Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
2021-01-08T06:00:28
ID THREATPOST:EA2228FFF2BA7DAA40851692D1E4E5EB Type threatpost Reporter Tom Spring Modified 2021-01-08T06:00:28
Description
Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software.
The Mozilla Firefox vulnerability (CVE-2020-16044) is separate from a bug reported in Google’s browser engine Chromium, which is used in the Google Chrome browser and Microsoft’s latest version of its Edge browser.
Critical Firefox Use-After-Free Bug
On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) urged users of Mozilla Foundation’s Firefox browser to patch a bug, tracked as CVE-2020-16044, and rated as critical. The vulnerability is classified as a use-after-free bug and tied to the way Firefox handles browser cookies and if exploited allows hackers to gain access to the computer, phone or tablet running the browser software.
Impacted are Firefox browser versions released prior to the recently released Firefox desktop 84.0.2, Firefox Android 84.1.3 edition and also Mozilla’s corporate ESR 78.6.1 version of Firefox.
“A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code,” according to a Mozilla security bulletin posted Thursday. The acronym SCTP stands for Stream Control Transmission Protocol, used in computer networking to communicate protocol data within the Transport Layer of the internet protocol suite, or TCP/IP. The bug is tied to the way cookie data is handled by SCTP.
Each inbound SCTP packet contains a cookie chunk that facilitates a corresponding reply from the browser’s cookie. A COOKIE ECHO chunk is a snippet of data sent during the initialization of the SCTP connection with the browser.
According to Mozilla an adversary could craft a malicious COOKIE-ECHO chunk to impact the browser’s memory. A use-after-free vulnerability relates to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program,” according to a description of the vulnerability.
Mozilla did not credit the bug discovery, nor did it state whether it was a vulnerability actively being exploited in the wild.
Chromium Browser Bug Impacts Chrome and Edge
Also on Thursday, CISA urged Windows, macOS and Linux users of Google’s Chrome browser to patch an out-of-bounds write bug (CVE-2020-15995) impacting the current 87.0.4280.141 version of the software. The CISA-bug warning stated that the update to the latest version of the Chrome browser would “addresses vulnerabilities that an attacker could exploit to take control of an affected system.”
While researchers at Tenable classify the out-of-bounds bug as critical, both Google and Microsoft classified the vulnerability as high severity. Tencent Security Xuanwu Lab researcher Bohan Liu is credited for finding and reporting the bug.
Interestingly, the CVE-2020-15995 bug dates back to a Chrome for Android update security bulletin Google’s published on October 2020. At the time, the bug was also classified as high-severity. The flaw is identified as an “out of bounds write in V8”, bug originally found in September 2020 by Liu.
V8 is Google’s open-source and high-performance JavaScript and WebAssembly engine, according to a Google developer description. While the technical specifics of the bug are not available, similar out of bounds write in V8 bugs have allowed remote attackers to exploit a heap corruption via a crafted HTML page.
A heap corruption is a type of memory corruption that occurs in a computer program when the contents of a memory location are modified due to programmatic behavior — malicious or not — that exceeds the intention of the original programmer or program language parameters. A so-called heap-smashing attack can be used to exploit instances of heap corruption, according to an academic paper (PDF) co-authored by Nektarios Georgios Tsoutsos, student member of IEEE and Michail Maniatakos, senior member of IEEE.
“Heap Smashing Attacks exploit dynamic memory allocators (e.g. ,malloc) by corrupting the control structures defining the heap itself. By overflowing a heap block, attackers could overwrite adjacent heap headers that chain different heap blocks, and eventually cause the dynamic memory allocator to modify arbitrary memory locations as soon as a heap free operation is executed. The malicious payload can also be generated on-the-fly: for example, by exploiting Just-In-Time (JIT) compilation, assembled code can be written on the heap,” they wrote.
Neither Microsoft nor Google explain why the October 2020 CVE-2020-15995 is being featured again in both their Thursday security bulletins. Typically, that’s an indication that the original fix was incomplete.
The majority of the bugs were rated high-severity and tied to use-after-free bugs. Three of the vulnerabilities earned bug hunters $20,000 for their efforts. Weipeng Jiang from Codesafe Team of Legendsec at Qi’anxin Group is credited for finding both $20,000 bugs (CVE-2021-21106 and CVE-2021-21107). The first, a use-after-free bug tied to Chromium’s autofill function and the second a use-after-free bug in the Chromium media component.
Leecraso and Guang Gong of 360 Alpha Lab earned $20,000 for a CVE-2021-21108, also a use-after-free bug in the browser’s media component.
No technical details were disclosed and typically aren’t until its determined that most Chrome browsers have been updated.
Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts – part of a limited-engagement and LIVE Threatpost webinar. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: Register Now and reserve a spot for this exclusive Threatpost Supply-Chain Security webinar — Jan. 20, 2 p.m. ET.
{"id": "THREATPOST:EA2228FFF2BA7DAA40851692D1E4E5EB", "type": "threatpost", "bulletinFamily": "info", "title": "Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking", "description": "Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software.\n\nThe Mozilla Firefox vulnerability ([CVE-2020-16044](<https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/>)) is separate from a bug reported in Google\u2019s browser engine Chromium, which is used in the Google Chrome browser and Microsoft\u2019s latest version of its Edge browser.\n\n## **Critical Firefox Use-After-Free Bug **\n\nOn Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) urged users of Mozilla Foundation\u2019s Firefox browser to patch a bug, tracked as [CVE-2020-16044](<https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/>), and rated as critical. The vulnerability is classified as a use-after-free bug and tied to the way Firefox handles browser cookies and if exploited allows hackers to gain access to the computer, phone or tablet running the browser software.\n\nImpacted are Firefox browser versions released prior to the recently released Firefox desktop 84.0.2, Firefox Android 84.1.3 edition and also Mozilla\u2019s corporate ESR 78.6.1 version of Firefox.\n\n\u201cA malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code,\u201d according to [a Mozilla security bulletin posted Thursday](<https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/>). \n[](<https://threatpost.com/2020-reader-survey/161168/>)The acronym SCTP stands for Stream Control Transmission Protocol, used in computer networking to communicate protocol data within the Transport Layer of the internet protocol suite, or TCP/IP. The bug is tied to the way cookie data is handled by SCTP.\n\nEach inbound SCTP packet contains a cookie chunk that facilitates a corresponding reply from the browser\u2019s cookie. A COOKIE ECHO chunk is a snippet of data sent during the initialization of the SCTP connection with the browser.\n\nAccording to Mozilla an adversary could craft a malicious COOKIE-ECHO chunk to impact the browser\u2019s memory. A use-after-free vulnerability relates to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program,\u201d according to a description of the vulnerability.\n\nMozilla did not credit the bug discovery, nor did it state whether it was a vulnerability actively being exploited in the wild.\n\n## **Chromium Browser Bug Impacts Chrome and Edge **\n\nAlso on Thursday, CISA urged Windows, macOS and Linux users of Google\u2019s Chrome browser to patch an out-of-bounds write bug (CVE-2020-15995) impacting the current 87.0.4280.141 version of the software. The CISA-bug warning stated that the update to the latest version of the Chrome browser would \u201caddresses vulnerabilities that an attacker could exploit to take control of an affected system.\u201d\n\nBecause Microsoft\u2019s latest Edge browser is based on Google Chromium browser engine, Microsoft also urged its users to update to the [latest 87.0.664.75 version of its Edge browser](<https://msrc.microsoft.com/update-guide/vulnerability/ADV200002>).\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/08005108/web-browserss.jpg>)While researchers at Tenable classify the out-of-bounds [bug as critical](<https://www..com/plugins/nessus/144781>), both Google and Microsoft classified the vulnerability as [high severity](<https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html>). Tencent Security Xuanwu Lab researcher Bohan Liu is credited for finding and reporting the bug.\n\nInterestingly, the CVE-2020-15995 bug dates back to a Chrome for Android update security bulletin Google\u2019s published on October 2020. At the time, the bug was also classified as high-severity. The flaw is identified as an \u201cout of bounds write in V8\u201d, bug originally found in September 2020 by Liu.\n\nV8 is Google\u2019s open-source and high-performance JavaScript and WebAssembly engine, according to a [Google developer description](<https://v8.dev/>). While the technical specifics of the bug are not available, similar out of bounds write in V8 bugs have allowed remote attackers to exploit a heap corruption via a crafted HTML page.\n\nA heap corruption is a type of memory corruption that occurs in a computer program when the contents of a memory location are modified due to programmatic behavior \u2014 malicious or not \u2014 that exceeds the intention of the original programmer or program language parameters. A so-called heap-smashing attack can be used to exploit instances of heap corruption, according to an [academic paper (PDF) co-authored](<http://sites.nyuad.nyu.edu/moma/pdfs/pubs/J19AV.pdf>) by Nektarios Georgios Tsoutsos, student member of IEEE and Michail Maniatakos, senior member of IEEE.\n\n\u201cHeap Smashing Attacks exploit dynamic memory allocators (e.g. ,malloc) by corrupting the control structures defining the heap itself. By overflowing a heap block, attackers could overwrite adjacent heap headers that chain different heap blocks, and eventually cause the dynamic memory allocator to modify arbitrary memory locations as soon as a heap free operation is executed. The malicious payload can also be generated on-the-fly: for example, by exploiting Just-In-Time (JIT) compilation, assembled code can be written on the heap,\u201d they wrote.\n\nNeither Microsoft nor Google explain why the October 2020 CVE-2020-15995 is being featured again in both their Thursday security bulletins. Typically, that\u2019s an indication that the original fix was incomplete.\n\n## **More Chromium Bugs Impact Chrome and Edge **\n\nTwelve additional bugs were reported by Google, impacting its Chromium browser engine. Both Google and Microsoft featured the same list of vulnerabilities ([CVE-2021-21106](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21106>), [CVE-2021-21107](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21107>), [CVE-2021-21108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21108>), [CVE-2021-21109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21109>), [CVE-2021-21110](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21110>), [CVE-2021-21111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21111>), [CVE-2021-21112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21112>), [CVE-2021-21113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21113>), [CVE-2021-21114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21114>), [CVE-2021-21115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21115>), [CVE-2021-21116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21116>), [CVE-2020-16043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16043>)).\n\nThe majority of the bugs were rated high-severity and tied to use-after-free bugs. Three of the vulnerabilities earned bug hunters $20,000 for their efforts. Weipeng Jiang from Codesafe Team of Legendsec at Qi\u2019anxin Group is credited for finding both $20,000 bugs (CVE-2021-21106 and CVE-2021-21107). The first, a use-after-free bug tied to Chromium\u2019s autofill function and the second a use-after-free bug in the Chromium media component.\n\nLeecraso and Guang Gong of 360 Alpha Lab earned $20,000 for a CVE-2021-21108, also a use-after-free bug in the browser\u2019s media component.\n\nNo technical details were disclosed and typically aren\u2019t until its determined that most Chrome browsers have been updated.\n\n**Supply-Chain Security: A 10-Point Audit Webinar: _Is your company\u2019s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts \u2013 part of a [limited-engagement and LIVE Threatpost webinar](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>). CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: [Register Now](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>) and reserve a spot for this exclusive Threatpost [Supply-Chain Security webinar](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>) \u2014 Jan. 20, 2 p.m. ET._**\n", "published": "2021-01-08T06:00:28", "modified": "2021-01-08T06:00:28", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/162873/", "reporter": "Tom Spring", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/", "https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/", "https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/", "https://threatpost.com/2020-reader-survey/161168/", "https://msrc.microsoft.com/update-guide/vulnerability/ADV200002", "https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/08005108/web-browserss.jpg", "https://www..com/plugins/nessus/144781", "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html", "https://v8.dev/", "http://sites.nyuad.nyu.edu/moma/pdfs/pubs/J19AV.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21106", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21107", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21109", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21110", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21112", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21113", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21115", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16043", "https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar", "https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar", "https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar"], "cvelist": ["CVE-2020-15995", "CVE-2020-16043", "CVE-2020-16044", "CVE-2021-21106", "CVE-2021-21107", "CVE-2021-21108", "CVE-2021-21109", "CVE-2021-21110", "CVE-2021-21111", "CVE-2021-21112", "CVE-2021-21113", "CVE-2021-21114", "CVE-2021-21115", "CVE-2021-21116"], "lastseen": "2021-01-12T09:36:42", "viewCount": 186, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202101-5", "ASA-202101-20", "ASA-202101-6", "ASA-202101-17"]}, {"type": "freebsd", "idList": ["D153C4D2-50F8-11EB-8046-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202101-04", "GLSA-202101-14", "GLSA-202101-05"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_87_0_664_75.NASL", "GOOGLE_CHROME_87_0_4280_141.NASL", "DEBIAN_DSA-4832.NASL", "FEDORA_2021-79926272CE.NASL", "OPENSUSE-2021-138.NASL", "OPENSUSE-2021-139.NASL", "MACOSX_GOOGLE_CHROME_87_0_4280_141.NASL", "FREEBSD_PKG_D153C4D250F811EB80463065EC8FD3EC.NASL", "OPENSUSE-2021-40.NASL", "FEDORA_2021-D9FAEFF8EB.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4827-1:369CF", "DEBIAN:DSA-4832-1:C6798", "DEBIAN:DSA-4842-1:86303", "DEBIAN:DLA-2541-1:36CC4", "DEBIAN:DLA-2521-1:C8DC4"]}, {"type": "fedora", "idList": ["FEDORA:C6EA430E630A", "FEDORA:8CF273097270"]}, {"type": "cve", "idList": ["CVE-2021-21115", "CVE-2021-21113", "CVE-2021-21116", "CVE-2021-21114", "CVE-2021-21112", "CVE-2021-21107", "CVE-2021-21111", "CVE-2021-21109", "CVE-2021-21110", "CVE-2021-21108"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16044"]}, {"type": "redhat", "idList": ["RHSA-2021:0053", "RHSA-2021:0087", "RHSA-2021:0160", "RHSA-2021:0055", "RHSA-2021:0088", "RHSA-2021:0054", "RHSA-2021:0052", "RHSA-2021:0089"]}, {"type": "centos", "idList": ["CESA-2021:0087", "CESA-2021:0053"]}, {"type": "ubuntu", "idList": ["USN-4687-1"]}, {"type": "amazon", "idList": ["ALAS2-2021-1594"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-0087", "ELSA-2021-0089", "ELSA-2021-0052", "ELSA-2021-0053"]}, {"type": "threatpost", "idList": ["THREATPOST:BF1159DF375D02A6EF9E13A4B1086F02", "THREATPOST:398E85215A3E7B7329EE3FED8F6374FF", "THREATPOST:BF4F0F3E3CEFCA14433C331F5D6493E2"]}, {"type": "thn", "idList": ["THN:297E4356728156DE21DF3C288E414E47"]}], "modified": "2021-01-12T09:36:42", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-01-12T09:36:42", "rev": 2}, "vulnersScore": 5.1}}
{"archlinux": [{"lastseen": "2021-01-16T00:26:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15995", "CVE-2020-16043", "CVE-2021-21106", "CVE-2021-21107", "CVE-2021-21108", "CVE-2021-21109", "CVE-2021-21110", "CVE-2021-21111", "CVE-2021-21112", "CVE-2021-21113", "CVE-2021-21114", "CVE-2021-21115", "CVE-2021-21116"], "description": "Arch Linux Security Advisory ASA-202101-20\n==========================================\n\nSeverity: High\nDate : 2021-01-12\nCVE-ID : CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107\nCVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111\nCVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115\nCVE-2021-21116\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1424\n\nSummary\n=======\n\nThe package vivaldi before version 3.5.2115.87-1 is vulnerable to\nmultiple issues including access restriction bypass, arbitrary code\nexecution and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 3.5.2115.87-1.\n\n# pacman -Syu \"vivaldi>=3.5.2115.87-1\"\n\nThe problems have been fixed upstream in version 3.5.2115.87.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-15995 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the V8\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2020-16043 (insufficient validation)\n\nAn insufficient data validation security issue has been found in the\nnetworking component of the Chromium browser before version\n87.0.4280.141.\n\n- CVE-2021-21106 (arbitrary code execution)\n\nA use after free security issue has been found in the autofill\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21107 (arbitrary code execution)\n\nA use after free security issue has been found in the drag and drop\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21108 (arbitrary code execution)\n\nA use after free security issue has been found in the media component\nof the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21109 (arbitrary code execution)\n\nA use after free security issue has been found in the payments\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21110 (arbitrary code execution)\n\nA use after free security issue has been found in the safe browsing\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21111 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nWebUI component of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21112 (arbitrary code execution)\n\nA use after free security issue has been found in the Blink component\nof the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21113 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Skia\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21114 (arbitrary code execution)\n\nA use after free security issue has been found in the audio component\nof the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21115 (arbitrary code execution)\n\nA use after free security issue has been found in the safe browsing\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21116 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the audio\ncomponent of the Chromium browser before version 87.0.4280.141.\n\nImpact\n======\n\nA remote attacker might be able to bypass security restrictions and\nexecute arbitrary code.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/minor-update-for-vivaldi-desktop-browser-3-5/\nhttps://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html\nhttps://crbug.com/1157790\nhttps://crbug.com/1148309\nhttps://crbug.com/1148749\nhttps://crbug.com/1153595\nhttps://crbug.com/1155426\nhttps://crbug.com/1152334\nhttps://crbug.com/1152451\nhttps://crbug.com/1149125\nhttps://crbug.com/1151298\nhttps://crbug.com/1155178\nhttps://crbug.com/1150065\nhttps://crbug.com/1157814\nhttps://crbug.com/1151069\nhttps://security.archlinux.org/CVE-2020-15995\nhttps://security.archlinux.org/CVE-2020-16043\nhttps://security.archlinux.org/CVE-2021-21106\nhttps://security.archlinux.org/CVE-2021-21107\nhttps://security.archlinux.org/CVE-2021-21108\nhttps://security.archlinux.org/CVE-2021-21109\nhttps://security.archlinux.org/CVE-2021-21110\nhttps://security.archlinux.org/CVE-2021-21111\nhttps://security.archlinux.org/CVE-2021-21112\nhttps://security.archlinux.org/CVE-2021-21113\nhttps://security.archlinux.org/CVE-2021-21114\nhttps://security.archlinux.org/CVE-2021-21115\nhttps://security.archlinux.org/CVE-2021-21116", "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ASA-202101-20", "href": "https://security.archlinux.org/ASA-202101-20", "type": "archlinux", "title": "[ASA-202101-20] vivaldi: multiple issues", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:26:50", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15995", "CVE-2020-16043", "CVE-2021-21106", "CVE-2021-21107", "CVE-2021-21108", "CVE-2021-21109", "CVE-2021-21110", "CVE-2021-21111", "CVE-2021-21112", "CVE-2021-21113", "CVE-2021-21114", "CVE-2021-21115", "CVE-2021-21116"], "description": "Arch Linux Security Advisory ASA-202101-6\n=========================================\n\nSeverity: High\nDate : 2021-01-08\nCVE-ID : CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107\nCVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111\nCVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115\nCVE-2021-21116\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1414\n\nSummary\n=======\n\nThe package chromium before version 87.0.4280.141-1 is vulnerable to\nmultiple issues including access restriction bypass, arbitrary code\nexecution and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 87.0.4280.141-1.\n\n# pacman -Syu \"chromium>=87.0.4280.141-1\"\n\nThe problems have been fixed upstream in version 87.0.4280.141.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-15995 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the V8\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2020-16043 (insufficient validation)\n\nAn insufficient data validation security issue has been found in the\nnetworking component of the Chromium browser before version\n87.0.4280.141.\n\n- CVE-2021-21106 (arbitrary code execution)\n\nA use after free security issue has been found in the autofill\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21107 (arbitrary code execution)\n\nA use after free security issue has been found in the drag and drop\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21108 (arbitrary code execution)\n\nA use after free security issue has been found in the media component\nof the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21109 (arbitrary code execution)\n\nA use after free security issue has been found in the payments\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21110 (arbitrary code execution)\n\nA use after free security issue has been found in the safe browsing\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21111 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nWebUI component of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21112 (arbitrary code execution)\n\nA use after free security issue has been found in the Blink component\nof the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21113 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Skia\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21114 (arbitrary code execution)\n\nA use after free security issue has been found in the audio component\nof the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21115 (arbitrary code execution)\n\nA use after free security issue has been found in the safe browsing\ncomponent of the Chromium browser before version 87.0.4280.141.\n\n- CVE-2021-21116 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the audio\ncomponent of the Chromium browser before version 87.0.4280.141.\n\nImpact\n======\n\nA remote attacker might be able to bypass security restrictions and\nexecute arbitrary code.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html\nhttps://crbug.com/1157790\nhttps://crbug.com/1148309\nhttps://crbug.com/1148749\nhttps://crbug.com/1153595\nhttps://crbug.com/1155426\nhttps://crbug.com/1152334\nhttps://crbug.com/1152451\nhttps://crbug.com/1149125\nhttps://crbug.com/1151298\nhttps://crbug.com/1155178\nhttps://crbug.com/1150065\nhttps://crbug.com/1157814\nhttps://crbug.com/1151069\nhttps://security.archlinux.org/CVE-2020-15995\nhttps://security.archlinux.org/CVE-2020-16043\nhttps://security.archlinux.org/CVE-2021-21106\nhttps://security.archlinux.org/CVE-2021-21107\nhttps://security.archlinux.org/CVE-2021-21108\nhttps://security.archlinux.org/CVE-2021-21109\nhttps://security.archlinux.org/CVE-2021-21110\nhttps://security.archlinux.org/CVE-2021-21111\nhttps://security.archlinux.org/CVE-2021-21112\nhttps://security.archlinux.org/CVE-2021-21113\nhttps://security.archlinux.org/CVE-2021-21114\nhttps://security.archlinux.org/CVE-2021-21115\nhttps://security.archlinux.org/CVE-2021-21116", "modified": "2021-01-08T00:00:00", "published": "2021-01-08T00:00:00", "id": "ASA-202101-6", "href": "https://security.archlinux.org/ASA-202101-6", "type": "archlinux", "title": "[ASA-202101-6] chromium: multiple issues", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-12T13:10:45", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Arch Linux Security Advisory ASA-202101-17\n==========================================\n\nSeverity: Critical\nDate : 2021-01-12\nCVE-ID : CVE-2020-16044\nPackage : thunderbird\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1440\n\nSummary\n=======\n\nThe package thunderbird before version 78.6.1-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 78.6.1-1.\n\n# pacman -Syu \"thunderbird>=78.6.1-1\"\n\nThe problem has been fixed upstream in version 78.6.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA security issue was found in Firefox before 84.0.2 and Thunderbird\nbefore 78.6.1-1. A malicious peer could have modified a COOKIE-ECHO\nchunk in an SCTP packet in a way that potentially resulted in a use-\nafter-free. Mozilla presumes that with enough effort it could have been\nexploited to run arbitrary code.\n\nImpact\n======\n\nA malicious remote user could forge an SCTP packet and possibly execute\narbitrary code.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-02/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1683964\nhttps://hg.mozilla.org/mozilla-central/rev/08ba03dc8d4420e04e7c77fee3013e68180e6ead\nhttps://hg.mozilla.org/mozilla-central/rev/8c09f4813fc7e8f44605b6092262199bff15cdd7\nhttps://hg.mozilla.org/mozilla-central/rev/5991645a87d2abf289686d09d943229c9e3e54b5\nhttps://security.archlinux.org/CVE-2020-16044", "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ASA-202101-17", "href": "https://security.archlinux.org/ASA-202101-17", "type": "archlinux", "title": "[ASA-202101-17] thunderbird: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T13:10:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Arch Linux Security Advisory ASA-202101-5\n=========================================\n\nSeverity: Critical\nDate : 2021-01-08\nCVE-ID : CVE-2020-16044\nPackage : firefox\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1413\n\nSummary\n=======\n\nThe package firefox before version 84.0.2-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 84.0.2-1.\n\n# pacman -Syu \"firefox>=84.0.2-1\"\n\nThe problem has been fixed upstream in version 84.0.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA security issue was found in Firefox before 84.0.2. A malicious peer\ncould have modified a COOKIE-ECHO chunk in a SCTP packet in a way that\npotentially resulted in a use-after-free. Mozilla presumes that with\nenough effort it could have been exploited to run arbitrary code.\n\nImpact\n======\n\nA remote attacker might be able to execute arbitrary code via a crafted\nSCTP packet.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1683964\nhttps://hg.mozilla.org/mozilla-central/rev/08ba03dc8d4420e04e7c77fee3013e68180e6ead\nhttps://hg.mozilla.org/mozilla-central/rev/8c09f4813fc7e8f44605b6092262199bff15cdd7\nhttps://hg.mozilla.org/mozilla-central/rev/5991645a87d2abf289686d09d943229c9e3e54b5\nhttps://security.archlinux.org/CVE-2020-16044", "modified": "2021-01-08T00:00:00", "published": "2021-01-08T00:00:00", "id": "ASA-202101-5", "href": "https://security.archlinux.org/ASA-202101-5", "type": "archlinux", "title": "[ASA-202101-5] firefox: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2021-01-12T13:26:18", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "description": "\nChrome Releases reports:\n\nThis release includes 16 security fixes, including:\n\n[1148749] High CVE-2021-21106: Use after free in autofill.\n\t Reported by Weipeng Jiang (@Krace) from Codesafe Team of\n\t Legendsec at Qi'anxin Group on 2020-11-13\n[1153595] High CVE-2021-21107: Use after free in drag and\n\t drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2020-11-30\n[1155426] High CVE-2021-21108: Use after free in media.\n\t Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2020-12-04\n[1152334] High CVE-2021-21109: Use after free in payments.\n\t Reported by Rong Jian and Guang Gong of 360 Alpha Lab on\n\t 2020-11-24\n[1152451] High CVE-2021-21110: Use after free in safe\n\t browsing. Reported by Anonymous on 2020-11-24\n[1149125] High CVE-2021-21111: Insufficient policy enforcement\n\t in WebUI. Reported by Alesandro Ortiz on 2020-11-15\n[1151298] High CVE-2021-21112: Use after free in Blink.\n\t Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on\n\t 2020-11-20\n[1155178] High CVE-2021-21113: Heap buffer overflow in Skia.\n\t Reported by tsubmunu on 2020-12-03\n[1148309] High CVE-2020-16043: Insufficient data validation in\n\t networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory\n\t Vishnepolsky at Armis on 2020-11-12\n[1150065] High CVE-2021-21114: Use after free in audio.\n\t Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17\n[1157790] High CVE-2020-15995: Out of bounds write in V8.\n\t Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu\n\t Lab on 2020-12-11\n[1157814] High CVE-2021-21115: Use after free in safe browsing.\n\t Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2020-12-11\n[1151069] Medium CVE-2021-21116: Heap buffer overflow in audio.\n\t Reported by Alison Huffman, Microsoft Browser Vulnerability\n\t Research on 2020-11-19\n\n\n", "edition": 2, "modified": "2021-01-06T00:00:00", "published": "2021-01-06T00:00:00", "id": "D153C4D2-50F8-11EB-8046-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/d153c4d2-50f8-11eb-8046-3065ec8fd3ec.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2021-01-10T13:26:40", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-87.0.4280.141\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-87.0.4280.141\"", "edition": 1, "modified": "2021-01-10T00:00:00", "published": "2021-01-10T00:00:00", "id": "GLSA-202101-05", "href": "https://security.gentoo.org/glsa/202101-05", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-10T13:26:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla project. \n\n### Description\n\nA use-after-free bug was discovered in Mozilla Firefox\u2019s handling of SCTP. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox ESR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/firefox-78.6.1:0/esr78\"\n \n\nAll Firefox ESR binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/firefox-bin-78.6.1:0/esr78\"\n \n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-84.0.2\"\n \n\nAll Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-84.0.2\"", "edition": 1, "modified": "2021-01-10T00:00:00", "published": "2021-01-10T00:00:00", "id": "GLSA-202101-04", "href": "https://security.gentoo.org/glsa/202101-04", "title": "Mozilla Firefox: Remote code execution", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-22T19:27:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project. \n\n### Description\n\nA use-after-free bug was discovered in Mozilla Thunderbird handling of SCTP. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-78.6.1\"\n \n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-78.6.1\"", "edition": 1, "modified": "2021-01-22T00:00:00", "published": "2021-01-22T00:00:00", "id": "GLSA-202101-14", "href": "https://security.gentoo.org/glsa/202101-14", "title": "Mozilla Thunderbird: Remote code execution", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-15T02:48:59", "description": "Chrome Releases reports :\n\nThis release includes 16 security fixes, including :\n\n- [1148749] High CVE-2021-21106: Use after free in autofill. Reported\nby Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2020-11-13\n\n- [1153595] High CVE-2021-21107: Use after free in drag and drop.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-11-30\n\n- [1155426] High CVE-2021-21108: Use after free in media. Reported by\nLeecraso and Guang Gong of 360 Alpha Lab on 2020-12-04\n\n- [1152334] High CVE-2021-21109: Use after free in payments. Reported\nby Rong Jian and Guang Gong of 360 Alpha Lab on 2020-11-24\n\n- [1152451] High CVE-2021-21110: Use after free in safe browsing.\nReported by Anonymous on 2020-11-24\n\n- [1149125] High CVE-2021-21111: Insufficient policy enforcement in\nWebUI. Reported by Alesandro Ortiz on 2020-11-15\n\n- [1151298] High CVE-2021-21112: Use after free in Blink. Reported by\nYoungJoo Lee(@ashuu_lee) of Raon Whitehat on 2020-11-20\n\n- [1155178] High CVE-2021-21113: Heap buffer overflow in Skia.\nReported by tsubmunu on 2020-12-03\n\n- [1148309] High CVE-2020-16043: Insufficient data validation in\nnetworking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory\nVishnepolsky at Armis on 2020-11-12\n\n- [1150065] High CVE-2021-21114: Use after free in audio. Reported by\nMan Yue Mo of GitHub Security Lab on 2020-11-17\n\n- [1157790] High CVE-2020-15995: Out of bounds write in V8. Reported\nby Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on\n2020-12-11\n\n- [1157814] High CVE-2021-21115: Use after free in safe browsing.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-11\n\n- [1151069] Medium CVE-2021-21116: Heap buffer overflow in audio.\nReported by Alison Huffman, Microsoft Browser Vulnerability Research\non 2020-11-19", "edition": 3, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-11T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (d153c4d2-50f8-11eb-8046-3065ec8fd3ec)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_D153C4D250F811EB80463065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/144823", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144823);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2020-15995\", \"CVE-2020-16043\", \"CVE-2021-21106\", \"CVE-2021-21107\", \"CVE-2021-21108\", \"CVE-2021-21109\", \"CVE-2021-21110\", \"CVE-2021-21111\", \"CVE-2021-21112\", \"CVE-2021-21113\", \"CVE-2021-21114\", \"CVE-2021-21115\", \"CVE-2021-21116\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (d153c4d2-50f8-11eb-8046-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release includes 16 security fixes, including :\n\n- [1148749] High CVE-2021-21106: Use after free in autofill. Reported\nby Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2020-11-13\n\n- [1153595] High CVE-2021-21107: Use after free in drag and drop.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-11-30\n\n- [1155426] High CVE-2021-21108: Use after free in media. Reported by\nLeecraso and Guang Gong of 360 Alpha Lab on 2020-12-04\n\n- [1152334] High CVE-2021-21109: Use after free in payments. Reported\nby Rong Jian and Guang Gong of 360 Alpha Lab on 2020-11-24\n\n- [1152451] High CVE-2021-21110: Use after free in safe browsing.\nReported by Anonymous on 2020-11-24\n\n- [1149125] High CVE-2021-21111: Insufficient policy enforcement in\nWebUI. Reported by Alesandro Ortiz on 2020-11-15\n\n- [1151298] High CVE-2021-21112: Use after free in Blink. Reported by\nYoungJoo Lee(@ashuu_lee) of Raon Whitehat on 2020-11-20\n\n- [1155178] High CVE-2021-21113: Heap buffer overflow in Skia.\nReported by tsubmunu on 2020-12-03\n\n- [1148309] High CVE-2020-16043: Insufficient data validation in\nnetworking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory\nVishnepolsky at Armis on 2020-11-12\n\n- [1150065] High CVE-2021-21114: Use after free in audio. Reported by\nMan Yue Mo of GitHub Security Lab on 2020-11-17\n\n- [1157790] High CVE-2020-15995: Out of bounds write in V8. Reported\nby Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on\n2020-12-11\n\n- [1157814] High CVE-2021-21115: Use after free in safe browsing.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-11\n\n- [1151069] Medium CVE-2021-21116: Heap buffer overflow in audio.\nReported by Alison Huffman, Microsoft Browser Vulnerability Research\non 2020-11-19\"\n );\n # https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c62eaf91\"\n );\n # https://vuxml.freebsd.org/freebsd/d153c4d2-50f8-11eb-8046-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c29eed5f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21106\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<87.0.4280.141\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-20T03:53:26", "description": "The version of Google Chrome installed on the remote macOS host is prior to 87.0.4280.141. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-06T00:00:00", "title": "Google Chrome < 87.0.4280.141 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_87_0_4280_141.NASL", "href": "https://www.tenable.com/plugins/nessus/144782", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144782);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\n \"CVE-2020-15995\",\n \"CVE-2020-16043\",\n \"CVE-2021-21106\",\n \"CVE-2021-21107\",\n \"CVE-2021-21108\",\n \"CVE-2021-21109\",\n \"CVE-2021-21110\",\n \"CVE-2021-21111\",\n \"CVE-2021-21112\",\n \"CVE-2021-21113\",\n \"CVE-2021-21114\",\n \"CVE-2021-21115\",\n \"CVE-2021-21116\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0006-S\");\n\n script_name(english:\"Google Chrome < 87.0.4280.141 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 87.0.4280.141. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c62eaf91\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1148749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1153595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1155426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1149125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1155178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1148309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1150065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151069\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 87.0.4280.141 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21106\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'87.0.4280.141', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-23T10:36:31", "description": "Update to 87.0.4280.141. Fixes :\n\nCVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109\nCVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113\nCVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115\nCVE-2021-21116\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 2, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-20T00:00:00", "title": "Fedora 33 : chromium (2021-79926272ce)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2021-79926272CE.NASL", "href": "https://www.tenable.com/plugins/nessus/145131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2021-79926272ce.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145131);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\"CVE-2020-15995\", \"CVE-2020-16043\", \"CVE-2021-21106\", \"CVE-2021-21107\", \"CVE-2021-21108\", \"CVE-2021-21109\", \"CVE-2021-21110\", \"CVE-2021-21111\", \"CVE-2021-21112\", \"CVE-2021-21113\", \"CVE-2021-21114\", \"CVE-2021-21115\", \"CVE-2021-21116\");\n script_xref(name:\"FEDORA\", value:\"2021-79926272ce\");\n\n script_name(english:\"Fedora 33 : chromium (2021-79926272ce)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 87.0.4280.141. Fixes :\n\nCVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109\nCVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113\nCVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115\nCVE-2021-21116\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-79926272ce\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"chromium-87.0.4280.141-1.fc33\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-03T05:00:48", "description": "This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.344\n\n - CHR-8265 Update chromium on desktop-stable-87-3856 to\n 87.0.4280.141\n\n - DNA-90625 [Mac] Crash at opera::TabView::\n GetPaintData(opera::TabState) const\n\n - DNA-90735 Crash at\n opera::BrowserSidebarModel::GetItemVisible\n (opera::BrowserSidebarItem const*) const\n\n - DNA-90780 Crash at\n extensions::CommandService::GetExtension\n ActionCommand(std::__1::basic_string const&,\n extensions:: ActionInfo::Type,\n extensions::CommandService::QueryType,\n extensions::Command*, bool*)\n\n - DNA-90821 Crash at opera::BrowserSidebarController::\n Action(opera::BrowserSidebarItem const*,\n opera::BrowserSidebarItemContentView*)\n\n - The update to chromium 87.0.4280.141 fixes following\n issues: CVE-2021-21106, CVE-2021-21107, CVE-2021-21108,\n CVE-2021-21109, CVE-2021-21110, CVE-2021-21111,\n CVE-2021-21112, CVE-2021-21113, CVE-2020-16043,\n CVE-2021-21114, CVE-2020-15995, CVE-2021-21115,\n CVE-2021-21116\n\n - Update to version 73.0.3856.329\n\n - DNA-89156 Crash at\n content::RenderViewHostImpl::OnFocus()\n\n - DNA-89731 [Mac] Bookmarks bar overlaps Babe section when\n hovering the OMenu\n\n - DNA-90189 Music service portal logotypes are blurred on\n Win\n\n - DNA-90336 add session data schema\n\n - DNA-90399 Address bar dropdown suggestions overlap each\n other\n\n - DNA-90520 Crash at\n absl::raw_logging_internal::RawLog(absl:: LogSeverity,\n char const*, int, char const*, …)\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - DNA-90600 Don’t report workspace visibility, when\n functionality is disabled.\n\n - DNA-90665 Collect music service statistics WP2\n\n - DNA-90773 Bad translation from english to spanish in UI\n\n - DNA-90789 Crash at\n opera::ThumbnailHelper::RunNextRequest()", "edition": 2, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-25T00:00:00", "title": "openSUSE Security Update : opera (openSUSE-2021-139)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-139.NASL", "href": "https://www.tenable.com/plugins/nessus/145306", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-139.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145306);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\"CVE-2020-15995\", \"CVE-2020-16043\", \"CVE-2021-21106\", \"CVE-2021-21107\", \"CVE-2021-21108\", \"CVE-2021-21109\", \"CVE-2021-21110\", \"CVE-2021-21111\", \"CVE-2021-21112\", \"CVE-2021-21113\", \"CVE-2021-21114\", \"CVE-2021-21115\", \"CVE-2021-21116\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-139)\");\n script_summary(english:\"Check for the openSUSE-2021-139 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.344\n\n - CHR-8265 Update chromium on desktop-stable-87-3856 to\n 87.0.4280.141\n\n - DNA-90625 [Mac] Crash at opera::TabView::\n GetPaintData(opera::TabState) const\n\n - DNA-90735 Crash at\n opera::BrowserSidebarModel::GetItemVisible\n (opera::BrowserSidebarItem const*) const\n\n - DNA-90780 Crash at\n extensions::CommandService::GetExtension\n ActionCommand(std::__1::basic_string const&,\n extensions:: ActionInfo::Type,\n extensions::CommandService::QueryType,\n extensions::Command*, bool*)\n\n - DNA-90821 Crash at opera::BrowserSidebarController::\n Action(opera::BrowserSidebarItem const*,\n opera::BrowserSidebarItemContentView*)\n\n - The update to chromium 87.0.4280.141 fixes following\n issues: CVE-2021-21106, CVE-2021-21107, CVE-2021-21108,\n CVE-2021-21109, CVE-2021-21110, CVE-2021-21111,\n CVE-2021-21112, CVE-2021-21113, CVE-2020-16043,\n CVE-2021-21114, CVE-2020-15995, CVE-2021-21115,\n CVE-2021-21116\n\n - Update to version 73.0.3856.329\n\n - DNA-89156 Crash at\n content::RenderViewHostImpl::OnFocus()\n\n - DNA-89731 [Mac] Bookmarks bar overlaps Babe section when\n hovering the OMenu\n\n - DNA-90189 Music service portal logotypes are blurred on\n Win\n\n - DNA-90336 add session data schema\n\n - DNA-90399 Address bar dropdown suggestions overlap each\n other\n\n - DNA-90520 Crash at\n absl::raw_logging_internal::RawLog(absl:: LogSeverity,\n char const*, int, char const*, …)\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - DNA-90600 Don’t report workspace visibility, when\n functionality is disabled.\n\n - DNA-90665 Collect music service statistics WP2\n\n - DNA-90773 Bad translation from english to spanish in UI\n\n - DNA-90789 Crash at\n opera::ThumbnailHelper::RunNextRequest()\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-73.0.3856.344-lp152.2.30.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-23T09:57:46", "description": "Multiple security issues were discovered in the Chromium web browser,\nwhich could result in the execution of arbitrary code, denial of\nservice or information disclosure.", "edition": 2, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-20T00:00:00", "title": "Debian DSA-4832-1 : chromium - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:chromium"], "id": "DEBIAN_DSA-4832.NASL", "href": "https://www.tenable.com/plugins/nessus/145194", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4832. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145194);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\"CVE-2020-15995\", \"CVE-2020-16043\", \"CVE-2021-21106\", \"CVE-2021-21107\", \"CVE-2021-21108\", \"CVE-2021-21109\", \"CVE-2021-21110\", \"CVE-2021-21111\", \"CVE-2021-21112\", \"CVE-2021-21113\", \"CVE-2021-21114\", \"CVE-2021-21115\", \"CVE-2021-21116\");\n script_xref(name:\"DSA\", value:\"4832\");\n\n script_name(english:\"Debian DSA-4832-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in the Chromium web browser,\nwhich could result in the execution of arbitrary code, denial of\nservice or information disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4832\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 87.0.4280.141-0.1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"87.0.4280.141-0.1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"87.0.4280.141-0.1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"87.0.4280.141-0.1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"87.0.4280.141-0.1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"87.0.4280.141-0.1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"87.0.4280.141-0.1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-15T03:53:45", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.75. It is, therefore, affected\nby multiple vulnerabilities as referenced in the ADV200002-1-7-2021 advisory.\n\n - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2020-15995)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-08T00:00:00", "title": "Microsoft Edge (Chromium) < 87.0.664.75 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-08T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_87_0_664_75.NASL", "href": "https://www.tenable.com/plugins/nessus/144809", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144809);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2020-15995\",\n \"CVE-2020-16043\",\n \"CVE-2021-21106\",\n \"CVE-2021-21107\",\n \"CVE-2021-21108\",\n \"CVE-2021-21109\",\n \"CVE-2021-21110\",\n \"CVE-2021-21111\",\n \"CVE-2021-21112\",\n \"CVE-2021-21113\",\n \"CVE-2021-21114\",\n \"CVE-2021-21115\",\n \"CVE-2021-21116\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 87.0.664.75 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.75. It is, therefore, affected\nby multiple vulnerabilities as referenced in the ADV200002-1-7-2021 advisory.\n\n - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2020-15995)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?083510ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 87.0.664.75 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21106\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '87.0.664.75' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-20T03:26:46", "description": "The version of Google Chrome installed on the remote Windows host is prior to 87.0.4280.141. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-06T00:00:00", "title": "Google Chrome < 87.0.4280.141 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_87_0_4280_141.NASL", "href": "https://www.tenable.com/plugins/nessus/144781", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144781);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\n \"CVE-2020-15995\",\n \"CVE-2020-16043\",\n \"CVE-2021-21106\",\n \"CVE-2021-21107\",\n \"CVE-2021-21108\",\n \"CVE-2021-21109\",\n \"CVE-2021-21110\",\n \"CVE-2021-21111\",\n \"CVE-2021-21112\",\n \"CVE-2021-21113\",\n \"CVE-2021-21114\",\n \"CVE-2021-21115\",\n \"CVE-2021-21116\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0006-S\");\n\n script_name(english:\"Google Chrome < 87.0.4280.141 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 87.0.4280.141. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c62eaf91\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1148749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1153595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1155426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1149125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1155178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1148309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1150065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151069\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 87.0.4280.141 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21106\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'87.0.4280.141', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-29T04:39:32", "description": "This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.344\n\n - CHR-8265 Update chromium on desktop-stable-87-3856 to\n 87.0.4280.141\n\n - DNA-90625 [Mac] Crash at opera::TabView::\n GetPaintData(opera::TabState) const\n\n - DNA-90735 Crash at\n opera::BrowserSidebarModel::GetItemVisible\n (opera::BrowserSidebarItem const*) const\n\n - DNA-90780 Crash at\n extensions::CommandService::GetExtension\n ActionCommand(std::__1::basic_string const&,\n extensions:: ActionInfo::Type,\n extensions::CommandService::QueryType,\n extensions::Command*, bool*)\n\n - DNA-90821 Crash at opera::BrowserSidebarController::\n Action(opera::BrowserSidebarItem const*,\n opera::BrowserSidebarItemContentView*)\n\n - The update to chromium 87.0.4280.141 fixes following\n issues: CVE-2021-21106, CVE-2021-21107, CVE-2021-21108,\n CVE-2021-21109, CVE-2021-21110, CVE-2021-21111,\n CVE-2021-21112, CVE-2021-21113, CVE-2020-16043,\n CVE-2021-21114, CVE-2020-15995, CVE-2021-21115,\n CVE-2021-21116\n\n - Update to version 73.0.3856.329\n\n - DNA-89156 Crash at\n content::RenderViewHostImpl::OnFocus()\n\n - DNA-89731 [Mac] Bookmarks bar overlaps Babe section when\n hovering the OMenu\n\n - DNA-90189 Music service portal logotypes are blurred on\n Win\n\n - DNA-90336 add session data schema\n\n - DNA-90399 Address bar dropdown suggestions overlap each\n other\n\n - DNA-90520 Crash at\n absl::raw_logging_internal::RawLog(absl:: LogSeverity,\n char const*, int, char const*, …)\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - DNA-90600 Don’t report workspace visibility, when\n functionality is disabled.\n\n - DNA-90665 Collect music service statistics WP2\n\n - DNA-90773 Bad translation from english to spanish in UI\n\n - DNA-90789 Crash at\n opera::ThumbnailHelper::RunNextRequest()", "edition": 2, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-25T00:00:00", "title": "openSUSE Security Update : opera (openSUSE-2021-138)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2021-138.NASL", "href": "https://www.tenable.com/plugins/nessus/145383", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-138.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145383);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-15995\", \"CVE-2020-16043\", \"CVE-2021-21106\", \"CVE-2021-21107\", \"CVE-2021-21108\", \"CVE-2021-21109\", \"CVE-2021-21110\", \"CVE-2021-21111\", \"CVE-2021-21112\", \"CVE-2021-21113\", \"CVE-2021-21114\", \"CVE-2021-21115\", \"CVE-2021-21116\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-138)\");\n script_summary(english:\"Check for the openSUSE-2021-138 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.344\n\n - CHR-8265 Update chromium on desktop-stable-87-3856 to\n 87.0.4280.141\n\n - DNA-90625 [Mac] Crash at opera::TabView::\n GetPaintData(opera::TabState) const\n\n - DNA-90735 Crash at\n opera::BrowserSidebarModel::GetItemVisible\n (opera::BrowserSidebarItem const*) const\n\n - DNA-90780 Crash at\n extensions::CommandService::GetExtension\n ActionCommand(std::__1::basic_string const&,\n extensions:: ActionInfo::Type,\n extensions::CommandService::QueryType,\n extensions::Command*, bool*)\n\n - DNA-90821 Crash at opera::BrowserSidebarController::\n Action(opera::BrowserSidebarItem const*,\n opera::BrowserSidebarItemContentView*)\n\n - The update to chromium 87.0.4280.141 fixes following\n issues: CVE-2021-21106, CVE-2021-21107, CVE-2021-21108,\n CVE-2021-21109, CVE-2021-21110, CVE-2021-21111,\n CVE-2021-21112, CVE-2021-21113, CVE-2020-16043,\n CVE-2021-21114, CVE-2020-15995, CVE-2021-21115,\n CVE-2021-21116\n\n - Update to version 73.0.3856.329\n\n - DNA-89156 Crash at\n content::RenderViewHostImpl::OnFocus()\n\n - DNA-89731 [Mac] Bookmarks bar overlaps Babe section when\n hovering the OMenu\n\n - DNA-90189 Music service portal logotypes are blurred on\n Win\n\n - DNA-90336 add session data schema\n\n - DNA-90399 Address bar dropdown suggestions overlap each\n other\n\n - DNA-90520 Crash at\n absl::raw_logging_internal::RawLog(absl:: LogSeverity,\n char const*, int, char const*, …)\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - DNA-90600 Don’t report workspace visibility, when\n functionality is disabled.\n\n - DNA-90665 Collect music service statistics WP2\n\n - DNA-90773 Bad translation from english to spanish in UI\n\n - DNA-90789 Crash at\n opera::ThumbnailHelper::RunNextRequest()\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opera-73.0.3856.344-lp151.2.42.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-03T05:00:51", "description": "This update for chromium fixes the following issues :\n\n - Update to 87.0.4280.141 (boo#1180645)\n\n - CVE-2021-21106: Use after free in autofill\n\n - CVE-2021-21107: Use after free in drag and drop\n\n - CVE-2021-21108: Use after free in media\n\n - CVE-2021-21109: Use after free in payments\n\n - CVE-2021-21110: Use after free in safe browsing\n\n - CVE-2021-21111: Insufficient policy enforcement in WebUI\n\n - CVE-2021-21112: Use after free in Blink\n\n - CVE-2021-21113: Heap buffer overflow in Skia\n\n - CVE-2020-16043: Insufficient data validation in\n networking\n\n - CVE-2021-21114: Use after free in audio\n\n - CVE-2020-15995: Out of bounds write in V8\n\n - CVE-2021-21115: Use after free in safe browsing\n\n - CVE-2021-21116: Heap buffer overflow in audio \n\n - Use main URLs instead of redirects in master preferences", "edition": 2, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-25T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2021-41)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-25T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2021-41.NASL", "href": "https://www.tenable.com/plugins/nessus/145308", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-41.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145308);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\"CVE-2020-15995\", \"CVE-2020-16043\", \"CVE-2021-21106\", \"CVE-2021-21107\", \"CVE-2021-21108\", \"CVE-2021-21109\", \"CVE-2021-21110\", \"CVE-2021-21111\", \"CVE-2021-21112\", \"CVE-2021-21113\", \"CVE-2021-21114\", \"CVE-2021-21115\", \"CVE-2021-21116\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-41)\");\n script_summary(english:\"Check for the openSUSE-2021-41 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\n - Update to 87.0.4280.141 (boo#1180645)\n\n - CVE-2021-21106: Use after free in autofill\n\n - CVE-2021-21107: Use after free in drag and drop\n\n - CVE-2021-21108: Use after free in media\n\n - CVE-2021-21109: Use after free in payments\n\n - CVE-2021-21110: Use after free in safe browsing\n\n - CVE-2021-21111: Insufficient policy enforcement in WebUI\n\n - CVE-2021-21112: Use after free in Blink\n\n - CVE-2021-21113: Heap buffer overflow in Skia\n\n - CVE-2020-16043: Insufficient data validation in\n networking\n\n - CVE-2021-21114: Use after free in audio\n\n - CVE-2020-15995: Out of bounds write in V8\n\n - CVE-2021-21115: Use after free in safe browsing\n\n - CVE-2021-21116: Heap buffer overflow in audio \n\n - Use main URLs instead of redirects in master preferences\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180645\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-87.0.4280.141-lp151.2.165.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-87.0.4280.141-lp151.2.165.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-87.0.4280.141-lp151.2.165.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-87.0.4280.141-lp151.2.165.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-20T03:14:49", "description": "The remote host is affected by the vulnerability described in GLSA-202101-05\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 5, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-11T00:00:00", "title": "GLSA-202101-05 : Chromium, Google Chrome: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-202101-05.NASL", "href": "https://www.tenable.com/plugins/nessus/144833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202101-05.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144833);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-15995\", \"CVE-2020-16043\", \"CVE-2021-21106\", \"CVE-2021-21107\", \"CVE-2021-21108\", \"CVE-2021-21109\", \"CVE-2021-21110\", \"CVE-2021-21111\", \"CVE-2021-21112\", \"CVE-2021-21113\", \"CVE-2021-21114\", \"CVE-2021-21115\", \"CVE-2021-21116\");\n script_xref(name:\"GLSA\", value:\"202101-05\");\n script_xref(name:\"IAVA\", value:\"2021-A-0006-S\");\n\n script_name(english:\"GLSA-202101-05 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202101-05\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202101-05\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-87.0.4280.141'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-87.0.4280.141'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21106\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 87.0.4280.141\"), vulnerable:make_list(\"lt 87.0.4280.141\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 87.0.4280.141\"), vulnerable:make_list(\"lt 87.0.4280.141\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-01-17T01:19:40", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21108", "CVE-2021-21114", "CVE-2020-16043", "CVE-2021-21116", "CVE-2021-21107", "CVE-2021-21109", "CVE-2021-21106", "CVE-2021-21112", "CVE-2020-15995", "CVE-2021-21115", "CVE-2021-21111", "CVE-2021-21113", "CVE-2021-21110"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4832-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 16, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107\n CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111\n CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115\n CVE-2021-21116\nDebian Bug : 979533\n\nMultiple security issues were discovered in the Chromium web browser, which\ncould result in the execution of arbitrary code, denial of service\nor information disclosure.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 87.0.4280.141-0.1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2021-01-16T14:06:51", "published": "2021-01-16T14:06:51", "id": "DEBIAN:DSA-4832-1:C6798", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2021/msg00011.html", "title": "[SECURITY] [DSA 4832-1] chromium security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-13T01:20:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2521-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJanuary 08, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nVersion : 78.6.1esr-1~deb9u1\nCVE ID : CVE-2020-16044\n\nA security issue was found in the Mozilla Firefox web browser, which\ncould potentially result in the execution of arbitrary code.\n\nFor Debian 9 stretch, this problem has been fixed in version\n78.6.1esr-1~deb9u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 4, "modified": "2021-01-08T09:03:36", "published": "2021-01-08T09:03:36", "id": "DEBIAN:DLA-2521-1:C8DC4", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202101/msg00009.html", "title": "[SECURITY] [DLA 2521-1] firefox-esr security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-13T01:13:26", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4827-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 07, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2020-16044\n\nA security issue was found in the Mozilla Firefox web browser, which\ncould potentially result in the execution of arbitrary code.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 78.6.1esr-1~deb10u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2021-01-07T21:50:06", "published": "2021-01-07T21:50:06", "id": "DEBIAN:DSA-4827-1:369CF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2021/msg00006.html", "title": "[SECURITY] [DSA 4827-1] firefox-esr security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-13T01:12:13", "bulletinFamily": "unix", "cvelist": ["CVE-2020-26976", "CVE-2021-23960", "CVE-2021-23953", "CVE-2020-16044", "CVE-2021-23964", "CVE-2021-23954", "CVE-2020-15685"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2541-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nFebruary 02, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nVersion : 1:78.7.0-1~deb9u1\nCVE ID : CVE-2020-15685 CVE-2020-16044 CVE-2020-26976 CVE-2021-23953\n CVE-2021-23954 CVE-2021-23960 CVE-2021-23964\n\nMultiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code, denial of service or an information\nleak.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:78.7.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "modified": "2021-02-02T12:34:29", "published": "2021-02-02T12:34:29", "id": "DEBIAN:DLA-2541-1:36CC4", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202102/msg00002.html", "title": "[SECURITY] [DLA 2541-1] thunderbird security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-01-17T02:44:13", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15995", "CVE-2020-16043", "CVE-2021-21106", "CVE-2021-21107", "CVE-2021-21108", "CVE-2021-21109", "CVE-2021-21110", "CVE-2021-21111", "CVE-2021-21112", "CVE-2021-21113", "CVE-2021-21114", "CVE-2021-21115", "CVE-2021-21116"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2021-01-17T01:51:52", "published": "2021-01-17T01:51:52", "id": "FEDORA:8CF273097270", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-87.0.4280.141-1.fc33", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-23T02:33:21", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15995", "CVE-2020-16043", "CVE-2021-21106", "CVE-2021-21107", "CVE-2021-21108", "CVE-2021-21109", "CVE-2021-21110", "CVE-2021-21111", "CVE-2021-21112", "CVE-2021-21113", "CVE-2021-21114", "CVE-2021-21115", "CVE-2021-21116"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2021-01-23T01:30:25", "published": "2021-01-23T01:30:25", "id": "FEDORA:C6EA430E630A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-87.0.4280.141-1.fc32", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T07:55:04", "description": "Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21107", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21107"], "modified": "2021-01-28T21:48:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21107", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21107", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:55:04", "description": "Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21108", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21108"], "modified": "2021-01-28T19:59:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21108", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21108", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:55:04", "description": "Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21110", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21110"], "modified": "2021-01-28T22:21:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21110", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21110", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:55:04", "description": "Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21109", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21109"], "modified": "2021-01-28T20:11:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21109", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:55:04", "description": "Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21114", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21114"], "modified": "2021-01-28T22:23:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21114", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21114", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:55:04", "description": "Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21112", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21112"], "modified": "2021-01-28T20:49:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21112", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:55:04", "description": "Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21113", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21113"], "modified": "2021-01-28T22:23:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21113", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21113", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:55:04", "description": "User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21115", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21115"], "modified": "2021-01-28T22:24:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21115", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:55:04", "description": "Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21111", "type": "cve", "cwe": ["CWE-1021"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21111"], "modified": "2021-01-28T22:22:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21111", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:55:04", "description": "Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-08T19:15:00", "title": "CVE-2021-21116", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21116"], "modified": "2021-01-28T22:24:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21116", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21116", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2021-02-12T15:31:23", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-16044"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "edition": 2, "modified": "2021-01-21T08:00:00", "id": "MS:CVE-2020-16044", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16044", "published": "2021-01-21T08:00:00", "title": "Chromium CVE-2020-16044: Use after free in WebRTC", "type": "mscve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-02-12T16:08:17", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "[78.6.1-1.0.1]\n- Removed Upstream references\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[78.6.1-1]\n- Update to 78.6.1 build1", "edition": 2, "modified": "2021-01-11T00:00:00", "published": "2021-01-11T00:00:00", "id": "ELSA-2021-0052", "href": "http://linux.oracle.com/errata/ELSA-2021-0052.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T16:02:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "[78.6.1-1.0.1]\n- Remove upstream references [Orabug: 30143292]\n- Update distribution for Oracle Linux [Orabug: 30143292]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[78.6.1-1]\n- Update to 78.6.1 build1", "edition": 3, "modified": "2021-01-11T00:00:00", "published": "2021-01-11T00:00:00", "id": "ELSA-2021-0053", "href": "http://linux.oracle.com/errata/ELSA-2021-0053.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T16:04:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "[78.6.1-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[78.6.1-1]\n- Update to 78.6.1", "edition": 2, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "ELSA-2021-0089", "href": "http://linux.oracle.com/errata/ELSA-2021-0089.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T16:10:51", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "[78.6.1-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[78.6.1-1]\n- Update to 78.6.1", "edition": 3, "modified": "2021-01-13T00:00:00", "published": "2021-01-13T00:00:00", "id": "ELSA-2021-0087", "href": "http://linux.oracle.com/errata/ELSA-2021-0087.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2021-02-12T15:55:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "A use-after-free was discovered in Firefox when handling SCTP packets. \nAn attacker could potentially exploit this to cause a denial of service, \nor execute arbitrary code.", "edition": 2, "modified": "2021-01-08T00:00:00", "published": "2021-01-08T00:00:00", "id": "USN-4687-1", "href": "https://ubuntu.com/security/notices/USN-4687-1", "title": "Firefox vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2021-02-12T15:40:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "**Issue Overview:**\n\nA malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. ([CVE-2020-16044 __](<https://access.redhat.com/security/cve/CVE-2020-16044>))\n\n \n**Affected Packages:** \n\n\nthunderbird\n\n \n**Issue Correction:** \nRun _yum update thunderbird_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n thunderbird-78.6.1-1.amzn2.aarch64 \n thunderbird-debuginfo-78.6.1-1.amzn2.aarch64 \n \n src: \n thunderbird-78.6.1-1.amzn2.src \n \n x86_64: \n thunderbird-78.6.1-1.amzn2.x86_64 \n thunderbird-debuginfo-78.6.1-1.amzn2.x86_64 \n \n \n", "edition": 2, "modified": "2021-01-25T23:10:00", "published": "2021-01-25T23:10:00", "id": "ALAS2-2021-1594", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1594.html", "title": "Critical: thunderbird", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-02-12T12:26:52", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.6.1 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-11T14:46:32", "published": "2021-01-11T14:35:29", "id": "RHSA-2021:0052", "href": "https://access.redhat.com/errata/RHSA-2021:0052", "type": "redhat", "title": "(RHSA-2021:0052) Critical: firefox security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:28:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.6.1 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-11T15:14:43", "published": "2021-01-11T14:57:35", "id": "RHSA-2021:0055", "href": "https://access.redhat.com/errata/RHSA-2021:0055", "type": "redhat", "title": "(RHSA-2021:0055) Critical: firefox security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.6.1 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-11T15:12:42", "published": "2021-01-11T14:57:21", "id": "RHSA-2021:0053", "href": "https://access.redhat.com/errata/RHSA-2021:0053", "type": "redhat", "title": "(RHSA-2021:0053) Critical: firefox security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:27:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.6.1 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-11T18:43:58", "published": "2021-01-11T14:57:28", "id": "RHSA-2021:0054", "href": "https://access.redhat.com/errata/RHSA-2021:0054", "type": "redhat", "title": "(RHSA-2021:0054) Critical: firefox security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:29:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-13T15:38:29", "published": "2021-01-13T15:23:07", "id": "RHSA-2021:0088", "href": "https://access.redhat.com/errata/RHSA-2021:0088", "type": "redhat", "title": "(RHSA-2021:0088) Critical: thunderbird security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:27:38", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-13T15:38:29", "published": "2021-01-13T15:23:05", "id": "RHSA-2021:0087", "href": "https://access.redhat.com/errata/RHSA-2021:0087", "type": "redhat", "title": "(RHSA-2021:0087) Critical: thunderbird security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:27:18", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T14:23:58", "published": "2021-01-18T14:11:42", "id": "RHSA-2021:0160", "href": "https://access.redhat.com/errata/RHSA-2021:0160", "type": "redhat", "title": "(RHSA-2021:0160) Critical: thunderbird security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:27:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-13T15:33:54", "published": "2021-01-13T15:23:19", "id": "RHSA-2021:0089", "href": "https://access.redhat.com/errata/RHSA-2021:0089", "type": "redhat", "title": "(RHSA-2021:0089) Critical: thunderbird security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2021-02-12T15:32:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "**CentOS Errata and Security Advisory** CESA-2021:0053\n\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.6.1 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2021-January/048243.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "edition": 2, "modified": "2021-01-15T20:13:17", "published": "2021-01-15T20:13:17", "id": "CESA-2021:0053", "href": "http://lists.centos.org/pipermail/centos-announce/2021-January/048243.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T15:38:18", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "**CentOS Errata and Security Advisory** CESA-2021:0087\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2021-January/048244.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 2, "modified": "2021-01-15T20:31:45", "published": "2021-01-15T20:31:45", "id": "CESA-2021:0087", "href": "http://lists.centos.org/pipermail/centos-announce/2021-January/048244.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2021-01-27T20:45:12", "bulletinFamily": "info", "cvelist": ["CVE-2020-16043", "CVE-2021-23961"], "description": "Disconnecting devices from the internet is no longer a solid plan for protecting them from remote attackers. A new version of a known network-address translation (NAT) slipstreaming attack has been uncovered, which would allow remote attackers to reach multiple internal network devices, even if those devices don\u2019t have access to the internet.\n\nAccording to researchers from Armis and Samy Kamkar, chief security officer and co-founder at Openpath Security, attackers can execute an attack by simply convincing one target with internet access on the network to click on a malicious link. From there, cybercriminals can gain access to other, non-exposed endpoints, including unmanaged devices like industrial controllers, with no further social engineering needed.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nNAT is the process of connecting internal network devices to the outside internet; it essentially allows a router to securely allow multiple devices connected to it to share a single public IP address. In enterprise environments, NAT functions are combined with firewalls to provide better perimeter cybersecurity; products from Fortinet, Cisco and HPE all take this approach.\n\n## **NAT Slipstreaming Overview**\n\nIn the [original NAT slipstreaming attack](<https://threatpost.com/google-chrome-87-nat-slipstreaming-flaw/161344/>), revealed and mitigated in November, an attacker persuades a victim to visit a specially crafted website (via social engineering and other tactics); a victim within an internal network that clicks on it is then taken to an attacker\u2019s website. The website in turn will fool the victim network\u2019s NAT into opening an incoming path (of either a TCP or UDP port) from the internet to the victim device.\n\n\u201cSlipstreaming is easy to exploit as it\u2019s essentially entirely automated and works cross-browser and cross-platform, and it doesn\u2019t require any user interaction other than visiting the victim site,\u201d Kamkar told Threatpost last fall.\n\nIn order to launch an attack, the victim\u2019s device must also have an Application-Level Gateway (ALG) connection-tracking mechanism enabled, which is usually built into NATs. NAT slipstreaming exploits the user\u2019s browser in conjunction with ALG.\n\n\u201cThis attack takes advantage of arbitrary control of the data portion of some TCP and UDP packets without including HTTP or other headers; the attack performs this new packet-injection technique across all major modern (and older) browsers,\u201d explained Kamkar.\n\nIn the attack, when a victim device visits an attacker-controlled website, JavaScript code running in the victim\u2019s browser sends out additional traffic to the attacker\u2019s server, which traverses through the network\u2019s NAT/firewall.\n\n\u201cThis second-phase traffic is crafted in such a way that the NAT is fooled to believe this traffic actually originated from an application that requires a second connection to take place, from the internet to the victim device, and to an internal port that the attacker can choose,\u201d researchers explained. \u201cThis second connection can thus lead the attacker to access any service (TCP/UDP) on the victim\u2019s device, directly from the internet.\u201d\n\nIf, for example, the victim\u2019s device is a Windows device vulnerable to [EternalBlue](<https://threatpost.com/scanner-shows-eternalblue-vulnerability-unpatched-on-thousands-of-machines/126818/>), the attacker can access the SMB port on the victim device using this technique, from the internet, exploit the vulnerability, and take over the device.\n\n\u201cThe only thing required for this attack to take place, is that the victim clicks on link, or visits a web page of which the attacker has implanted some JavaScript code,\u201d researchers noted.\n\n## **NAT Slipstreaming 2.0**\n\nThe just-discovered approach variant simply extends the attack, researchers said.\n\nNow, \u201cattackers [can] fool the NAT in such a way that it will create incoming paths to any device on the internal network, and not only to the victim device that clicked on the link,\u201d they explained, [in a blog posting](<https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/>) on Tuesday.\n\nThe issue lies in the H.323 ALG, where supported. Unlike most other ALGs, H.323 enables an attacker to create a pinhole in the NAT/firewall to any internal IP, rather than just the IP of the victim that clicks on the malicious link.\n\nMeanwhile, WebRTC TURN connections can be established by browsers over TCP to any destination port. The browsers restricted-ports list was not consulted by this logic, and was therefore bypassed.\n\n\u201cThis allows the attacker to reach additional ALGs, such as the FTP and IRC ALGs (ports 21, 6667) that were previously unreachable due to the restricted-ports list,\u201d researchers said. \u201cThe FTP ALG is widely used in NATs/firewalls.\u201d\n\nA full proof-of-concept demonstration can be seen here:\n\nThe ability to reach devices without human interaction means that attackers can reach not only desktops but also other devices that don\u2019t typically have human operators \u2014 unmanaged devices like printers, industrial controllers, Bluetooth accessories, IP cameras, sensors, smart lighting and more. The impact of attack on these can be severe, ranging from denial-of-service (DoS) to a full-blown ransomware attack, researchers noted.\n\n## **Unmanaged Corporate Devices at Risk**\n\n\u201cUnmanaged devices [often] don\u2019t have inherent security capabilities, and often offer interfaces for controlling them and accessing their data with little-to-no authentication, within the internal network,\u201d researchers explained. \u201cExposing these interfaces directly to the internet is a serious security risk.\u201d\n\nResearchers gave the example of an office printer that can be controlled through its default printing protocol, or through its internal web server. Using NAT slipstreaming, an attacker could knock it offline or cause it to print arbitrary documents. Depending on the printer\u2019s features, cybercriminals could also access stored documents.\n\nThe researchers added that in order to carry those types of actions out, the newly exposed interface would itself need to be insecure, as is the case for other targets. Thus, once attackers form a web connection to the target, they would then need to access that target. Many unmanaged devices not connected to the internet don\u2019t require passwords, researchers noted, or often remain unpatched.\n\n\u201cIn addition to interfaces that are unauthenticated by design, many unmanaged devices may also be vulnerable to vulnerabilities that are publicly known, that can be exploited if an attacker is able to bypass the NAT/firewall, and initiate network traffic that can trigger them,\u201d they wrote.\n\nAn example of this risk includes the 97 percent of industrial controllers [recently found to remain vulnerable](<https://threatpost.com/unpatched-iot-ot-devices-threaten-critical-infrastructure/162275/>) to the URGENT/11 group of security bugs. In many industrial scenarios, regular patching of unmanaged devices is a challenge since they often can\u2019t be taken offline thanks to production requirements, researchers explained. Thus, \u201cmany organizations rely on perimeter security (firewalls and NATs) to keep their unpatched devices from being accessed by potential attackers on the internet.\u201d\n\nOnce the perimeter is breached, attackers are free to exploit and take over vulnerable and open devices, and install remote access tools for further attacks.\n\n## **Mitigations via Browser Patching**\n\nLike the original attack, the new version has been mitigated with browser patches, for Chrome, Safari, Firefox and Edge. Chromium is tracking the new variant via CVE-2020-16043, while Firefox is tracking it via CVE-2021-23961.\n\n\u201cWhile the underlying issue of this attack is the way NATs are implemented (in various ways in routers and firewalls, throughout numerous vendors and applications), the easiest and fastest way to mitigate was through a patch to browsers,\u201d according to the advisory.\n\nThe updates are Chrome v87.0.4280.141, Firefox v85.0 and Safari v14.0.3, and Microsoft\u2019s Edge browser is also now patched, since it relies on the Chromium source code.\n\n**Download our exclusive **[**FREE Threatpost Insider eBook**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=FEATURE&utm_medium=FEATURE&utm_campaign=Nov_eBook>) _**Healthcare Security Woes Balloon in a Covid-Era World**_**, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and **[**DOWNLOAD the eBook now**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook>)** \u2013 on us!**\n", "modified": "2021-01-27T20:32:55", "published": "2021-01-27T20:32:55", "id": "THREATPOST:BF1159DF375D02A6EF9E13A4B1086F02", "href": "https://threatpost.com/remote-attackers-internal-network-devices-nat-slipstreaming/163400/", "type": "threatpost", "title": "Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-05T15:56:30", "bulletinFamily": "info", "cvelist": ["CVE-2020-15995", "CVE-2021-21148"], "description": "Google is warning of a zero-day vulnerability in its V8 open-source web engine that\u2019s being actively exploited by attackers.\n\nA patch has been issued in version 88 of Google\u2019s Chrome browser \u2014 specifically, version 88.0.4324.150 for Windows, Mac and Linux. This update will roll out over the coming days and weeks, said Google. The flaw ([CVE-2021-21148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21148>)) stems from a heap-buffer overflow, said Google.\n\n\u201cGoogle is aware of reports that an exploit for CVE-2021-21148 exists in the wild,\u201d according to [Google\u2019s Thursday security update](<https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html>).\n\n## **What is a Heap-Buffer Overflow Security Flaw?**\n\nA heap-buffer overflow flaw as its name suggests, is a type of [buffer-overflow error.](<https://cwe.mitre.org/data/definitions/122.html>) This is a class of vulnerability where the region of a process\u2019 memory used to store dynamic variables (the heap) can be overwhelmed. If a buffer-overflow occurs, it typically causes the affected program to behave incorrectly, [according to researchers with Imperva](<https://www.imperva.com/learn/application-security/buffer-overflow/>) \u2013 causing memory access errors and crashes \u2014 and opening the door to remote code execution.\n\nHowever, beyond classifying the flaw as a heap-buffer overflow, Google did not specify the potential impact of this vulnerability. In fact, details of the bug overall (including how it can be exploited) remain scant while Google works to push out the fixes.\n\n\u201cAccess to bug details and links may be kept restricted until a majority of users are updated with a fix,\u201d said Google. \u201cWe will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven\u2019t yet fixed.\u201d\n\n## **What is the V8 JavaScript Engine?**\n\nThe heap-buffer overflow error exists in V8, an open-source WebAssembly and JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers. V8, which is written in C++, can run stand-alone, or can be embedded into any C++ application.\n\nBugs have previously been discovered (and exploited) in V8, including a flaw in November that was high-severity and tied to active exploits. That flaw [was only described as](<https://threatpost.com/chrome-holes-actively-targeted/160890/>) an \u201cinappropriate implementation in V8.\u201d** **\n\n## **Security Researchers: Targets for Chrome Zero-Day Exploits?**\n\nWhile Google didn\u2019t provide further details of the attackers exploiting the flaw, researchers with Malwarebytes on Friday made a \u201cgeneral assumption\u201d that the attack \u201cwas used against security researchers working on vulnerability research and development at different companies and organizations.\u201d\n\nThey pointed to the timing of when the vulnerability was reported to Google by Mattias Buelens (Jan. 24) and when a report released by Google\u2019s Threat Analysis Group (Jan. 26). That report [by Google researchers](<https://threatpost.com/north-korea-security-researchers-0-day/163333/>) revealed that hackers linked to [North Korea](<https://threatpost.com/north-korea-spy-reporters-feds-warn/160622/>) were targeting security researchers with an elaborate social-engineering campaign that set up trusted relationships with them \u2014 and then infected their organizations\u2019 systems with custom backdoor malware.\n\n\u201cOne of the methods the attackers used was to interact with the researchers and get them to follow a link on Twitter to a write-up hosted on a malicious website,\u201d said [researchers with Malwarebytes](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/02/update-now-chrome-patches-zero-day-that-was-exploited-in-the-wild/>). \u201cShortly after the visit, a malicious service was installed on the researcher\u2019s system and an in-memory backdoor would begin to communicate with a command and control (C&C) server. This sure sounds like something that could be accomplished using a heap buffer overflow in a browser.\u201d\n\nHowever, Google has not confirmed any correlation with this attack.\n\n## **Google Chrome Browser: How to Update**\n\nResearchers urge Google Chrome users to update as soon as possible. Chrome will in many cases update to its newest version automatically, however security experts suggest that users double check that this has happened. To check if an update is available:\n\n * Google Chrome users can go to chrome://settings/help by clicking Settings > About Chrome\n * If an update is available Chrome will notify users and then start the download process\n * Users can then relaunch the browser to complete the update\n\n## ** ****Google Chrome Cybersecurity Flaws Continue **\n\nThe flaw is only the latest security issue in Google Chrome in recent months. In January, the Cybersecurity and Infrastructure Security Agency (CISA) [urged Windows, macOS and Linux users](<https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/162873/>) of Google\u2019s Chrome browser to patch an out-of-bounds write bug (CVE-2020-15995) impacting the current 87.0.4280.141 version of the software.\n\nAnd in December, Google updated Chrome to fix four bugs with a severity rating of \u201chigh\u201d and eight overall. [Three were use-after-free flaws](<https://threatpost.com/google_chrome_bugs_patched/161907/>), which could allow an adversary to generate an error in the browser\u2019s memory, opening the door to a browser hack and host computer compromise.\n\n**Download our exclusive **[**FREE Threatpost Insider eBook**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=FEATURE&utm_medium=FEATURE&utm_campaign=Nov_eBook>) _**Healthcare Security Woes Balloon in a Covid-Era World**_**, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and **[**DOWNLOAD the eBook now**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook>)** \u2013 on us!**\n\nWrite a comment\n\n**Share this article:**\n\n * [Hacks](<https://threatpost.com/category/hacks/>)\n * [Vulnerabilities](<https://threatpost.com/category/vulnerabilities/>)\n * [Web Security](<https://threatpost.com/category/web-security/>)\n", "modified": "2021-02-05T15:47:55", "published": "2021-02-05T15:47:55", "id": "THREATPOST:398E85215A3E7B7329EE3FED8F6374FF", "href": "https://threatpost.com/google-chrome-zero-day-windows-mac/163688/", "type": "threatpost", "title": "Google Chrome Zero-Day Afflicts Windows, Mac Users", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2021-01-27T14:26:27", "bulletinFamily": "info", "cvelist": ["CVE-2020-16043", "CVE-2020-26978", "CVE-2021-23961"], "description": "[](<https://thehackernews.com/images/-h7OZDO0gbkI/YBFhcYCDyAI/AAAAAAAABmc/4jAHmFC3fxkcYU5tkhP2zqLYk4NOjg2agCLcBGAsYHQ/s0/NAT-slipstreaming-hacking.jpg>)\n\nA newly devised variant of the [NAT Slipstreaming attack](<https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html>) can be leveraged to compromise and expose any device in an internal network, according to the latest research.\n\nDetailed by enterprise IoT security firm Armis, the [new attack](<https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/>) (CVE-2020-16043 and CVE-2021-23961) builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal network from the Internet.\n\nFirst [disclosed](<https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html>) by security researcher Samy Kamkar in late October 2020, the JavaScript-based attack relied on luring a user into visiting a malicious website to circumvent browser-based port restrictions and allow the attacker to remotely access TCP/UDP services on the victim's device, even those that were protected by a firewall or NAT.\n\n[](<https://go.thn.li/password-auditor> \"password auditor\" )\n\nAlthough partial mitigations were released on November 11 to thwart the attack in [Chrome 87](<https://www.chromestatus.com/feature/5064283639513088>), [Firefox 84](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978>), and [Safari](<https://bugs.webkit.org/show_bug.cgi?id=218557>) by preventing connections on port 5060 or 5061, Armis researchers Ben Seri and Gregory Vishnipolsky revealed that \"NAT Slipstreaming 2.0\" puts \"embedded, unmanaged, devices at greater risk, by allowing attackers to expose devices located on internal networks, directly to the Internet.\"\n\nVulnerable devices that could be potentially exposed as a consequence of this attack include office printers, industrial controllers, IP cameras, and other unauthenticated interfaces that could be exploited once the NAT/firewall is tricked into opening network traffic to the victim device.\n\n\"Using the new variant of the NAT Slipstreaming attack to access these types of interfaces from the Internet, can result in attacks that range from a nuisance to a sophisticated ransomware threat,\" the researchers said.\n\nGoogle, Apple, Mozilla, and Microsoft have all released patches to Chrome ([v87.0.4280.141](<https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html>)), Safari ([v14.0.3](<https://support.apple.com/en-us/HT201222>)), Firefox ([v85.0](<https://www.mozilla.org/en-US/firefox/85.0/releasenotes/>)), and Edge ([v87.0.664.75](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV200002>)) browsers to address the new attack.\n\n### Using H.323 Packets to facilitate NAT Slipstreaming\n\nPut simply, [NAT Slipstreaming](<https://samy.pl/slipstream/>) allows a bad actor to bypass NAT/firewall and remotely access any TCP/UDP service bound to a victim machine as a result of the target visiting a malware-infected website specially crafted for this purpose.\n\nParticularly, the malicious JavaScript code running on the victim's browser extracts the internal IP address and takes advantage of TCP/IP packet segmentation to create large TCP/UDP beacons and subsequently smuggle a Session Initiation Protocol ([SIP](<https://en.wikipedia.org/wiki/Session_Initiation_Protocol>)) packet containing the internal IP address inside an outbound HTTP POST request via TCP port 5060.\n\n\"This is achieved by carefully setting the [Maximum Segment Size] value of an attacker controlled TCP connection from the victim browser to an attacker's server, so that a TCP segment in the 'middle' of the HTTP request will be entirely controlled by the attacker,\" the researchers explained.\n\nAs a consequence, this causes the NAT application-level gateway (ALG) to open arbitrary ports for inbound connections to the client's device via the internal IP address.\n\nNAT Slipstreaming 2.0 is similar to the aforementioned attack in that it uses the same approach but relies on [H.323](<https://en.wikipedia.org/wiki/H.323>) VoIP protocol instead of SIP to send multiple fetch requests to the attacker's server on H.323 port (1720), thereby allowing the attacker to iterate through a range of IP addresses and ports, and opening each one of them to the Internet.\n\n\"A long lasting solution, unfortunately, would require some [overhaul] of the Internet infrastructure we're accustomed to,\" the researchers concluded.\n\n\"It is important to understand that security was not the principal agenda for the creation of NATs, rather it was mainly a by-product of the potential exhaustion of IPv4 addresses. Legacy requirements such as ALGs are still a dominant theme in the design of NATs today, and are the primary reason bypassing attacks are found again and again.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2021-01-27T12:58:55", "published": "2021-01-27T12:58:00", "id": "THN:297E4356728156DE21DF3C288E414E47", "href": "https://thehackernews.com/2021/01/new-attack-could-let-remote-hackers.html", "type": "thn", "title": "New Attack Could Let Remote Hackers Target Devices On Internal Networks", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}