FreeBSD6E3B700A-7CA3-11EA-B594-3065EC8FD3ECchromium -- multiple vulnerabilities
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.466 Medium
EPSS
Percentile
97.4%
Google Chrome Releases reports:
This updates includes 32 security fixes, including:
[1019161] High CVE-2020-6454: Use after free in extensions.
Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on
2019-10-29
[1043446] High CVE-2020-6423: Use after free in audio.
Reported by Anonymous on 2020-01-18
[1059669] High CVE-2020-6455: Out of bounds read in WebSQL.
Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab,
Qihoo 360 on 2020-03-09
[1031479] Medium CVE-2020-6430: Type Confusion in V8.
Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
[1040755] Medium CVE-2020-6456: Insufficient validation of
untrusted input in clipboard. Reported by MichaΕ Bentkowski of
Securitum on 2020-01-10
[852645] Medium CVE-2020-6431: Insufficient policy
enforcement in full screen. Reported by Luan Herrera (@lbherrera_)
on 2018-06-14
[965611] Medium CVE-2020-6432: Insufficient policy
enforcement in navigations. Reported by David Erceg on
2019-05-21
[1043965] Medium CVE-2020-6433: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-01-21
[1048555] Medium CVE-2020-6434: Use after free in devtools.
Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04
[1032158] Medium CVE-2020-6435: Insufficient policy
enforcement in extensions. Reported by Sergei Glazunov of Google
Project Zero on 2019-12-09
[1034519] Medium CVE-2020-6436: Use after free in window
management. Reported by Igor Bukanov from Vivaldi on 2019-12-16
[639173] Low CVE-2020-6437: Inappropriate implementation in
WebView. Reported by Jann Horn on 2016-08-19
[714617] Low CVE-2020-6438: Insufficient policy enforcement in
extensions. Reported by Ng Yik Phang on 2017-04-24
[868145] Low CVE-2020-6439: Insufficient policy enforcement in
navigations. Reported by remkoboonstra on 2018-07-26
[894477] Low CVE-2020-6440: Inappropriate implementation in
extensions. Reported by David Erceg on 2018-10-11
[959571] Low CVE-2020-6441: Insufficient policy enforcement in
omnibox. Reported by David Erceg on 2019-05-04
[1013906] Low CVE-2020-6442: Inappropriate implementation in
cache. Reported by B@rMey on 2019-10-12
[1040080] Low CVE-2020-6443: Insufficient data validation in
developer tools. Reported by @lovasoa (Ophir LOJKINE) on
2020-01-08
[922882] Low CVE-2020-6444: Uninitialized Use in WebRTC.
Reported by mlfbrown on 2019-01-17
[933171] Low CVE-2020-6445: Insufficient policy enforcement in
trusted types. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2019-02-18
[933172] Low CVE-2020-6446: Insufficient policy enforcement in
trusted types. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2019-02-18
[991217] Low CVE-2020-6447: Inappropriate implementation in
developer tools. Reported by David Erceg on 2019-08-06
[1037872] Low CVE-2020-6448: Use after free in V8. Reported by
Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.466 Medium
EPSS
Percentile
97.4%