Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-BF684961D9.NASL
HistoryJul 30, 2020 - 12:00 a.m.

Fedora 32 : chromium (2020-bf684961d9)

2020-07-3000:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

7.8 High

AI Score

Confidence

Low

JSON

Just enough time for one more update.

Chromium 84.

Fixes CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2020-bf684961d9.
#

include('compat.inc');

if (description)
{
  script_id(139106);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/27");

  script_cve_id(
    "CVE-2020-6510",
    "CVE-2020-6511",
    "CVE-2020-6512",
    "CVE-2020-6513",
    "CVE-2020-6514",
    "CVE-2020-6515",
    "CVE-2020-6516",
    "CVE-2020-6517",
    "CVE-2020-6518",
    "CVE-2020-6519",
    "CVE-2020-6520",
    "CVE-2020-6521",
    "CVE-2020-6522",
    "CVE-2020-6523",
    "CVE-2020-6524",
    "CVE-2020-6525",
    "CVE-2020-6526",
    "CVE-2020-6527",
    "CVE-2020-6528",
    "CVE-2020-6529",
    "CVE-2020-6530",
    "CVE-2020-6531",
    "CVE-2020-6533",
    "CVE-2020-6534",
    "CVE-2020-6535",
    "CVE-2020-6536"
  );
  script_xref(name:"FEDORA", value:"2020-bf684961d9");

  script_name(english:"Fedora 32 : chromium (2020-bf684961d9)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Just enough time for one more update. 

Chromium 84.

Fixes CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513
CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518
CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523
CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528
CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534
CVE-2020-6535 CVE-2020-6536

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-bf684961d9");
  script_set_attribute(attribute:"solution", value:
"Update the affected chromium package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6524");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-6522");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:32");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^32([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 32", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC32", reference:"chromium-84.0.4147.89-1.fc32", allowmaj:TRUE)) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
}
VendorProductVersionCPE
fedoraprojectfedorachromiump-cpe:/a:fedoraproject:fedora:chromium
fedoraprojectfedora32cpe:/o:fedoraproject:fedora:32

References

Related

openvas 7
fedora 2
suse 6
nessus 12
kaspersky 1
chrome 1
freebsd 1
gentoo 2
redhat 1
cve 26
redhatcve 26
veracode 26
prion 26
ubuntucve 26
debiancve 26
talos 1
zdt 2
alpinelinux 1
googleprojectzero 1
githubexploit 2
thn 1
packetstorm 1
checkpoint_advisories 1
openvas
openvas
Fedora: Security Advisory for chromium (FEDORA-2020-84d87cbd50)
2020-08-02 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2020:1020-1)
2020-07-21 00:00:00
Fedora: Security Advisory for chromium (FEDORA-2020-bf684961d9)
2020-07-31 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: chromium-84.0.4147.89-1.fc32
2020-07-30 17:54:07
[SECURITY] Fedora 31 Update: chromium-84.0.4147.89-1.fc31
2020-08-02 01:09:48
suse
suse
Security update for opera (moderate)
2020-08-05 00:00:00
Security update for opera (moderate)
2020-08-09 00:00:00
Security update for chromium (important)
2020-09-18 00:00:00
nessus
nessus
openSUSE Security Update : chromium (openSUSE-2020-1021)
2020-07-21 00:00:00
Google Chrome < 84.0.4147.89 Multiple Vulnerabilities
2020-07-14 00:00:00
openSUSE Security Update : opera (openSUSE-2020-1148)
2020-08-06 00:00:00
kaspersky
kaspersky
KLA11869 Multiple vulnerability in Google Chrome
2020-07-14 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2020-07-14 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2020-07-14 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2020-07-26 00:00:00
Qt WebEngine: Multiple vulnerabilities
2021-01-26 00:00:00
redhat
redhat
(RHSA-2020:3377) Critical: chromium-browser security update
2020-08-10 06:22:50
cve
cve
CVE-2020-6518
2020-07-22 17:15:00
CVE-2020-6522
2020-07-22 17:15:00
CVE-2020-6534
2020-07-22 17:15:00
redhatcve
redhatcve
CVE-2020-6518
2020-07-15 17:08:20
CVE-2020-6523
2020-07-15 17:08:07
CVE-2020-6533
2020-07-15 17:09:01
veracode
veracode
Out Of Bounds Write
2020-12-21 19:50:03
Arbitrary Code Execution
2020-12-21 19:50:04
Arbitrary Code Execution
2020-12-21 19:52:14
prion
prion
Design/Logic Flaw
2020-07-22 17:15:00
Design/Logic Flaw
2020-07-22 17:15:00
Design/Logic Flaw
2020-07-22 17:15:00
ubuntucve
ubuntucve
CVE-2020-6522
2020-07-22 00:00:00
CVE-2020-6534
2020-07-22 00:00:00
CVE-2020-6533
2020-07-22 00:00:00
debiancve
debiancve
CVE-2020-6521
2020-07-22 17:15:00
CVE-2020-6522
2020-07-22 17:15:00
CVE-2020-6533
2020-07-22 17:15:00
talos
talos
Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability
2020-09-14 00:00:00
zdt
zdt
WebRTC usrsctp Incorrect Call Vulnerability
2020-08-01 00:00:00
Chromium 83 - Full CSP Bypass Exploit
2020-12-04 00:00:00
alpinelinux
alpinelinux
CVE-2020-6514
2020-07-22 17:15:00
googleprojectzero
googleprojectzero
Exploiting Android Messengers with WebRTC: Part 3
2020-08-06 00:00:00
githubexploit
githubexploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Chrome
2020-08-09 20:06:50
Exploit for Vulnerability in Google Chrome
2020-08-09 08:25:40
thn
thn
Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers
2020-08-11 14:22:00
packetstorm
packetstorm
Chromium 83 CSP Bypass
2020-12-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Chrome Heap Corruption (CVE-2020-6514)
2020-08-24 00:00:00

7.8 High

AI Score

Confidence

Low

JSON
Related for FEDORA_2020-BF684961D9.NASL
openvas7fedora2suse6nessus12kaspersky1chrome1freebsd1gentoo2redhat1cve26redhatcve26veracode26prion26ubuntucve26debiancve26talos1zdt2alpinelinux1googleprojectzero1githubexploit2thn1packetstorm1checkpoint_advisories1