulnerabilities in Opera
2021-01-14 00:00:00
KLA12035 Multiple vulnerabilities in Google Chrome
2021-01-06 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-01-06 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-01-06 00:00:00
suse
suse
Security update for chromium (important)
2021-01-10 00:00:00
Security update for chromium (important)
2021-01-11 00:00:00
Security update for opera (moderate)
2021-01-22 00:00:00
debian
debian
[SECURITY] [DSA 4832-1] chromium security update
2021-01-16 14:06:35
[SECURITY] [DLA 2340-1] sqlite3 security update
2020-08-22 22:34:41
[SECURITY] [DSA 4832-1] chromium security update
2021-01-16 14:06:35
rosalinux
rosalinux
Advisory ROSA-SA-2021-1975
2021-07-02 18:09:04
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
mscve
mscve
Chromium Security Updates for Microsoft Edge (Chromium-Based)
2020-01-28 08:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.9%

JSON
Related for GCSA-2509954079155194578
nessus43debiancve8prion8cve8osv8veracode3sqlite2redhatcve2photon10ibm10fedora3ubuntucve2archlinux3ubuntu1alpinelinux1cbl_mariner1threatpost3oraclelinux1almalinux1redhat15rocky1mageia1apple12gentoo2kaspersky3freebsd1chrome1suse8debian3rosalinux1ics2tenable1oracle4mscve1