Lucene search

K
freebsdFreeBSD64988354-0889-11EB-A01B-E09467587C17
HistoryOct 06, 2020 - 12:00 a.m.

chromium -- multiple vulnerabilities

2020-10-0600:00:00
vuxml.freebsd.org
11

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.2%

Chrome releases reports:

This release contains 35 security fixes, including:

[1127322] Critical CVE-2020-15967: Use after free in payments.
Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11
[1126424] High CVE-2020-15968: Use after free in Blink.
Reported by Anonymous on 2020-09-09
[1124659] High CVE-2020-15969: Use after free in WebRTC.
Reported by Anonymous on 2020-09-03
[1108299] High CVE-2020-15970: Use after free in NFC. Reported
by Man Yue Mo of GitHub Security Lab on 2020-07-22
[1114062] High CVE-2020-15971: Use after free in printing.
Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on
2020-08-07
[1115901] High CVE-2020-15972: Use after free in audio.
Reported by Anonymous on 2020-08-13
[1133671] High CVE-2020-15990: Use after free in autofill.
Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on
2020-09-30
[1133688] High CVE-2020-15991: Use after free in password
manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo
360 on 2020-09-30
[1106890] Medium CVE-2020-15973: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-07-17
[1104103] Medium CVE-2020-15974: Integer overflow in Blink.
Reported by Juno Im (junorouse) of Theori on 2020-07-10
[1110800] Medium CVE-2020-15975: Integer overflow in
SwiftShader. Reported by Anonymous on 2020-07-29
[1123522] Medium CVE-2020-15976: Use after free in WebXR.
Reported by YoungJoo Lee (@ashuu_lee) of Raon Whitehat on
2020-08-31
[1083278] Medium CVE-2020-6557: Inappropriate implementation
in networking. Reported by Matthias Gierlings and Marcus Brinkmann
(NDS Ruhr-University Bochum) on 2020-05-15
[1097724] Medium CVE-2020-15977: Insufficient data validation
in dialogs. Reported by Narendra Bhati (@imnarendrabhati) on
2020-06-22
[1116280] Medium CVE-2020-15978: Insufficient data validation
in navigation. Reported by Luan Herrera (@lbherrera_) on
2020-08-14
[1127319] Medium CVE-2020-15979: Inappropriate implementation
in V8. Reported by Avihay Cohen (@SeraphicAlgorithms) on
2020-09-11
[1092453] Medium CVE-2020-15980: Insufficient policy
enforcement in Intents. Reported by Yongke Wang (@Rudykewang) and
Aryb1n (@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08
[1123023] Medium CVE-2020-15981: Out of bounds read in audio.
Reported by Christoph Guttandin on 2020-08-28
[1039882] Medium CVE-2020-15982: Side-channel information
leakage in cache. Reported by Luan Herrera (@lbherrera_) on
2020-01-07
[1076786] Medium CVE-2020-15983: Insufficient data validation
in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
Research on 2020-04-30
[1080395] Medium CVE-2020-15984: Insufficient policy
enforcement in Omnibox. Reported by Rayyan Bijoora on
2020-05-07
[1099276] Medium CVE-2020-15985: Inappropriate implementation
in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2020-06-25
[1100247] Medium CVE-2020-15986: Integer overflow in media.
Reported by Mark Brand of Google Project Zero on 2020-06-29
[1127774] Medium CVE-2020-15987: Use after free in WebRTC.
Reported by Philipp Hancke on 2020-09-14
[1110195] Medium CVE-2020-15992: Insufficient policy
enforcement in networking. Reported by Alison Huffman, Microsoft
Browser Vulnerability Research on 2020-07-28
[1092518] Low CVE-2020-15988: Insufficient policy enforcement
in downloads. Reported by Samuel Attard on 2020-06-08
[1108351] Low CVE-2020-15989: Uninitialized Use in PDFium.
Reported by Gareth Evans (Microsoft) on 2020-07-22

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium<Β 86.0.4240.75UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.2%