Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-3E005CE2E0.NASL
HistoryNov 24, 2020 - 12:00 a.m.

Fedora 32 : chromium (2020-3e005ce2e0)

2020-11-2400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

8.5 High

AI Score

Confidence

Low

JSON

Update to 87.0.4280.66. Fixes bugs and security holes. Yay!

CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036

Update to 86.0.4240.198. Fixes the following security issues :

CVE-2020-16013 CVE-2020-16016 CVE-2020-16017

Update to 86.0.4240.183.

Fixes the following security issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009

Also disables the very verbose output going to stdout.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2020-3e005ce2e0.
#

include('compat.inc');

if (description)
{
  script_id(143227);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/08");

  script_cve_id(
    "CVE-2019-8075",
    "CVE-2020-16004",
    "CVE-2020-16005",
    "CVE-2020-16006",
    "CVE-2020-16008",
    "CVE-2020-16009",
    "CVE-2020-16012",
    "CVE-2020-16013",
    "CVE-2020-16014",
    "CVE-2020-16015",
    "CVE-2020-16016",
    "CVE-2020-16017",
    "CVE-2020-16018",
    "CVE-2020-16019",
    "CVE-2020-16020",
    "CVE-2020-16021",
    "CVE-2020-16022",
    "CVE-2020-16023",
    "CVE-2020-16024",
    "CVE-2020-16025",
    "CVE-2020-16026",
    "CVE-2020-16027",
    "CVE-2020-16028",
    "CVE-2020-16029",
    "CVE-2020-16030",
    "CVE-2020-16031",
    "CVE-2020-16032",
    "CVE-2020-16033",
    "CVE-2020-16034",
    "CVE-2020-16035",
    "CVE-2020-16036"
  );
  script_xref(name:"FEDORA", value:"2020-3e005ce2e0");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
  script_xref(name:"CEA-ID", value:"CEA-2020-0124");

  script_name(english:"Fedora 32 : chromium (2020-3e005ce2e0)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Update to 87.0.4280.66. Fixes bugs and security holes. Yay!

CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020
CVE-2020-16021 CVE-2020-16022 CVE-2020-16015 CVE-2020-16014
CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026
CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030
CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
CVE-2020-16035 CVE-2020-16036

----

Update to 86.0.4240.198. Fixes the following security issues :

CVE-2020-16013 CVE-2020-16016 CVE-2020-16017

----

Update to 86.0.4240.183.

Fixes the following security issues: CVE-2020-16004 CVE-2020-16005
CVE-2020-16006 CVE-2020-16008 CVE-2020-16009

Also disables the very verbose output going to stdout.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-3e005ce2e0");
  script_set_attribute(attribute:"solution", value:
"Update the affected chromium package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-16035");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-16025");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/11/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:32");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^32([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 32", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC32", reference:"chromium-87.0.4280.66-1.fc32", allowmaj:TRUE)) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
}
VendorProductVersionCPE
fedoraprojectfedorachromiump-cpe:/a:fedoraproject:fedora:chromium
fedoraprojectfedora32cpe:/o:fedoraproject:fedora:32

References

Related

fedora 3
suse 14
nessus 24
archlinux 3
kaspersky 6
chrome 4
threatpost 3
gentoo 3
redhat 2
thn 1
malwarebytes 1
freebsd 1
osv 2
cisa 1
github 2
ics 1
ibm 1
veracode 19
cve 23
redhatcve 16
prion 20
ubuntucve 18
debiancve 19
symantec 1
attackerkb 2
gitlab 6
cisa_kev 2
packetstorm 1
fedora
fedora
[SECURITY] Fedora 32 Update: chromium-87.0.4280.66-1.fc32
2020-11-24 01:23:14
[SECURITY] Fedora 33 Update: chromium-87.0.4280.66-1.fc33
2020-11-22 01:27:45
[SECURITY] Fedora 33 Update: chromium-86.0.4240.198-1.fc33
2020-11-20 01:41:34
suse
suse
Security update for chromium (important)
2020-11-25 00:00:00
Security update for chromium (important)
2020-11-25 00:00:00
Security update for chromium (important)
2020-11-26 00:00:00
nessus
nessus
openSUSE Security Update : chromium (openSUSE-2020-2021)
2020-11-30 00:00:00
Google Chrome < 87.0.4280.66 Multiple Vulnerabilities
2020-11-17 00:00:00
Microsoft Edge (Chromium) < 87.0.664.41 Multiple Vulnerabilities
2020-11-20 00:00:00
archlinux
archlinux
[ASA-202011-11] chromium: multiple issues
2020-11-17 00:00:00
[ASA-202011-2] chromium: multiple issues
2020-11-03 00:00:00
[ASA-202011-9] chromium: arbitrary code execution
2020-11-10 00:00:00
kaspersky
kaspersky
KLA12009 Multiple vulnerabilities in Google Chrome
2020-11-17 00:00:00
KLA12014 Multiple vulnerabilities in Opera
2020-11-10 00:00:00
KLA11990 Multiple vulnerabilities in Google Chrome
2020-11-02 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2020-11-17 00:00:00
Stable Channel Update for Desktop
2020-11-02 00:00:00
Stable Channel Update for Desktop
2020-11-11 00:00:00
threatpost
threatpost
Google Chrome 87 Closes High-Severity 'NAT Slipstreaming' Hole
2020-11-18 17:37:45
2 More Google Chrome Zero-Days Under Active Exploitation
2020-11-12 14:10:57
Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits
2020-11-03 17:23:23
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2020-12-07 00:00:00
Chromium, Google Chrome: Multiple vulnerabilities
2020-11-11 00:00:00
Chromium, Google Chrome: Multiple vulnerabilities
2020-11-16 00:00:00
redhat
redhat
(RHSA-2020:4974) Important: chromium-browser security update
2020-11-09 09:09:10
(RHSA-2020:5165) Important: chromium-browser security update
2020-11-23 08:25:12
thn
thn
Two New Chrome 0-Days Under Active Attacks – Update Your Browser
2020-11-12 03:36:00
malwarebytes
malwarebytes
Hat trick for Google as it patches two more zero-days in Chrome
2020-11-12 21:16:34
freebsd
freebsd
chromium -- multiple vulnerabilities
2020-11-02 00:00:00
osv
osv
Inappropriate implementation in V8 in CefSharp
2020-11-27 20:12:55
Use after free in CefSharp
2020-11-27 20:13:05
cisa
cisa
Google Releases Security Updates for Chrome
2020-11-12 00:00:00
github
github
Use after free in CefSharp
2020-11-27 20:13:05
Inappropriate implementation in V8 in CefSharp
2020-11-27 20:12:55
ics
ics
Rockwell Automation Connected Components Workbench
2023-09-21 12:00:00
ibm
ibm
Security Bulletin: IBM Analyst's Notebook Premium uses a component with known vulnerabilities (CVE-2020-16013, CVE-2020-16009, CVE-2020-15999)
2021-07-23 15:10:10
veracode
veracode
Information Disclosure
2021-01-02 22:06:19
Security Restrictions Bypass
2020-12-21 18:51:22
Denial Of Service(DoS)
2020-12-21 18:50:35
cve
cve
CVE-2019-8075
2019-09-27 16:15:00
CVE-2020-16027
2021-01-08 19:15:00
CVE-2020-16036
2021-01-08 19:15:00
redhatcve
redhatcve
CVE-2019-8075
2020-11-18 18:39:07
CVE-2020-16015
2020-11-18 18:39:21
CVE-2020-16006
2020-11-03 18:07:31
prion
prion
Design/Logic Flaw
2021-01-08 19:15:00
Input validation
2021-01-08 19:15:00
Design/Logic Flaw
2021-01-08 19:15:00
ubuntucve
ubuntucve
CVE-2020-16023
2021-01-08 00:00:00
CVE-2020-16016
2021-01-08 00:00:00
CVE-2020-16031
2021-01-08 00:00:00
debiancve
debiancve
CVE-2020-16033
2021-01-08 19:15:00
CVE-2020-16035
2021-01-08 19:15:00
CVE-2020-16029
2021-01-08 19:15:00
symantec
symantec
Adobe Flash Player CVE-2019-8075 Security Bypass Vulnerability
2019-09-20 00:00:00
attackerkb
attackerkb
CVE-2020-16027
2021-01-08 00:00:00
CVE-2020-16017
2021-01-08 00:00:00
gitlab
gitlab
Use After Free
2020-11-27 00:00:00
Out-of-bounds Write
2020-11-27 00:00:00
Out-of-bounds Write
2020-11-27 00:00:00
cisa_kev
cisa_kev
Google Chromium V8 Incorrect Implementation Vulnerabililty
2021-11-03 00:00:00
Google Chrome Use-After-Free Vulnerability
2021-11-03 00:00:00
packetstorm
packetstorm
Chrome V8 Turbofan Type Confusion
2020-11-09 00:00:00

8.5 High

AI Score

Confidence

Low

JSON
Related for FEDORA_2020-3E005CE2E0.NASL
fedora3suse14nessus24archlinux3kaspersky6chrome4threatpost3gentoo3redhat2thn1malwarebytes1freebsd1osv2cisa1github2ics1ibm1veracode19cve23redhatcve16prion20ubuntucve18debiancve19symantec1attackerkb2gitlab6cisa_kev2packetstorm1