Lucene search

K
freebsdFreeBSD1110E286-DC08-11EA-BEED-E09467587C17
HistoryAug 10, 2020 - 12:00 a.m.

chromium -- multiple vulnerabilities

2020-08-1000:00:00
vuxml.freebsd.org
15

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.382

Percentile

97.3%

Chrome Releases reports:

This release contains 15 security fixes, including:

[1107433] High CVE-2020-6542: Use after free in ANGLE.
Reported by Piotr Bania of Cisco Talos on 2020-07-20
[1104046] High CVE-2020-6543: Use after free in task
scheduling. Reported by Looben Yang on 2020-07-10
[1108497] High CVE-2020-6544: Use after free in media. Reported
by Tim Becker of Theori on 2020-07-22
[1095584] High CVE-2020-6545: Use after free in audio. Reported
by Anonymous on 2020-06-16
[1100280] High CVE-2020-6546: Inappropriate implementation in
installer. Reported by Andrew Hess (any1) on 2020-06-29
[1102153] High CVE-2020-6547: Incorrect security UI in media.
Reported by David Albert on 2020-07-05
[1103827] High CVE-2020-6548: Heap buffer overflow in Skia.
Reported by Choongwoo Han, Microsoft Browser Vulnerability
Research on 2020-07-09
[1105426] High CVE-2020-6549: Use after free in media. Reported
by Sergei Glazunov of Google Project Zero on 2020-07-14
[1106682] High CVE-2020-6550: Use after free in IndexedDB.
Reported by Sergei Glazunov of Google Project Zero on
2020-07-17
[1107815] High CVE-2020-6551: Use after free in WebXR. Reported
by Sergei Glazunov of Google Project Zero on 2020-07-21
[1108518] High CVE-2020-6552: Use after free in Blink. Reported
by Tim Becker of Theori on 2020-07-22
[1111307] High CVE-2020-6553: Use after free in offline mode.
Reported by Alison Huffman, Microsoft Browser Vulnerability
Research on 2020-07-30
[1094235] Medium CVE-2020-6554: Use after free in extensions.
Reported by Anonymous on 2020-06-12
[1105202] Medium CVE-2020-6555: Out of bounds read in WebGL.
Reported by Marcin Towalski of Cisco Talos on 2020-07-13

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 84.0.4147.125UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.382

Percentile

97.3%