{"id": "UB:CVE-2020-6455", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2020-6455", "description": "Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed\na remote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[amurray](<https://launchpad.net/~amurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "published": "2020-04-13T00:00:00", "modified": "2020-04-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://ubuntu.com/security/CVE-2020-6455", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455", "https://nvd.nist.gov/vuln/detail/CVE-2020-6455", "https://launchpad.net/bugs/cve/CVE-2020-6455", "https://security-tracker.debian.org/tracker/CVE-2020-6455"], "cvelist": ["CVE-2020-6455"], "immutableFields": [], "lastseen": "2021-11-22T21:26:45", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202004-9"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0998"]}, {"type": "chrome", "idList": ["GCSA-4697812152063391612"]}, {"type": "cve", "idList": ["CVE-2020-6455"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4714-1:13A79", "DEBIAN:DSA-4714-1:832A3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-6455"]}, {"type": "fedora", "idList": ["FEDORA:1E7B860877B2", "FEDORA:7D6D56068146", "FEDORA:A07B96077AF9"]}, {"type": "freebsd", "idList": ["6E3B700A-7CA3-11EA-B594-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202004-09"]}, {"type": "kaspersky", "idList": ["KLA11727", "KLA11751"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/FREEBSD-CVE-2020-6423/", "MSF:ILITIES/FREEBSD-CVE-2020-6430/", "MSF:ILITIES/FREEBSD-CVE-2020-6431/", "MSF:ILITIES/FREEBSD-CVE-2020-6435/", "MSF:ILITIES/FREEBSD-CVE-2020-6436/", "MSF:ILITIES/FREEBSD-CVE-2020-6437/", "MSF:ILITIES/FREEBSD-CVE-2020-6439/", "MSF:ILITIES/FREEBSD-CVE-2020-6440/", "MSF:ILITIES/FREEBSD-CVE-2020-6441/", "MSF:ILITIES/FREEBSD-CVE-2020-6442/", "MSF:ILITIES/FREEBSD-CVE-2020-6445/", "MSF:ILITIES/FREEBSD-CVE-2020-6446/", "MSF:ILITIES/FREEBSD-CVE-2020-6447/", "MSF:ILITIES/FREEBSD-CVE-2020-6448/", "MSF:ILITIES/FREEBSD-CVE-2020-6455/"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4714.NASL", "FEDORA_2020-0E7F1B663B.NASL", "FEDORA_2020-DA49FBB17C.NASL", "FREEBSD_PKG_6E3B700A7CA311EAB5943065EC8FD3EC.NASL", "GENTOO_GLSA-202004-09.NASL", "GOOGLE_CHROME_81_0_4044_92.NASL", "MACOSX_GOOGLE_CHROME_81_0_4044_92.NASL", "MICROSOFT_EDGE_CHROMIUM_81_0_416_53.NASL", "OPENSUSE-2020-519.NASL", "REDHAT-RHSA-2020-1487.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704714", "OPENVAS:1361412562310816737", "OPENVAS:1361412562310816738", "OPENVAS:1361412562310816739", "OPENVAS:1361412562310853115", "OPENVAS:1361412562310877739", "OPENVAS:1361412562310877790", "OPENVAS:1361412562310877846"]}, {"type": "redhat", "idList": ["RHSA-2020:1487"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-6455"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0519-1", "OPENSUSE-SU-2020:0540-1"]}], "rev": 4}, "score": {"value": 6.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-202004-9"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0998"]}, {"type": "chrome", "idList": ["GCSA-4697812152063391612"]}, {"type": "cve", "idList": ["CVE-2020-6455"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4714-1:832A3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-6455"]}, {"type": "fedora", "idList": ["FEDORA:1E7B860877B2", "FEDORA:7D6D56068146", "FEDORA:A07B96077AF9"]}, {"type": "freebsd", "idList": ["6E3B700A-7CA3-11EA-B594-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202004-09"]}, {"type": "kaspersky", "idList": ["KLA11727", "KLA11751"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/FREEBSD-CVE-2020-6423/", "MSF:ILITIES/FREEBSD-CVE-2020-6430/", "MSF:ILITIES/FREEBSD-CVE-2020-6431/", "MSF:ILITIES/FREEBSD-CVE-2020-6435/", "MSF:ILITIES/FREEBSD-CVE-2020-6436/", "MSF:ILITIES/FREEBSD-CVE-2020-6437/", "MSF:ILITIES/FREEBSD-CVE-2020-6439/", "MSF:ILITIES/FREEBSD-CVE-2020-6440/", "MSF:ILITIES/FREEBSD-CVE-2020-6441/", "MSF:ILITIES/FREEBSD-CVE-2020-6442/", "MSF:ILITIES/FREEBSD-CVE-2020-6445/", "MSF:ILITIES/FREEBSD-CVE-2020-6446/", "MSF:ILITIES/FREEBSD-CVE-2020-6447/", "MSF:ILITIES/FREEBSD-CVE-2020-6448/", "MSF:ILITIES/FREEBSD-CVE-2020-6455/"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["FEDORA_2020-0E7F1B663B.NASL", "FREEBSD_PKG_6E3B700A7CA311EAB5943065EC8FD3EC.NASL", "GENTOO_GLSA-202004-09.NASL", "GOOGLE_CHROME_81_0_4044_92.NASL", "MACOSX_GOOGLE_CHROME_81_0_4044_92.NASL", "OPENSUSE-2020-519.NASL", "REDHAT-RHSA-2020-1487.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310816737", "OPENVAS:1361412562310816738", "OPENVAS:1361412562310816739", "OPENVAS:1361412562310853115", "OPENVAS:1361412562310877739", "OPENVAS:1361412562310877790"]}, {"type": "redhat", "idList": ["RHSA-2020:1487"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-6455"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0519-1", "OPENSUSE-SU-2020:0540-1"]}]}, "exploitation": null, "vulnersScore": 6.1}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "81.0.4044.92", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "81.0.4044.122-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "81.0.4044.122-0ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "chromium-browser"}], "bugs": [], "_state": {"dependencies": 1646062842}}

{"redhatcve": [{"lastseen": "2021-09-02T22:36:22", "description": "Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-09T14:07:42", "type": "redhatcve", "title": "CVE-2020-6455", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6455"], "modified": "2020-04-16T11:50:39", "id": "RH:CVE-2020-6455", "href": "https://access.redhat.com/security/cve/cve-2020-6455", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T18:49:02", "description": "Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-13T18:15:00", "type": "cve", "title": "CVE-2020-6455", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6455"], "modified": "2020-07-02T12:15:00", "cpe": [], "id": "CVE-2020-6455", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6455", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:37:32", "description": "A heap corruption vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-15T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Heap Corruption (CVE-2020-6455)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6455"], "modified": "2020-10-15T00:00:00", "id": "CPAI-2020-0998", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-05-14T23:37:57", "description": "Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-13T18:15:00", "type": "debiancve", "title": "CVE-2020-6455", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6455"], "modified": "2020-04-13T18:15:00", "id": "DEBIANCVE:CVE-2020-6455", "href": "https://security-tracker.debian.org/tracker/CVE-2020-6455", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "metasploit": [{"lastseen": "2021-05-15T00:43:57", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6455): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6455/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:57", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6441): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6435/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:56", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6430): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6436/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:52", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6448): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6448/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:57", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6441): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6441/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:54", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6446): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6446/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:53", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6439): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6439/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:54", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6445): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6445/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:55", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6430): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6430/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:44:24", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6437): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6437/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:51", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6440): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6440/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:52", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6442): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6442/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:55", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6447): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6447/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:52", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6423): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6423/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-15T00:43:53", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6431): chromium -- multiple vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-6431/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:15:54", "description": "Google Chrome Releases reports :\n\nThis updates includes 32 security fixes, including :\n\n- [1019161] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29\n\n- [1043446] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18\n\n- [1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09\n\n- [1031479] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06\n\n- [1040755] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michal Bentkowski of Securitum on 2020-01-10\n\n- [852645] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14\n\n- [965611] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21\n\n- [1043965] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21\n\n- [1048555] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04\n\n- [1032158] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09\n\n- [1034519] Medium CVE-2020-6436: Use after free in window management.\nReported by Igor Bukanov from Vivaldi on 2019-12-16\n\n- [639173] Low CVE-2020-6437: Inappropriate implementation in WebView.\nReported by Jann Horn on 2016-08-19\n\n- [714617] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24\n\n- [868145] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26\n\n- [894477] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11\n\n- [959571] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04\n\n- [1013906] Low CVE-2020-6442: Inappropriate implementation in cache.\nReported by B@rMey on 2019-10-12\n\n- [1040080] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08\n\n- [922882] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17\n\n- [933171] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18\n\n- [933172] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18\n\n- [991217] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06\n\n- [1037872] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (6e3b700a-7ca3-11ea-b594-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-04-16T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6E3B700A7CA311EAB5943065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/135425", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135425);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/16\");\n\n script_cve_id(\"CVE-2020-6423\", \"CVE-2020-6430\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6454\", \"CVE-2020-6455\", \"CVE-2020-6456\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (6e3b700a-7ca3-11ea-b594-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\nThis updates includes 32 security fixes, including :\n\n- [1019161] High CVE-2020-6454: Use after free in extensions. Reported\nby Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29\n\n- [1043446] High CVE-2020-6423: Use after free in audio. Reported by\nAnonymous on 2020-01-18\n\n- [1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported\nby Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360\non 2020-03-09\n\n- [1031479] Medium CVE-2020-6430: Type Confusion in V8. Reported by\nAvihay Cohen @ SeraphicAlgorithms on 2019-12-06\n\n- [1040755] Medium CVE-2020-6456: Insufficient validation of untrusted\ninput in clipboard. Reported by Michal Bentkowski of Securitum on\n2020-01-10\n\n- [852645] Medium CVE-2020-6431: Insufficient policy enforcement in\nfull screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14\n\n- [965611] Medium CVE-2020-6432: Insufficient policy enforcement in\nnavigations. Reported by David Erceg on 2019-05-21\n\n- [1043965] Medium CVE-2020-6433: Insufficient policy enforcement in\nextensions. Reported by David Erceg on 2020-01-21\n\n- [1048555] Medium CVE-2020-6434: Use after free in devtools. Reported\nby HyungSeok Han (DaramG) of Theori on 2020-02-04\n\n- [1032158] Medium CVE-2020-6435: Insufficient policy enforcement in\nextensions. Reported by Sergei Glazunov of Google Project Zero on\n2019-12-09\n\n- [1034519] Medium CVE-2020-6436: Use after free in window management.\nReported by Igor Bukanov from Vivaldi on 2019-12-16\n\n- [639173] Low CVE-2020-6437: Inappropriate implementation in WebView.\nReported by Jann Horn on 2016-08-19\n\n- [714617] Low CVE-2020-6438: Insufficient policy enforcement in\nextensions. Reported by Ng Yik Phang on 2017-04-24\n\n- [868145] Low CVE-2020-6439: Insufficient policy enforcement in\nnavigations. Reported by remkoboonstra on 2018-07-26\n\n- [894477] Low CVE-2020-6440: Inappropriate implementation in\nextensions. Reported by David Erceg on 2018-10-11\n\n- [959571] Low CVE-2020-6441: Insufficient policy enforcement in\nomnibox. Reported by David Erceg on 2019-05-04\n\n- [1013906] Low CVE-2020-6442: Inappropriate implementation in cache.\nReported by B@rMey on 2019-10-12\n\n- [1040080] Low CVE-2020-6443: Insufficient data validation in\ndeveloper tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08\n\n- [922882] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by\nmlfbrown on 2019-01-17\n\n- [933171] Low CVE-2020-6445: Insufficient policy enforcement in\ntrusted types. Reported by Jun Kokatsu, Microsoft Browser\nVulnerability Research on 2019-02-18\n\n- [933172] Low CVE-2020-6446: Insufficient policy enforcement in\ntrusted types. Reported by Jun Kokatsu, Microsoft Browser\nVulnerability Research on 2019-02-18\n\n- [991217] Low CVE-2020-6447: Inappropriate implementation in\ndeveloper tools. Reported by David Erceg on 2019-08-06\n\n- [1037872] Low CVE-2020-6448: Use after free in V8. Reported by Guang\nGong of Alpha Lab, Qihoo 360 on 2019-12-26\"\n );\n # https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9efdf3c7\"\n );\n # https://vuxml.freebsd.org/freebsd/6e3b700a-7ca3-11ea-b594-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?843ce636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<81.0.4044.92\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:14:17", "description": "The version of Microsoft Edge (Chromium) installed on the remote Windows host is prior to 81.0.416.53. It is, therefore, affected by multiple vulnerabilities:\n\n - A use-after-free error exists in the audio component of Microsoft Edge (Chromium). An unauthenticated, remote attacker can exploit this, via a crafted HTML page, to potentially exploit heap corruption.\n (CVE-2020-6423)\n\n - A type confusion error exists in the V8 component of Microsoft Edge (Chromium). An unauthenticated, remote attacker can exploit this, via a crafted HTML page, to potentially exploit heap corruption.\n (CVE-2020-6423)\n\n - An out-of-bounds read error exists in the WebSQL component of Microsoft Edge (Chromium). An unauthenticated, remote attacker can exploit this, via a crafted HTML page, to potentially exploit heap corruption. (CVE-2020-6455)\n\nIn addition, Microsoft Edge (Chromium) is also affected by several additional vulnerabilities and errors including additional use-after-free vulnerabilities, insufficient input validation, and insufficient policy enforcement. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 81.0.416.53 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-07-10T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_81_0_416_53.NASL", "href": "https://www.tenable.com/plugins/nessus/138336", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138336);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\n \"CVE-2020-6423\",\n \"CVE-2020-6430\",\n \"CVE-2020-6431\",\n \"CVE-2020-6432\",\n \"CVE-2020-6433\",\n \"CVE-2020-6434\",\n \"CVE-2020-6435\",\n \"CVE-2020-6436\",\n \"CVE-2020-6437\",\n \"CVE-2020-6438\",\n \"CVE-2020-6439\",\n \"CVE-2020-6440\",\n \"CVE-2020-6441\",\n \"CVE-2020-6442\",\n \"CVE-2020-6443\",\n \"CVE-2020-6444\",\n \"CVE-2020-6445\",\n \"CVE-2020-6446\",\n \"CVE-2020-6447\",\n \"CVE-2020-6448\",\n \"CVE-2020-6454\",\n \"CVE-2020-6455\",\n \"CVE-2020-6456\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 81.0.416.53 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge (Chromium) installed on the remote Windows host is prior to 81.0.416.53. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - A use-after-free error exists in the audio component of Microsoft Edge (Chromium). An unauthenticated,\n remote attacker can exploit this, via a crafted HTML page, to potentially exploit heap corruption.\n (CVE-2020-6423)\n\n - A type confusion error exists in the V8 component of Microsoft Edge (Chromium). An unauthenticated, remote\n attacker can exploit this, via a crafted HTML page, to potentially exploit heap corruption.\n (CVE-2020-6423)\n\n - An out-of-bounds read error exists in the WebSQL component of Microsoft Edge (Chromium). An\n unauthenticated, remote attacker can exploit this, via a crafted HTML page, to potentially exploit heap\n corruption. (CVE-2020-6455)\n\nIn addition, Microsoft Edge (Chromium) is also affected by several additional vulnerabilities and errors including\nadditional use-after-free vulnerabilities, insufficient input validation, and insufficient policy enforcement. Note that\nNessus has not tested for these issues but has instead relied only on the application's self-reported version number.\");\n # https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b4f0f972\");\n # https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ec7f076\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge (Chromium) 81.0.416.53 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6423\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\n\nconstraints = [{ 'fixed_version' : '81.0.416.53' }];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-22T21:05:06", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1487 advisory.\n\n - chromium-browser: Out of bounds read and write in V8 (CVE-2020-6419)\n\n - chromium-browser: Use after free in audio (CVE-2020-6423)\n\n - chromium-browser: Type Confusion in V8 (CVE-2020-6430)\n\n - chromium-browser: Insufficient policy enforcement in full screen (CVE-2020-6431)\n\n - chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6432, CVE-2020-6439)\n\n - chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6433, CVE-2020-6435, CVE-2020-6438)\n\n - chromium-browser: Use after free in devtools (CVE-2020-6434)\n\n - chromium-browser: Use after free in window management (CVE-2020-6436)\n\n - chromium-browser: Inappropriate implementation in WebView (CVE-2020-6437)\n\n - chromium-browser: Inappropriate implementation in extensions (CVE-2020-6440)\n\n - chromium-browser: Insufficient policy enforcement in omnibox (CVE-2020-6441)\n\n - chromium-browser: Inappropriate implementation in cache (CVE-2020-6442)\n\n - chromium-browser: Insufficient data validation in developer tools (CVE-2020-6443)\n\n - chromium-browser: Uninitialized use in WebRTC (CVE-2020-6444)\n\n - chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6445, CVE-2020-6446)\n\n - chromium-browser: Inappropriate implementation in developer tools (CVE-2020-6447)\n\n - chromium-browser: Use after free in V8 (CVE-2020-6448)\n\n - chromium-browser: Use after free in extensions (CVE-2020-6454)\n\n - chromium-browser: Out of bounds read in WebSQL (CVE-2020-6455)\n\n - chromium-browser: Insufficient validation of untrusted input in clipboard (CVE-2020-6456)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2020:1487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6419", "CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_eus:6.0", "p-cpe:/a:redhat:enterprise_linux:chromium-browser"], "id": "REDHAT-RHSA-2020-1487.NASL", "href": "https://www.tenable.com/plugins/nessus/135688", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1487. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135688);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\n \"CVE-2020-6423\",\n \"CVE-2020-6430\",\n \"CVE-2020-6431\",\n \"CVE-2020-6432\",\n \"CVE-2020-6433\",\n \"CVE-2020-6434\",\n \"CVE-2020-6435\",\n \"CVE-2020-6436\",\n \"CVE-2020-6437\",\n \"CVE-2020-6438\",\n \"CVE-2020-6439\",\n \"CVE-2020-6440\",\n \"CVE-2020-6441\",\n \"CVE-2020-6442\",\n \"CVE-2020-6443\",\n \"CVE-2020-6444\",\n \"CVE-2020-6445\",\n \"CVE-2020-6446\",\n \"CVE-2020-6447\",\n \"CVE-2020-6448\",\n \"CVE-2020-6454\",\n \"CVE-2020-6455\",\n \"CVE-2020-6456\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1487\");\n script_xref(name:\"IAVA\", value:\"2020-A-0130-S\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2020:1487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1487 advisory.\n\n - chromium-browser: Out of bounds read and write in V8 (CVE-2020-6419)\n\n - chromium-browser: Use after free in audio (CVE-2020-6423)\n\n - chromium-browser: Type Confusion in V8 (CVE-2020-6430)\n\n - chromium-browser: Insufficient policy enforcement in full screen (CVE-2020-6431)\n\n - chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6432, CVE-2020-6439)\n\n - chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6433, CVE-2020-6435,\n CVE-2020-6438)\n\n - chromium-browser: Use after free in devtools (CVE-2020-6434)\n\n - chromium-browser: Use after free in window management (CVE-2020-6436)\n\n - chromium-browser: Inappropriate implementation in WebView (CVE-2020-6437)\n\n - chromium-browser: Inappropriate implementation in extensions (CVE-2020-6440)\n\n - chromium-browser: Insufficient policy enforcement in omnibox (CVE-2020-6441)\n\n - chromium-browser: Inappropriate implementation in cache (CVE-2020-6442)\n\n - chromium-browser: Insufficient data validation in developer tools (CVE-2020-6443)\n\n - chromium-browser: Uninitialized use in WebRTC (CVE-2020-6444)\n\n - chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6445, CVE-2020-6446)\n\n - chromium-browser: Inappropriate implementation in developer tools (CVE-2020-6447)\n\n - chromium-browser: Use after free in V8 (CVE-2020-6448)\n\n - chromium-browser: Use after free in extensions (CVE-2020-6454)\n\n - chromium-browser: Out of bounds read in WebSQL (CVE-2020-6455)\n\n - chromium-browser: Insufficient validation of untrusted input in clipboard (CVE-2020-6456)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-6456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1844460\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium-browser package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6455\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(125);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_computenode': [\n 'rhel-6-for-hpc-node-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-fastrack-rpms',\n 'rhel-6-for-hpc-node-fastrack-source-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-6-hpc-node-debug-rpms',\n 'rhel-6-hpc-node-optional-debug-rpms',\n 'rhel-6-hpc-node-optional-rpms',\n 'rhel-6-hpc-node-optional-source-rpms',\n 'rhel-6-hpc-node-rpms',\n 'rhel-6-hpc-node-source-rpms',\n 'rhel-hpc-node-6-eus-sfs-debug-rpms',\n 'rhel-hpc-node-6-eus-sfs-source-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-debug-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ],\n 'rhel_extras_6': [\n 'rhel-6-desktop-supplementary-debuginfo',\n 'rhel-6-desktop-supplementary-rpms',\n 'rhel-6-desktop-supplementary-source-rpms',\n 'rhel-6-for-hpc-node-supplementary-debuginfo',\n 'rhel-6-for-hpc-node-supplementary-rpms',\n 'rhel-6-for-hpc-node-supplementary-source-rpms',\n 'rhel-6-server-aus-supplementary-debuginfo',\n 'rhel-6-server-aus-supplementary-rpms',\n 'rhel-6-server-aus-supplementary-source-rpms',\n 'rhel-6-server-eus-supplementary-debuginfo',\n 'rhel-6-server-eus-supplementary-rpms',\n 'rhel-6-server-eus-supplementary-source-rpms',\n 'rhel-6-server-supplementary-debuginfo',\n 'rhel-6-server-supplementary-rpms',\n 'rhel-6-server-supplementary-source-rpms',\n 'rhel-6-workstation-supplementary-debuginfo',\n 'rhel-6-workstation-supplementary-rpms',\n 'rhel-6-workstation-supplementary-source-rpms',\n 'rhel-hpc-node-6-eus-supplementary-debug-rpms',\n 'rhel-hpc-node-6-eus-supplementary-rpms',\n 'rhel-hpc-node-6-eus-supplementary-source-rpms'\n ],\n 'rhel_extras_hpn_6': [\n 'rhel-hpn-for-rhel-6-hpc-node-rpms',\n 'rhel-hpn-for-rhel-6-server-rpms'\n ],\n 'rhel_extras_oracle_java_6': [\n 'rhel-6-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-aus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-workstation-restricted-maintenance-oracle-java-rpms',\n 'rhel-hpc-node-6-eus-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_sap_6': [\n 'rhel-sap-for-rhel-6-server-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-rpms',\n 'rhel-sap-for-rhel-6-server-eus-source-rpms',\n 'rhel-sap-for-rhel-6-server-rpms',\n 'rhel-sap-for-rhel-6-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_6': [\n 'rhel-sap-hana-for-rhel-6-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-6-server-rpms',\n 'rhel-sap-hana-for-rhel-6-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'chromium-browser-81.0.4044.92-2.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation', 'rhel_extras_6', 'rhel_extras_hpn_6', 'rhel_extras_oracle_java_6', 'rhel_extras_sap_6', 'rhel_extras_sap_hana_6']},\n {'reference':'chromium-browser-81.0.4044.92-2.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation', 'rhel_extras_6', 'rhel_extras_hpn_6', 'rhel_extras_oracle_java_6', 'rhel_extras_sap_6', 'rhel_extras_sap_hana_6']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:58:56", "description": "The version of Google Chrome installed on the remote Windows host is prior to 81.0.4044.92. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_04_stable-channel-update-for-desktop_7 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "Google Chrome < 81.0.4044.92 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6572"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_81_0_4044_92.NASL", "href": "https://www.tenable.com/plugins/nessus/135401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135401);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2020-6423\",\n \"CVE-2020-6430\",\n \"CVE-2020-6431\",\n \"CVE-2020-6432\",\n \"CVE-2020-6433\",\n \"CVE-2020-6434\",\n \"CVE-2020-6435\",\n \"CVE-2020-6436\",\n \"CVE-2020-6437\",\n \"CVE-2020-6438\",\n \"CVE-2020-6439\",\n \"CVE-2020-6440\",\n \"CVE-2020-6441\",\n \"CVE-2020-6442\",\n \"CVE-2020-6443\",\n \"CVE-2020-6444\",\n \"CVE-2020-6445\",\n \"CVE-2020-6446\",\n \"CVE-2020-6447\",\n \"CVE-2020-6448\",\n \"CVE-2020-6454\",\n \"CVE-2020-6455\",\n \"CVE-2020-6456\",\n \"CVE-2020-6572\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/10\");\n\n script_name(english:\"Google Chrome < 81.0.4044.92 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 81.0.4044.92. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2020_04_stable-channel-update-for-desktop_7 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9efdf3c7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1019161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1043446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1059669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1031479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1040755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/852645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/965611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1043965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1048555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1032158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1034519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/639173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/714617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/868145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/894477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/959571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1013906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1040080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/922882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/933171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/933172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/991217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1037872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1067891\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 81.0.4044.92 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6572\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'81.0.4044.92', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T12:47:40", "description": "The version of Google Chrome installed on the remote macOS host is prior to 81.0.4044.92. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_04_stable-channel-update-for-desktop_7 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "Google Chrome < 81.0.4044.92 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6572"], "modified": "2022-02-08T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_81_0_4044_92.NASL", "href": "https://www.tenable.com/plugins/nessus/135400", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135400);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/08\");\n\n script_cve_id(\n \"CVE-2020-6423\",\n \"CVE-2020-6430\",\n \"CVE-2020-6431\",\n \"CVE-2020-6432\",\n \"CVE-2020-6433\",\n \"CVE-2020-6434\",\n \"CVE-2020-6435\",\n \"CVE-2020-6436\",\n \"CVE-2020-6437\",\n \"CVE-2020-6438\",\n \"CVE-2020-6439\",\n \"CVE-2020-6440\",\n \"CVE-2020-6441\",\n \"CVE-2020-6442\",\n \"CVE-2020-6443\",\n \"CVE-2020-6444\",\n \"CVE-2020-6445\",\n \"CVE-2020-6446\",\n \"CVE-2020-6447\",\n \"CVE-2020-6448\",\n \"CVE-2020-6454\",\n \"CVE-2020-6455\",\n \"CVE-2020-6456\",\n \"CVE-2020-6572\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/10\");\n\n script_name(english:\"Google Chrome < 81.0.4044.92 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 81.0.4044.92. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2020_04_stable-channel-update-for-desktop_7 advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9efdf3c7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1019161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1043446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1059669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1031479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1040755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/852645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/965611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1043965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1048555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1032158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1034519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/639173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/714617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/868145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/894477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/959571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1013906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1040080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/922882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/933171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/933172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/991217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1037872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1067891\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 81.0.4044.92 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6572\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'81.0.4044.92', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:15:30", "description": "The remote host is affected by the vulnerability described in GLSA-202004-09 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted HTML or multimedia file using Chromium or Google Chrome, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "GLSA-202004-09 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6450", "CVE-2020-6451", "CVE-2020-6452", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-04-16T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202004-09.NASL", "href": "https://www.tenable.com/plugins/nessus/135427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202004-09.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135427);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/16\");\n\n script_cve_id(\"CVE-2020-6423\", \"CVE-2020-6430\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6450\", \"CVE-2020-6451\", \"CVE-2020-6452\", \"CVE-2020-6454\", \"CVE-2020-6455\", \"CVE-2020-6456\");\n script_xref(name:\"GLSA\", value:\"202004-09\");\n\n script_name(english:\"GLSA-202004-09 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-202004-09\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted HTML\n or multimedia file using Chromium or Google Chrome, possibly resulting in\n execution of arbitrary code with the privileges of the process or a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202004-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-81.0.4044.92'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-81.0.4044.92'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 81.0.4044.92\"), vulnerable:make_list(\"lt 81.0.4044.92\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 81.0.4044.92\"), vulnerable:make_list(\"lt 81.0.4044.92\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T12:49:01", "description": "This update for chromium fixes the following issues :\n\nChromium was updated to 81.0.4044.92 boo#1168911 :\n\n - CVE-2020-6454: Use after free in extensions\n\n - CVE-2020-6423: Use after free in audio\n\n - CVE-2020-6455: Out of bounds read in WebSQL\n\n - CVE-2020-6430: Type Confusion in V8\n\n - CVE-2020-6456: Insufficient validation of untrusted input in clipboard\n\n - CVE-2020-6431: Insufficient policy enforcement in full screen\n\n - CVE-2020-6432: Insufficient policy enforcement in navigations\n\n - CVE-2020-6433: Insufficient policy enforcement in extensions\n\n - CVE-2020-6434: Use after free in devtools\n\n - CVE-2020-6435: Insufficient policy enforcement in extensions\n\n - CVE-2020-6436: Use after free in window management\n\n - CVE-2020-6437: Inappropriate implementation in WebView\n\n - CVE-2020-6438: Insufficient policy enforcement in extensions\n\n - CVE-2020-6439: Insufficient policy enforcement in navigations\n\n - CVE-2020-6440: Inappropriate implementation in extensions\n\n - CVE-2020-6441: Insufficient policy enforcement in omnibox\n\n - CVE-2020-6442: Inappropriate implementation in cache\n\n - CVE-2020-6443: Insufficient data validation in developer tools\n\n - CVE-2020-6444: Uninitialized Use in WebRTC\n\n - CVE-2020-6445: Insufficient policy enforcement in trusted types\n\n - CVE-2020-6446: Insufficient policy enforcement in trusted types\n\n - CVE-2020-6447: Inappropriate implementation in developer tools\n\n - CVE-2020-6448: Use after free in V8\n\nChromium was updated to 80.0.3987.162 boo#1168421 :\n\n - CVE-2020-6450: Use after free in WebAudio.\n\n - CVE-2020-6451: Use after free in WebAudio.\n\n - CVE-2020-6452: Heap buffer overflow in media.\n\n - Use a symbolic icon for GNOME", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-519)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6450", "CVE-2020-6451", "CVE-2020-6452", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-519.NASL", "href": "https://www.tenable.com/plugins/nessus/135577", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-519.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135577);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2020-6423\", \"CVE-2020-6430\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6450\", \"CVE-2020-6451\", \"CVE-2020-6452\", \"CVE-2020-6454\", \"CVE-2020-6455\", \"CVE-2020-6456\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-519)\");\n script_summary(english:\"Check for the openSUSE-2020-519 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nChromium was updated to 81.0.4044.92 boo#1168911 :\n\n - CVE-2020-6454: Use after free in extensions\n\n - CVE-2020-6423: Use after free in audio\n\n - CVE-2020-6455: Out of bounds read in WebSQL\n\n - CVE-2020-6430: Type Confusion in V8\n\n - CVE-2020-6456: Insufficient validation of untrusted\n input in clipboard\n\n - CVE-2020-6431: Insufficient policy enforcement in full\n screen\n\n - CVE-2020-6432: Insufficient policy enforcement in\n navigations\n\n - CVE-2020-6433: Insufficient policy enforcement in\n extensions\n\n - CVE-2020-6434: Use after free in devtools\n\n - CVE-2020-6435: Insufficient policy enforcement in\n extensions\n\n - CVE-2020-6436: Use after free in window management\n\n - CVE-2020-6437: Inappropriate implementation in WebView\n\n - CVE-2020-6438: Insufficient policy enforcement in\n extensions\n\n - CVE-2020-6439: Insufficient policy enforcement in\n navigations\n\n - CVE-2020-6440: Inappropriate implementation in\n extensions\n\n - CVE-2020-6441: Insufficient policy enforcement in\n omnibox\n\n - CVE-2020-6442: Inappropriate implementation in cache\n\n - CVE-2020-6443: Insufficient data validation in developer\n tools\n\n - CVE-2020-6444: Uninitialized Use in WebRTC\n\n - CVE-2020-6445: Insufficient policy enforcement in\n trusted types\n\n - CVE-2020-6446: Insufficient policy enforcement in\n trusted types\n\n - CVE-2020-6447: Inappropriate implementation in developer\n tools\n\n - CVE-2020-6448: Use after free in V8\n\nChromium was updated to 80.0.3987.162 boo#1168421 :\n\n - CVE-2020-6450: Use after free in WebAudio.\n\n - CVE-2020-6451: Use after free in WebAudio.\n\n - CVE-2020-6452: Heap buffer overflow in media.\n\n - Use a symbolic icon for GNOME\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168911\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-81.0.4044.92-lp151.2.77.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-81.0.4044.92-lp151.2.77.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-81.0.4044.92-lp151.2.77.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-81.0.4044.92-lp151.2.77.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debugsource-81.0.4044.92-lp151.2.77.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-17T14:17:37", "description": "Another day, another chromium update. This one fixes :\n\nCVE-2020-6458 CVE-2020-6459 CVE-2020-6460\n\n----\n\nFix dependency issue introduced when switching from a 'shared' build to a 'static' build.\n\n----\n\nA new major version of Chromium without any security bugs! Just kidding. Here's the CVE list :\n\nCVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456 CVE-2020-6431 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6432 CVE-2020-6457\n\nOh, and this build switches over to a static build, so the chromium-libs and chromium-libs-media subpackages are now obsolete, but it should be slightly better for performance.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-05-04T00:00:00", "type": "nessus", "title": "Fedora 30 : chromium (2020-0e7f1b663b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2020-0E7F1B663B.NASL", "href": "https://www.tenable.com/plugins/nessus/136293", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-0e7f1b663b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136293);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2020-6423\", \"CVE-2020-6430\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6454\", \"CVE-2020-6455\", \"CVE-2020-6456\", \"CVE-2020-6457\", \"CVE-2020-6458\", \"CVE-2020-6459\", \"CVE-2020-6460\");\n script_xref(name:\"FEDORA\", value:\"2020-0e7f1b663b\");\n\n script_name(english:\"Fedora 30 : chromium (2020-0e7f1b663b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Another day, another chromium update. This one fixes :\n\nCVE-2020-6458 CVE-2020-6459 CVE-2020-6460\n\n----\n\nFix dependency issue introduced when switching from a 'shared' build\nto a 'static' build.\n\n----\n\nA new major version of Chromium without any security bugs! Just\nkidding. Here's the CVE list :\n\nCVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456\nCVE-2020-6431 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436\nCVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441\nCVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446\nCVE-2020-6447 CVE-2020-6448 CVE-2020-6432 CVE-2020-6457\n\nOh, and this build switches over to a static build, so the\nchromium-libs and chromium-libs-media subpackages are now obsolete,\nbut it should be slightly better for performance.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-0e7f1b663b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6459\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"chromium-81.0.4044.122-1.fc30\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-17T14:16:10", "description": "The description provided by Fedora was far too silly to endure. Please consult the NIST CVEs for details on these Google Chromium vulnerabilities.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-05-18T00:00:00", "type": "nessus", "title": "Fedora 31 : chromium (2020-da49fbb17c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6462", "CVE-2020-6464"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-DA49FBB17C.NASL", "href": "https://www.tenable.com/plugins/nessus/136685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-da49fbb17c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136685);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2020-6423\", \"CVE-2020-6430\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6454\", \"CVE-2020-6455\", \"CVE-2020-6456\", \"CVE-2020-6457\", \"CVE-2020-6458\", \"CVE-2020-6459\", \"CVE-2020-6460\", \"CVE-2020-6461\", \"CVE-2020-6462\", \"CVE-2020-6464\");\n script_xref(name:\"FEDORA\", value:\"2020-da49fbb17c\");\n\n script_name(english:\"Fedora 31 : chromium (2020-da49fbb17c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The description provided by Fedora was far too silly to endure. Please\nconsult the NIST CVEs for details on these Google Chromium\nvulnerabilities.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-da49fbb17c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6464\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"chromium-81.0.4044.138-1.fc31\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-15T13:56:14", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2020-6423 A use-after-free issue was found in the audio implementation.\n\n - CVE-2020-6430 Avihay Cohen discovered a type confusion issue in the v8 JavaScript library.\n\n - CVE-2020-6431 Luan Herrera discovered a policy enforcement error.\n\n - CVE-2020-6432 Luan Herrera discovered a policy enforcement error.\n\n - CVE-2020-6433 Luan Herrera discovered a policy enforcement error in extensions.\n\n - CVE-2020-6434 HyungSeok Han discovered a use-after-free issue in the developer tools.\n\n - CVE-2020-6435 Sergei Glazunov discovered a policy enforcement error in extensions.\n\n - CVE-2020-6436 Igor Bukanov discovered a use-after-free issue.\n\n - CVE-2020-6437 Jann Horn discovered an implementation error in WebView.\n\n - CVE-2020-6438 Ng Yik Phang discovered a policy enforcement error in extensions.\n\n - CVE-2020-6439 remkoboonstra discovered a policy enforcement error.\n\n - CVE-2020-6440 David Erceg discovered an implementation error in extensions.\n\n - CVE-2020-6441 David Erceg discovered a policy enforcement error.\n\n - CVE-2020-6442 B@rMey discovered an implementation error in the page cache.\n\n - CVE-2020-6443 @lovasoa discovered an implementation error in the developer tools.\n\n - CVE-2020-6444 mlfbrown discovered an uninitialized variable in the WebRTC implementation.\n\n - CVE-2020-6445 Jun Kokatsu discovered a policy enforcement error.\n\n - CVE-2020-6446 Jun Kokatsu discovered a policy enforcement error.\n\n - CVE-2020-6447 David Erceg discovered an implementation error in the developer tools.\n\n - CVE-2020-6448 Guang Gong discovered a use-after-free issue in the v8 JavaScript library.\n\n - CVE-2020-6454 Leecraso and Guang Gong discovered a use-after-free issue in extensions.\n\n - CVE-2020-6455 Nan Wang and Guang Gong discovered an out-of-bounds read issue in the WebSQL implementation.\n\n - CVE-2020-6456 Michal Bentkowski discovered insufficient validation of untrusted input.\n\n - CVE-2020-6457 Leecraso and Guang Gong discovered a use-after-free issue in the speech recognizer.\n\n - CVE-2020-6458 Aleksandar Nikolic discoved an out-of-bounds read and write issue in the pdfium library.\n\n - CVE-2020-6459 Zhe Jin discovered a use-after-free issue in the payments implementation.\n\n - CVE-2020-6460 It was discovered that URL formatting was insufficiently validated.\n\n - CVE-2020-6461 Zhe Jin discovered a use-after-free issue.\n\n - CVE-2020-6462 Zhe Jin discovered a use-after-free issue in task scheduling.\n\n - CVE-2020-6463 Pawel Wylecial discovered a use-after-free issue in the ANGLE library.\n\n - CVE-2020-6464 Looben Yang discovered a type confusion issue in Blink/Webkit.\n\n - CVE-2020-6465 Woojin Oh discovered a use-after-free issue.\n\n - CVE-2020-6466 Zhe Jin discovered a use-after-free issue.\n\n - CVE-2020-6467 ZhanJia Song discovered a use-after-free issue in the WebRTC implementation.\n\n - CVE-2020-6468 Chris Salls and Jake Corina discovered a type confusion issue in the v8 JavaScript library.\n\n - CVE-2020-6469 David Erceg discovered a policy enforcement error in the developer tools.\n\n - CVE-2020-6470 Michal Bentkowski discovered insufficient validation of untrusted input.\n\n - CVE-2020-6471 David Erceg discovered a policy enforcement error in the developer tools.\n\n - CVE-2020-6472 David Erceg discovered a policy enforcement error in the developer tools.\n\n - CVE-2020-6473 Soroush Karami and Panagiotis Ilia discovered a policy enforcement error in Blink/Webkit.\n\n - CVE-2020-6474 Zhe Jin discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2020-6475 Khalil Zhani discovered a user interface error.\n\n - CVE-2020-6476 Alexandre Le Borgne discovered a policy enforcement error.\n\n - CVE-2020-6478 Khalil Zhani discovered an implementation error in full screen mode.\n\n - CVE-2020-6479 Zhong Zhaochen discovered an implementation error.\n\n - CVE-2020-6480 Marvin Witt discovered a policy enforcement error.\n\n - CVE-2020-6481 Rayyan Bijoora discovered a policy enforcement error.\n\n - CVE-2020-6482 Abdulrahman Alqabandi discovered a policy enforcement error in the developer tools.\n\n - CVE-2020-6483 Jun Kokatsu discovered a policy enforcement error in payments.\n\n - CVE-2020-6484 Artem Zinenko discovered insufficient validation of user data in the ChromeDriver implementation.\n\n - CVE-2020-6485 Sergei Glazunov discovered a policy enforcement error.\n\n - CVE-2020-6486 David Erceg discovered a policy enforcement error.\n\n - CVE-2020-6487 Jun Kokatsu discovered a policy enforcement error.\n\n - CVE-2020-6488 David Erceg discovered a policy enforcement error.\n\n - CVE-2020-6489 @lovasoa discovered an implementation error in the developer tools.\n\n - CVE-2020-6490 Insufficient validation of untrusted data was discovered.\n\n - CVE-2020-6491 Sultan Haikal discovered a user interface error.\n\n - CVE-2020-6493 A use-after-free issue was discovered in the WebAuthentication implementation.\n\n - CVE-2020-6494 Juho Nurimen discovered a user interface error.\n\n - CVE-2020-6495 David Erceg discovered a policy enforcement error in the developer tools.\n\n - CVE-2020-6496 Khalil Zhani discovered a use-after-free issue in payments.\n\n - CVE-2020-6497 Rayyan Bijoora discovered a policy enforcement issue.\n\n - CVE-2020-6498 Rayyan Bijoora discovered a user interface error.\n\n - CVE-2020-6505 Khalil Zhani discovered a use-after-free issue.\n\n - CVE-2020-6506 Alesandro Ortiz discovered a policy enforcement error.\n\n - CVE-2020-6507 Sergei Glazunov discovered an out-of-bounds write issue in the v8 JavaScript library.\n\n - CVE-2020-6509 A use-after-free issue was discovered in extensions.\n\n - CVE-2020-6831 Natalie Silvanovich discovered a buffer overflow issue in the SCTP library.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-02T00:00:00", "type": "nessus", "title": "Debian DSA-4714-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6462", "CVE-2020-6463", "CVE-2020-6464", "CVE-2020-6465", "CVE-2020-6466", "CVE-2020-6467", "CVE-2020-6468", "CVE-2020-6469", "CVE-2020-6470", "CVE-2020-6471", "CVE-2020-6472", "CVE-2020-6473", "CVE-2020-6474", "CVE-2020-6475", "CVE-2020-6476", "CVE-2020-6478", "CVE-2020-6479", "CVE-2020-6480", "CVE-2020-6481", "CVE-2020-6482", "CVE-2020-6483", "CVE-2020-6484", "CVE-2020-6485", "CVE-2020-6486", "CVE-2020-6487", "CVE-2020-6488", "CVE-2020-6489", "CVE-2020-6490", "CVE-2020-6491", "CVE-2020-6493", "CVE-2020-6494", "CVE-2020-6495", "CVE-2020-6496", "CVE-2020-6497", "CVE-2020-6498", "CVE-2020-6505", "CVE-2020-6506", "CVE-2020-6507", "CVE-2020-6509", "CVE-2020-6831"], "modified": "2021-05-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4714.NASL", "href": "https://www.tenable.com/plugins/nessus/138066", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4714. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138066);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/26\");\n\n script_cve_id(\"CVE-2020-6423\", \"CVE-2020-6430\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6454\", \"CVE-2020-6455\", \"CVE-2020-6456\", \"CVE-2020-6457\", \"CVE-2020-6458\", \"CVE-2020-6459\", \"CVE-2020-6460\", \"CVE-2020-6461\", \"CVE-2020-6462\", \"CVE-2020-6463\", \"CVE-2020-6464\", \"CVE-2020-6465\", \"CVE-2020-6466\", \"CVE-2020-6467\", \"CVE-2020-6468\", \"CVE-2020-6469\", \"CVE-2020-6470\", \"CVE-2020-6471\", \"CVE-2020-6472\", \"CVE-2020-6473\", \"CVE-2020-6474\", \"CVE-2020-6475\", \"CVE-2020-6476\", \"CVE-2020-6478\", \"CVE-2020-6479\", \"CVE-2020-6480\", \"CVE-2020-6481\", \"CVE-2020-6482\", \"CVE-2020-6483\", \"CVE-2020-6484\", \"CVE-2020-6485\", \"CVE-2020-6486\", \"CVE-2020-6487\", \"CVE-2020-6488\", \"CVE-2020-6489\", \"CVE-2020-6490\", \"CVE-2020-6491\", \"CVE-2020-6493\", \"CVE-2020-6494\", \"CVE-2020-6495\", \"CVE-2020-6496\", \"CVE-2020-6497\", \"CVE-2020-6498\", \"CVE-2020-6505\", \"CVE-2020-6506\", \"CVE-2020-6507\", \"CVE-2020-6509\", \"CVE-2020-6831\");\n script_xref(name:\"DSA\", value:\"4714\");\n\n script_name(english:\"Debian DSA-4714-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2020-6423\n A use-after-free issue was found in the audio\n implementation.\n\n - CVE-2020-6430\n Avihay Cohen discovered a type confusion issue in the v8\n JavaScript library.\n\n - CVE-2020-6431\n Luan Herrera discovered a policy enforcement error.\n\n - CVE-2020-6432\n Luan Herrera discovered a policy enforcement error.\n\n - CVE-2020-6433\n Luan Herrera discovered a policy enforcement error in\n extensions.\n\n - CVE-2020-6434\n HyungSeok Han discovered a use-after-free issue in the\n developer tools.\n\n - CVE-2020-6435\n Sergei Glazunov discovered a policy enforcement error in\n extensions.\n\n - CVE-2020-6436\n Igor Bukanov discovered a use-after-free issue.\n\n - CVE-2020-6437\n Jann Horn discovered an implementation error in WebView.\n\n - CVE-2020-6438\n Ng Yik Phang discovered a policy enforcement error in\n extensions.\n\n - CVE-2020-6439\n remkoboonstra discovered a policy enforcement error.\n\n - CVE-2020-6440\n David Erceg discovered an implementation error in\n extensions.\n\n - CVE-2020-6441\n David Erceg discovered a policy enforcement error.\n\n - CVE-2020-6442\n B@rMey discovered an implementation error in the page\n cache.\n\n - CVE-2020-6443\n @lovasoa discovered an implementation error in the\n developer tools.\n\n - CVE-2020-6444\n mlfbrown discovered an uninitialized variable in the\n WebRTC implementation.\n\n - CVE-2020-6445\n Jun Kokatsu discovered a policy enforcement error.\n\n - CVE-2020-6446\n Jun Kokatsu discovered a policy enforcement error.\n\n - CVE-2020-6447\n David Erceg discovered an implementation error in the\n developer tools.\n\n - CVE-2020-6448\n Guang Gong discovered a use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2020-6454\n Leecraso and Guang Gong discovered a use-after-free\n issue in extensions.\n\n - CVE-2020-6455\n Nan Wang and Guang Gong discovered an out-of-bounds read\n issue in the WebSQL implementation.\n\n - CVE-2020-6456\n Michal Bentkowski discovered insufficient validation of\n untrusted input.\n\n - CVE-2020-6457\n Leecraso and Guang Gong discovered a use-after-free\n issue in the speech recognizer.\n\n - CVE-2020-6458\n Aleksandar Nikolic discoved an out-of-bounds read and\n write issue in the pdfium library.\n\n - CVE-2020-6459\n Zhe Jin discovered a use-after-free issue in the\n payments implementation.\n\n - CVE-2020-6460\n It was discovered that URL formatting was insufficiently\n validated.\n\n - CVE-2020-6461\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2020-6462\n Zhe Jin discovered a use-after-free issue in task\n scheduling.\n\n - CVE-2020-6463\n Pawel Wylecial discovered a use-after-free issue in the\n ANGLE library.\n\n - CVE-2020-6464\n Looben Yang discovered a type confusion issue in\n Blink/Webkit.\n\n - CVE-2020-6465\n Woojin Oh discovered a use-after-free issue.\n\n - CVE-2020-6466\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2020-6467\n ZhanJia Song discovered a use-after-free issue in the\n WebRTC implementation.\n\n - CVE-2020-6468\n Chris Salls and Jake Corina discovered a type confusion\n issue in the v8 JavaScript library.\n\n - CVE-2020-6469\n David Erceg discovered a policy enforcement error in the\n developer tools.\n\n - CVE-2020-6470\n Michal Bentkowski discovered insufficient validation of\n untrusted input.\n\n - CVE-2020-6471\n David Erceg discovered a policy enforcement error in the\n developer tools.\n\n - CVE-2020-6472\n David Erceg discovered a policy enforcement error in the\n developer tools.\n\n - CVE-2020-6473\n Soroush Karami and Panagiotis Ilia discovered a policy\n enforcement error in Blink/Webkit.\n\n - CVE-2020-6474\n Zhe Jin discovered a use-after-free issue in\n Blink/Webkit.\n\n - CVE-2020-6475\n Khalil Zhani discovered a user interface error.\n\n - CVE-2020-6476\n Alexandre Le Borgne discovered a policy enforcement\n error.\n\n - CVE-2020-6478\n Khalil Zhani discovered an implementation error in full\n screen mode.\n\n - CVE-2020-6479\n Zhong Zhaochen discovered an implementation error.\n\n - CVE-2020-6480\n Marvin Witt discovered a policy enforcement error.\n\n - CVE-2020-6481\n Rayyan Bijoora discovered a policy enforcement error.\n\n - CVE-2020-6482\n Abdulrahman Alqabandi discovered a policy enforcement\n error in the developer tools.\n\n - CVE-2020-6483\n Jun Kokatsu discovered a policy enforcement error in\n payments.\n\n - CVE-2020-6484\n Artem Zinenko discovered insufficient validation of user\n data in the ChromeDriver implementation.\n\n - CVE-2020-6485\n Sergei Glazunov discovered a policy enforcement error.\n\n - CVE-2020-6486\n David Erceg discovered a policy enforcement error.\n\n - CVE-2020-6487\n Jun Kokatsu discovered a policy enforcement error.\n\n - CVE-2020-6488\n David Erceg discovered a policy enforcement error.\n\n - CVE-2020-6489\n @lovasoa discovered an implementation error in the\n developer tools.\n\n - CVE-2020-6490\n Insufficient validation of untrusted data was\n discovered.\n\n - CVE-2020-6491\n Sultan Haikal discovered a user interface error.\n\n - CVE-2020-6493\n A use-after-free issue was discovered in the\n WebAuthentication implementation.\n\n - CVE-2020-6494\n Juho Nurimen discovered a user interface error.\n\n - CVE-2020-6495\n David Erceg discovered a policy enforcement error in the\n developer tools.\n\n - CVE-2020-6496\n Khalil Zhani discovered a use-after-free issue in\n payments.\n\n - CVE-2020-6497\n Rayyan Bijoora discovered a policy enforcement issue.\n\n - CVE-2020-6498\n Rayyan Bijoora discovered a user interface error.\n\n - CVE-2020-6505\n Khalil Zhani discovered a use-after-free issue.\n\n - CVE-2020-6506\n Alesandro Ortiz discovered a policy enforcement error.\n\n - CVE-2020-6507\n Sergei Glazunov discovered an out-of-bounds write issue\n in the v8 JavaScript library.\n\n - CVE-2020-6509\n A use-after-free issue was discovered in extensions.\n\n - CVE-2020-6831\n Natalie Silvanovich discovered a buffer overflow issue\n in the SCTP library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4714\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the oldstable distribution (stretch), security support for\nchromium has been discontinued.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 83.0.4103.116-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"83.0.4103.116-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"83.0.4103.116-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"83.0.4103.116-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"83.0.4103.116-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"83.0.4103.116-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"83.0.4103.116-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-04-20T18:46:35", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-04-08T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop_7-2020-04)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6445", "CVE-2020-6454", "CVE-2020-6446", "CVE-2020-6434", "CVE-2020-6432", "CVE-2020-6447", "CVE-2020-6437", "CVE-2020-6444", "CVE-2020-6439", "CVE-2020-6455", "CVE-2020-6431", "CVE-2020-6448", "CVE-2020-6435", "CVE-2020-6456", "CVE-2020-6423", "CVE-2020-6438", "CVE-2020-6441", "CVE-2020-6443", "CVE-2020-6442", "CVE-2020-6436", "CVE-2020-6433", "CVE-2020-6430", "CVE-2020-6440"], "modified": "2020-04-17T00:00:00", "id": "OPENVAS:1361412562310816739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816739", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816739\");\n script_version(\"2020-04-17T08:08:41+0000\");\n script_cve_id(\"CVE-2020-6454\", \"CVE-2020-6423\", \"CVE-2020-6455\", \"CVE-2020-6430\",\n \"CVE-2020-6456\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\",\n \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\",\n \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\",\n \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\",\n \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-17 08:08:41 +0000 (Fri, 17 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-08 13:01:58 +0530 (Wed, 08 Apr 2020)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop_7-2020-04)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - A use after free issue in extensions.\n\n - A use after free issue in audio.\n\n - An out of bounds read issue in WebSQL.\n\n - A type confusion issue in V8.\n\n - A use after free in devtools.\n\n - A use after free in window management.\n\n - A use after free in V8.\n\n For more details about the vulnerabilities refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, gain access to sensitive data, bypass security\n restrictions, and launch denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 81.0.4044.92 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 81.0.4044.92 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"81.0.4044.92\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"81.0.4044.92\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-20T18:46:16", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-04-08T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop_7-2020-04)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6445", "CVE-2020-6454", "CVE-2020-6446", "CVE-2020-6434", "CVE-2020-6432", "CVE-2020-6447", "CVE-2020-6437", "CVE-2020-6444", "CVE-2020-6439", "CVE-2020-6455", "CVE-2020-6431", "CVE-2020-6448", "CVE-2020-6435", "CVE-2020-6456", "CVE-2020-6423", "CVE-2020-6438", "CVE-2020-6441", "CVE-2020-6443", "CVE-2020-6442", "CVE-2020-6436", "CVE-2020-6433", "CVE-2020-6430", "CVE-2020-6440"], "modified": "2020-04-17T00:00:00", "id": "OPENVAS:1361412562310816737", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816737", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816737\");\n script_version(\"2020-04-17T08:08:41+0000\");\n script_cve_id(\"CVE-2020-6454\", \"CVE-2020-6423\", \"CVE-2020-6455\", \"CVE-2020-6430\",\n \"CVE-2020-6456\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\",\n \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\",\n \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\",\n \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\",\n \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-17 08:08:41 +0000 (Fri, 17 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-08 11:59:56 +0530 (Wed, 08 Apr 2020)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop_7-2020-04)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - A use after free issue in extensions.\n\n - A use after free issue in audio.\n\n - An out of bounds read issue in WebSQL.\n\n - A type confusion issue in V8.\n\n - A use after free in devtools.\n\n - A use after free in window management.\n\n - A use after free in V8.\n\n For more details about the vulnerabilities refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, gain access to sensitive data, bypass security\n restrictions, and launch denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 81.0.4044.92 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 81.0.4044.92 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"81.0.4044.92\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"81.0.4044.92\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-20T18:49:05", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-04-08T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop_7-2020-04)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6445", "CVE-2020-6454", "CVE-2020-6446", "CVE-2020-6434", "CVE-2020-6432", "CVE-2020-6447", "CVE-2020-6437", "CVE-2020-6444", "CVE-2020-6439", "CVE-2020-6455", "CVE-2020-6431", "CVE-2020-6448", "CVE-2020-6435", "CVE-2020-6456", "CVE-2020-6423", "CVE-2020-6438", "CVE-2020-6441", "CVE-2020-6443", "CVE-2020-6442", "CVE-2020-6436", "CVE-2020-6433", "CVE-2020-6430", "CVE-2020-6440"], "modified": "2020-04-17T00:00:00", "id": "OPENVAS:1361412562310816738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816738", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816738\");\n script_version(\"2020-04-17T08:08:41+0000\");\n script_cve_id(\"CVE-2020-6454\", \"CVE-2020-6423\", \"CVE-2020-6455\", \"CVE-2020-6430\",\n \"CVE-2020-6456\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\",\n \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\",\n \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\",\n \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\",\n \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-17 08:08:41 +0000 (Fri, 17 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-08 11:59:56 +0530 (Wed, 08 Apr 2020)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop_7-2020-04)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - A use after free issue in extensions.\n\n - A use after free issue in audio.\n\n - An out of bounds read issue in WebSQL.\n\n - A type confusion issue in V8.\n\n - A use after free in devtools.\n\n - A use after free in window management.\n\n - A use after free in V8.\n\n For more details about the vulnerabilities refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, gain access to sensitive data, bypass security\n restrictions, and launch denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 81.0.4044.92 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 81.0.4044.92 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"81.0.4044.92\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"81.0.4044.92\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T14:56:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2020:0519-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6445", "CVE-2020-6454", "CVE-2020-6446", "CVE-2020-6434", "CVE-2020-6432", "CVE-2020-6447", "CVE-2020-6452", "CVE-2020-6437", "CVE-2020-6444", "CVE-2020-6451", "CVE-2020-6439", "CVE-2020-6455", "CVE-2020-6431", "CVE-2020-6448", "CVE-2020-6435", "CVE-2020-6456", "CVE-2020-6423", "CVE-2020-6438", "CVE-2020-6441", "CVE-2020-6443", "CVE-2020-6442", "CVE-2020-6436", "CVE-2020-6433", "CVE-2020-6450", "CVE-2020-6430", "CVE-2020-6440"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310853115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853115", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853115\");\n script_version(\"2020-04-21T09:23:28+0000\");\n script_cve_id(\"CVE-2020-6423\", \"CVE-2020-6430\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6450\", \"CVE-2020-6451\", \"CVE-2020-6452\", \"CVE-2020-6454\", \"CVE-2020-6455\", \"CVE-2020-6456\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 09:23:28 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 03:00:51 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2020:0519-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0519-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the openSUSE-SU-2020:0519-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for chromium fixes the following issues:\n\n Chromium was updated to 81.0.4044.92 boo#1168911:\n\n * CVE-2020-6454: Use after free in extensions\n\n * CVE-2020-6423: Use after free in audio\n\n * CVE-2020-6455: Out of bounds read in WebSQL\n\n * CVE-2020-6430: Type Confusion in V8\n\n * CVE-2020-6456: Insufficient validation of untrusted input in clipboard\n\n * CVE-2020-6431: Insufficient policy enforcement in full screen\n\n * CVE-2020-6432: Insufficient policy enforcement in navigations\n\n * CVE-2020-6433: Insufficient policy enforcement in extensions\n\n * CVE-2020-6434: Use after free in devtools\n\n * CVE-2020-6435: Insufficient policy enforcement in extensions\n\n * CVE-2020-6436: Use after free in window management\n\n * CVE-2020-6437: Inappropriate implementation in WebView\n\n * CVE-2020-6438: Insufficient policy enforcement in extensions\n\n * CVE-2020-6439: Insufficient policy enforcement in navigations\n\n * CVE-2020-6440: Inappropriate implementation in extensions\n\n * CVE-2020-6441: Insufficient policy enforcement in omnibox\n\n * CVE-2020-6442: Inappropriate implementation in cache\n\n * CVE-2020-6443: Insufficient data validation in developer tools\n\n * CVE-2020-6444: Uninitialized Use in WebRTC\n\n * CVE-2020-6445: Insufficient policy enforcement in trusted types\n\n * CVE-2020-6446: Insufficient policy enforcement in trusted types\n\n * CVE-2020-6447: Inappropriate implementation in developer tools\n\n * CVE-2020-6448: Use after free in V8\n\n Chromium was updated to 80.0.3987.162 boo#1168421:\n\n * CVE-2020-6450: Use after free in WebAudio.\n\n * CVE-2020-6451: Use after free in WebAudio.\n\n * CVE-2020-6452: Heap buffer overflow in media.\n\n - Use a symbolic icon for GNOME\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-519=1\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~81.0.4044.92~lp151.2.77.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~81.0.4044.92~lp151.2.77.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~81.0.4044.92~lp151.2.77.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~81.0.4044.92~lp151.2.77.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~81.0.4044.92~lp151.2.77.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T16:53:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-06T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for chromium (FEDORA-2020-0e7f1b663b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6445", "CVE-2020-6454", "CVE-2020-6446", "CVE-2020-6458", "CVE-2020-6434", "CVE-2020-6432", "CVE-2020-6447", "CVE-2020-6460", "CVE-2020-6459", "CVE-2020-6437", "CVE-2020-6444", "CVE-2020-6439", "CVE-2020-6455", "CVE-2020-6431", "CVE-2020-6448", "CVE-2020-6435", "CVE-2020-6456", "CVE-2020-6423", "CVE-2020-6438", "CVE-2020-6441", "CVE-2020-6443", "CVE-2020-6442", "CVE-2020-6436", "CVE-2020-6433", "CVE-2020-6430", "CVE-2020-6440", "CVE-2020-6457"], "modified": "2020-05-07T00:00:00", "id": "OPENVAS:1361412562310877790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877790", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877790\");\n script_version(\"2020-05-07T07:41:43+0000\");\n script_cve_id(\"CVE-2020-6458\", \"CVE-2020-6459\", \"CVE-2020-6460\", \"CVE-2020-6454\", \"CVE-2020-6423\", \"CVE-2020-6455\", \"CVE-2020-6430\", \"CVE-2020-6456\", \"CVE-2020-6431\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6432\", \"CVE-2020-6457\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 07:41:43 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-06 03:26:58 +0000 (Wed, 06 May 2020)\");\n script_name(\"Fedora: Security Advisory for chromium (FEDORA-2020-0e7f1b663b)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-0e7f1b663b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the FEDORA-2020-0e7f1b663b advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium is an open-source web browser, powered by WebKit (Blink).\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~81.0.4044.122~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-06T00:58:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-04-30T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for chromium (FEDORA-2020-b82a634e27)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6445", "CVE-2020-6454", "CVE-2020-6446", "CVE-2020-6458", "CVE-2020-6434", "CVE-2020-6432", "CVE-2020-6447", "CVE-2020-6460", "CVE-2020-6459", "CVE-2020-6437", "CVE-2020-6444", "CVE-2020-6439", "CVE-2020-6455", "CVE-2020-6431", "CVE-2020-6448", "CVE-2020-6435", "CVE-2020-6456", "CVE-2020-6423", "CVE-2020-6438", "CVE-2020-6441", "CVE-2020-6443", "CVE-2020-6442", "CVE-2020-6436", "CVE-2020-6433", "CVE-2020-6430", "CVE-2020-6440", "CVE-2020-6457"], "modified": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562310877739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877739", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877739\");\n script_version(\"2020-04-30T08:51:29+0000\");\n script_cve_id(\"CVE-2020-6458\", \"CVE-2020-6459\", \"CVE-2020-6460\", \"CVE-2020-6454\", \"CVE-2020-6423\", \"CVE-2020-6455\", \"CVE-2020-6430\", \"CVE-2020-6456\", \"CVE-2020-6431\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6432\", \"CVE-2020-6457\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 08:51:29 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 03:14:52 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Fedora: Security Advisory for chromium (FEDORA-2020-b82a634e27)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-b82a634e27\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the FEDORA-2020-b82a634e27 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium is an open-source web browser, powered by WebKit (Blink).\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~81.0.4044.122~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-22T13:22:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-18T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for chromium (FEDORA-2020-da49fbb17c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6464", "CVE-2020-6445", "CVE-2020-6454", "CVE-2020-6446", "CVE-2020-6458", "CVE-2020-6434", "CVE-2020-6432", "CVE-2020-6447", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6459", "CVE-2020-6437", "CVE-2020-6444", "CVE-2020-6439", "CVE-2020-6455", "CVE-2020-6431", "CVE-2020-6448", "CVE-2020-6435", "CVE-2020-6456", "CVE-2020-6423", "CVE-2020-6438", "CVE-2020-6441", "CVE-2020-6443", "CVE-2020-6442", "CVE-2020-6436", "CVE-2020-6433", "CVE-2020-6430", "CVE-2020-6440", "CVE-2020-6462", "CVE-2020-6457"], "modified": "2020-05-20T00:00:00", "id": "OPENVAS:1361412562310877846", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877846", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877846\");\n script_version(\"2020-05-20T02:28:18+0000\");\n script_cve_id(\"CVE-2020-6464\", \"CVE-2020-6461\", \"CVE-2020-6462\", \"CVE-2020-6458\", \"CVE-2020-6459\", \"CVE-2020-6460\", \"CVE-2020-6454\", \"CVE-2020-6423\", \"CVE-2020-6455\", \"CVE-2020-6430\", \"CVE-2020-6456\", \"CVE-2020-6431\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6432\", \"CVE-2020-6457\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-20 02:28:18 +0000 (Wed, 20 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-18 03:23:38 +0000 (Mon, 18 May 2020)\");\n script_name(\"Fedora: Security Advisory for chromium (FEDORA-2020-da49fbb17c)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-da49fbb17c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the FEDORA-2020-da49fbb17c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium is an open-source web browser, powered by WebKit (Blink).\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~81.0.4044.138~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:05:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-03T00:00:00", "type": "openvas", "title": "Debian: Security Advisory for chromium (DSA-4714-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-6464", "CVE-2020-6445", "CVE-2020-6454", "CVE-2020-6446", "CVE-2020-6458", "CVE-2020-6506", "CVE-2020-6468", "CVE-2020-6831", "CVE-2020-6434", "CVE-2020-6432", "CVE-2020-6447", "CVE-2020-6463", "CVE-2020-6483", "CVE-2020-6482", "CVE-2020-6486", "CVE-2020-6485", "CVE-2020-6494", "CVE-2020-6476", "CVE-2020-6507", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6479", "CVE-2020-6459", "CVE-2020-6474", "CVE-2020-6467", "CVE-2020-6465", "CVE-2020-6493", "CVE-2020-6498", "CVE-2020-6437", "CVE-2020-6444", "CVE-2020-6439", "CVE-2020-6455", "CVE-2020-6472", "CVE-2020-6481", "CVE-2020-6431", "CVE-2020-6448", "CVE-2020-6469", "CVE-2020-6491", "CVE-2020-6435", "CVE-2020-6489", "CVE-2020-6456", "CVE-2020-6473", "CVE-2020-6466", "CVE-2020-6423", "CVE-2020-6488", "CVE-2020-6438", "CVE-2020-6441", "CVE-2020-6443", "CVE-2020-6478", "CVE-2020-6480", "CVE-2020-6487", "CVE-2020-6505", "CVE-2020-6442", "CVE-2020-6436", "CVE-2020-6490", "CVE-2020-6433", "CVE-2020-6496", "CVE-2020-6430", "CVE-2020-6440", "CVE-2020-6497", "CVE-2020-6462", "CVE-2020-6471", "CVE-2020-6475", "CVE-2020-6470", "CVE-2020-6484", "CVE-2020-6457", "CVE-2020-6495", "CVE-2020-6509"], "modified": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562310704714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704714", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704714\");\n script_version(\"2020-07-03T03:01:04+0000\");\n script_cve_id(\"CVE-2020-6423\", \"CVE-2020-6430\", \"CVE-2020-6431\", \"CVE-2020-6432\", \"CVE-2020-6433\", \"CVE-2020-6434\", \"CVE-2020-6435\", \"CVE-2020-6436\", \"CVE-2020-6437\", \"CVE-2020-6438\", \"CVE-2020-6439\", \"CVE-2020-6440\", \"CVE-2020-6441\", \"CVE-2020-6442\", \"CVE-2020-6443\", \"CVE-2020-6444\", \"CVE-2020-6445\", \"CVE-2020-6446\", \"CVE-2020-6447\", \"CVE-2020-6448\", \"CVE-2020-6454\", \"CVE-2020-6455\", \"CVE-2020-6456\", \"CVE-2020-6457\", \"CVE-2020-6458\", \"CVE-2020-6459\", \"CVE-2020-6460\", \"CVE-2020-6461\", \"CVE-2020-6462\", \"CVE-2020-6463\", \"CVE-2020-6464\", \"CVE-2020-6465\", \"CVE-2020-6466\", \"CVE-2020-6467\", \"CVE-2020-6468\", \"CVE-2020-6469\", \"CVE-2020-6470\", \"CVE-2020-6471\", \"CVE-2020-6472\", \"CVE-2020-6473\", \"CVE-2020-6474\", \"CVE-2020-6475\", \"CVE-2020-6476\", \"CVE-2020-6478\", \"CVE-2020-6479\", \"CVE-2020-6480\", \"CVE-2020-6481\", \"CVE-2020-6482\", \"CVE-2020-6483\", \"CVE-2020-6484\", \"CVE-2020-6485\", \"CVE-2020-6486\", \"CVE-2020-6487\", \"CVE-2020-6488\", \"CVE-2020-6489\", \"CVE-2020-6490\", \"CVE-2020-6491\", \"CVE-2020-6493\", \"CVE-2020-6494\", \"CVE-2020-6495\", \"CVE-2020-6496\", \"CVE-2020-6497\", \"CVE-2020-6498\", \"CVE-2020-6505\", \"CVE-2020-6506\", \"CVE-2020-6507\", \"CVE-2020-6509\", \"CVE-2020-6831\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-03 03:01:04 +0000 (Fri, 03 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 03:01:04 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Debian: Security Advisory for chromium (DSA-4714-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4714.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4714-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the DSA-4714-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2020-6423\nA use-after-free issue was found in the audio implementation.\n\nCVE-2020-6430\nAvihay Cohen discovered a type confusion issue in the v8 javascript\nlibrary.\n\nCVE-2020-6431\nLuan Herrera discovered a policy enforcement error.\n\nCVE-2020-6432\nLuan Herrera discovered a policy enforcement error.\n\nCVE-2020-6433\nLuan Herrera discovered a policy enforcement error in extensions.\n\nCVE-2020-6434\nHyungSeok Han discovered a use-after-free issue in the developer tools.\n\nCVE-2020-6435\nSergei Glazunov discovered a policy enforcement error in extensions.\n\nCVE-2020-6436\nIgor Bukanov discovered a use-after-free issue.\n\nCVE-2020-6437\nJann Horn discovered an implementation error in WebView.\n\nCVE-2020-6438\nNg Yik Phang discovered a policy enforcement error in extensions.\n\nCVE-2020-6439\nremkoboonstra discovered a policy enforcement error.\n\nCVE-2020-6440\nDavid Erceg discovered an implementation error in extensions.\n\nCVE-2020-6441\nDavid Erceg discovered a policy enforcement error.\n\nCVE-2020-6442\nB@rMey discovered an implementation error in the page cache.\n\nCVE-2020-6443\n@lovasoa discovered an implementation error in the developer tools.\n\nCVE-2020-6444\nmlfbrown discovered an uninitialized variable in the WebRTC\nimplementation.\n\nCVE-2020-6445\nJun Kokatsu discovered a policy enforcement error.\n\nCVE-2020-6446\nJun Kokatsu discovered a policy enforcement error.\n\nCVE-2020-6447\nDavid Erceg discovered an implementation error in the developer tools.\n\nCVE-2020-6448\nGuang Gong discovered a use-after-free issue in the v8 javascript library.\n\nCVE-2020-6454\nLeecraso and Guang Gong discovered a use-after-free issue in extensions.\n\nCVE-2020-6455\nNan Wang and Guang Gong discovered an out-of-bounds read issue in the\nWebSQL implementation.\n\nCVE-2020-6456\nMicha? Bentkowski discovered insufficient validation of untrusted input.\n\nCVE-2020-6457\nLeecraso and Guang Gong discovered a use-after-free issue in the speech\nrecognizer.\n\nCVE-2020-6458\nAleksandar Nikolic discoved an out-of-bounds read and write issue in the\npdfium library.\n\nCVE-2020-6459\nZhe Jin discovered a use-after-free issue in the payments implementation.\n\nCVE-2020-6460\nIt was discovered that URL formatting was insufficiently validated.\n\nCVE-2020-6461\nZhe Jin discovered a use-after-free issue.\n\nCVE-2020-6462\nZhe Jin discovered a use-after-free issue in task scheduling.\n\nCVE-2020-6463\nPawel Wylecial discovered a use-after-free issue in the ANGLE library.\n\nCVE-2020-6464\nLooben Yang discovered a type confusion issue in Blink/Webkit.\n\nCVE-2020-6465\nWoojin Oh discovered a use-after-free iss ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), security support for chromium\nhas been discontinued.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 83.0.4103.116-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"chromium\", ver:\"83.0.4103.116-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-common\", ver:\"83.0.4103.116-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-driver\", ver:\"83.0.4103.116-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"83.0.4103.116-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-sandbox\", ver:\"83.0.4103.116-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-shell\", ver:\"83.0.4103.116-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nGoogle Chrome Releases reports:\n\nThis updates includes 32 security fixes, including:\n\n[1019161] High CVE-2020-6454: Use after free in extensions.\n\t Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on\n\t 2019-10-29\n[1043446] High CVE-2020-6423: Use after free in audio.\n\t Reported by Anonymous on 2020-01-18\n[1059669] High CVE-2020-6455: Out of bounds read in WebSQL.\n\t Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab,\n\t Qihoo 360 on 2020-03-09\n[1031479] Medium CVE-2020-6430: Type Confusion in V8.\n\t Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06\n[1040755] Medium CVE-2020-6456: Insufficient validation of\n\t untrusted input in clipboard. Reported by Micha\u0142 Bentkowski of\n\t Securitum on 2020-01-10\n[852645] Medium CVE-2020-6431: Insufficient policy\n\t enforcement in full screen. Reported by Luan Herrera (@lbherrera_)\n\t on 2018-06-14\n[965611] Medium CVE-2020-6432: Insufficient policy\n\t enforcement in navigations. Reported by David Erceg on\n\t 2019-05-21\n[1043965] Medium CVE-2020-6433: Insufficient policy\n\t enforcement in extensions. Reported by David Erceg on\n\t 2020-01-21\n[1048555] Medium CVE-2020-6434: Use after free in devtools.\n\t Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04\n[1032158] Medium CVE-2020-6435: Insufficient policy\n\t enforcement in extensions. Reported by Sergei Glazunov of Google\n\t Project Zero on 2019-12-09\n[1034519] Medium CVE-2020-6436: Use after free in window\n\t management. Reported by Igor Bukanov from Vivaldi on 2019-12-16\n[639173] Low CVE-2020-6437: Inappropriate implementation in\n\t WebView. Reported by Jann Horn on 2016-08-19\n[714617] Low CVE-2020-6438: Insufficient policy enforcement in\n\t extensions. Reported by Ng Yik Phang on 2017-04-24\n[868145] Low CVE-2020-6439: Insufficient policy enforcement in\n\t navigations. Reported by remkoboonstra on 2018-07-26\n[894477] Low CVE-2020-6440: Inappropriate implementation in\n\t extensions. Reported by David Erceg on 2018-10-11\n[959571] Low CVE-2020-6441: Insufficient policy enforcement in\n\t omnibox. Reported by David Erceg on 2019-05-04\n[1013906] Low CVE-2020-6442: Inappropriate implementation in\n\t cache. Reported by B@rMey on 2019-10-12\n[1040080] Low CVE-2020-6443: Insufficient data validation in\n\t developer tools. Reported by @lovasoa (Ophir LOJKINE) on\n\t 2020-01-08\n[922882] Low CVE-2020-6444: Uninitialized Use in WebRTC.\n\t Reported by mlfbrown on 2019-01-17\n[933171] Low CVE-2020-6445: Insufficient policy enforcement in\n\t trusted types. Reported by Jun Kokatsu, Microsoft Browser\n\t Vulnerability Research on 2019-02-18\n[933172] Low CVE-2020-6446: Insufficient policy enforcement in\n\t trusted types. Reported by Jun Kokatsu, Microsoft Browser\n\t Vulnerability Research on 2019-02-18\n[991217] Low CVE-2020-6447: Inappropriate implementation in\n\t developer tools. Reported by David Erceg on 2019-08-06\n[1037872] Low CVE-2020-6448: Use after free in V8. Reported by\n\t Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-07T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-04-07T00:00:00", "id": "6E3B700A-7CA3-11EA-B594-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/6e3b700a-7ca3-11ea-b594-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:58", "description": "Arch Linux Security Advisory ASA-202004-9\n=========================================\n\nSeverity: High\nDate : 2020-04-08\nCVE-ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432\nCVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436\nCVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440\nCVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444\nCVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448\nCVE-2020-6454 CVE-2020-6455 CVE-2020-6456\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1128\n\nSummary\n=======\n\nThe package chromium before version 81.0.4044.92-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure, access restriction bypass and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 81.0.4044.92-1.\n\n# pacman -Syu \"chromium>=81.0.4044.92-1\"\n\nThe problems have been fixed upstream in version 81.0.4044.92.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-6423 (arbitrary code execution)\n\nA use after free security issue has been found in the audio component\nof the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6430 (arbitrary code execution)\n\nA type confusion security issue has been found in the V8 component of\nthe chromium browser before 81.0.4044.92.\n\n- CVE-2020-6431 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nfull screen component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6432 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nnavigations component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6433 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nextensions component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6434 (arbitrary code execution)\n\nA use-after-free security issue has been found in the devtools\ncomponent of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6435 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nextensions component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6436 (arbitrary code execution)\n\nA use-after-free security issue has been found in the window management\ncomponent of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6437 (access restriction bypass)\n\nAn inappropriate implementation security issue has been found in the\nWebView component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6438 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nextensions component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6439 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nnavigations component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6440 (access restriction bypass)\n\nAn inappropriate implementation security issue has been found in the\nextensions component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6441 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nomnibox component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6442 (access restriction bypass)\n\nAn inappropriate implementation security issue has been found in the\ncache component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6443 (insufficient validation)\n\nAn insufficient data validation security issue has been found in the\ndeveloper tools component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6444 (information disclosure)\n\nAn uninitialized memory use issue has been found in the WebRTC\ncomponent of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6445 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\ntrusted types component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6446 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\ntrusted types component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6447 (access restriction bypass)\n\nAn inappropriate implementation security issue has been found in the\ndeveloper tools component of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6448 (arbitrary code execution)\n\nA use-after-free security issue has been found in the V8 component of\nthe chromium browser before 81.0.4044.92.\n\n- CVE-2020-6454 (arbitrary code execution)\n\nA use after free security issue has been found in the extensions\ncomponent of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6455 (information disclosure)\n\nA out of bounds read security issue has been found in the WebSQL\ncomponent of the chromium browser before 81.0.4044.92.\n\n- CVE-2020-6456 (insufficient validation)\n\nAn insufficient validation of untrusted input security issue has been\nfound in the clipboard component of the chromium browser before\n81.0.4044.92.\n\nImpact\n======\n\nA remote attacker might be able to access sensitive information, bypass\nsecurity measures or execute arbitrary code.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html\nhttps://crbug.com/1043446\nhttps://crbug.com/1031479\nhttps://crbug.com/852645\nhttps://crbug.com/965611\nhttps://crbug.com/1043965\nhttps://crbug.com/1048555\nhttps://crbug.com/1032158\nhttps://crbug.com/1034519\nhttps://crbug.com/639173\nhttps://crbug.com/714617\nhttps://crbug.com/868145\nhttps://crbug.com/894477\nhttps://crbug.com/959571\nhttps://crbug.com/1013906\nhttps://crbug.com/1040080\nhttps://crbug.com/922882\nhttps://crbug.com/933171\nhttps://crbug.com/933172\nhttps://crbug.com/991217\nhttps://crbug.com/1037872\nhttps://crbug.com/1019161\nhttps://crbug.com/1059669\nhttps://crbug.com/1040755\nhttps://security.archlinux.org/CVE-2020-6423\nhttps://security.archlinux.org/CVE-2020-6430\nhttps://security.archlinux.org/CVE-2020-6431\nhttps://security.archlinux.org/CVE-2020-6432\nhttps://security.archlinux.org/CVE-2020-6433\nhttps://security.archlinux.org/CVE-2020-6434\nhttps://security.archlinux.org/CVE-2020-6435\nhttps://security.archlinux.org/CVE-2020-6436\nhttps://security.archlinux.org/CVE-2020-6437\nhttps://security.archlinux.org/CVE-2020-6438\nhttps://security.archlinux.org/CVE-2020-6439\nhttps://security.archlinux.org/CVE-2020-6440\nhttps://security.archlinux.org/CVE-2020-6441\nhttps://security.archlinux.org/CVE-2020-6442\nhttps://security.archlinux.org/CVE-2020-6443\nhttps://security.archlinux.org/CVE-2020-6444\nhttps://security.archlinux.org/CVE-2020-6445\nhttps://security.archlinux.org/CVE-2020-6446\nhttps://security.archlinux.org/CVE-2020-6447\nhttps://security.archlinux.org/CVE-2020-6448\nhttps://security.archlinux.org/CVE-2020-6454\nhttps://security.archlinux.org/CVE-2020-6455\nhttps://security.archlinux.org/CVE-2020-6456", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-08T00:00:00", "type": "archlinux", "title": "[ASA-202004-9] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-04-08T00:00:00", "id": "ASA-202004-9", "href": "https://security.archlinux.org/ASA-202004-9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T11:04:19", "description": "### *Detect date*:\n04/15/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, obtain sensitive information.\n\n### *Affected products*:\nOpera earlier than 68.0.3618.41\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for Opera 68](<https://blogs.opera.com/desktop/changelog-for-68/#b3618.41>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2020-6437](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437>)4.3Warning \n[CVE-2020-6433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433>)4.3Warning \n[CVE-2020-6446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446>)4.3Warning \n[CVE-2020-6431](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431>)4.3Warning \n[CVE-2020-6455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455>)6.8High \n[CVE-2020-6439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439>)6.8High \n[CVE-2020-6430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430>)6.8High \n[CVE-2020-6448](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448>)6.8High \n[CVE-2020-6435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435>)4.3Warning \n[CVE-2020-6432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432>)4.3Warning \n[CVE-2020-6454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454>)6.8High \n[CVE-2020-6444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444>)6.8High \n[CVE-2020-6443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443>)6.8High \n[CVE-2020-6456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456>)4.3Warning \n[CVE-2020-6438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438>)4.3Warning \n[CVE-2020-6440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440>)4.3Warning \n[CVE-2020-6441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441>)4.3Warning \n[CVE-2020-6447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447>)6.8High \n[CVE-2020-6434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434>)6.8High \n[CVE-2020-6445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445>)4.3Warning \n[CVE-2020-6436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436>)6.8High \n[CVE-2020-6442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442>)4.3Warning \n[CVE-2020-6423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423>)6.8High \n[CVE-2020-6419](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6419>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-15T00:00:00", "type": "kaspersky", "title": "KLA11751 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6419", "CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-06-04T00:00:00", "id": "KLA11751", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11751/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T11:04:47", "description": "### *Detect date*:\n04/07/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome earlier than 81.0.4044.92\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2020-6437](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437>)4.3Warning \n[CVE-2020-6433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433>)4.3Warning \n[CVE-2020-6446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446>)4.3Warning \n[CVE-2020-6431](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431>)4.3Warning \n[CVE-2020-6455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455>)6.8High \n[CVE-2020-6439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439>)6.8High \n[CVE-2020-6430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430>)6.8High \n[CVE-2020-6448](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448>)6.8High \n[CVE-2020-6435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435>)4.3Warning \n[CVE-2020-6432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432>)4.3Warning \n[CVE-2020-6454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454>)6.8High \n[CVE-2020-6444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444>)6.8High \n[CVE-2020-6443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443>)6.8High \n[CVE-2020-6456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456>)4.3Warning \n[CVE-2020-6438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438>)4.3Warning \n[CVE-2020-6440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440>)4.3Warning \n[CVE-2020-6441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441>)4.3Warning \n[CVE-2020-6447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447>)6.8High \n[CVE-2020-6434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434>)6.8High \n[CVE-2020-6445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445>)4.3Warning \n[CVE-2020-6436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436>)6.8High \n[CVE-2020-6442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442>)4.3Warning \n[CVE-2020-6423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423>)6.8High \n[CVE-2020-6419](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6419>)6.8High \n[CVE-2020-6572](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6572>)9.3Critical", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-07T00:00:00", "type": "kaspersky", "title": "KLA11727 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6419", "CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6572"], "modified": "2020-09-10T00:00:00", "id": "KLA11727", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11727/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "chrome": [{"lastseen": "2021-12-30T22:31:44", "description": "The Chrome team is delighted to announce the promotion of Chrome 81 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. \n\n\nChrome 81.0.4044.92 contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/80.0.3987.163..81.0.4044.92?pretty=fuller&n=10000>). Watch out for upcoming[ Chrome](<https://chrome.blogspot.com/>) and[ Chromium](<https://blog.chromium.org/>) blog posts about new features and big efforts delivered in 81. \n\n\n\n\n\n**Security Fixes and Rewards**\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven&#x27;t yet fixed.\n\n** \n** \n\n\nThis update includes [32](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call+label%3ARelease-0-M81>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n** \n\n\n[$7500][[1019161](<https://crbug.com/1019161>)] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29\n\n[$5000][[1043446](<https://crbug.com/1043446>)] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18\n\n[$3000][[1059669](<https://crbug.com/1059669>)] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09 \n[$2000][[1040325](<https://crbug.com/1040325>)] High CVE-2020-6419: Out of bounds read and write in V8. Reported by David Manouchehri on 2020-01-09\n\n[$N/A] [[1066893](<https://crbug.com/1066893>)] High CVE-2020-6572: Use after free in media. Reported by Anonymous on 2020-04-01\n\n[$2000][[1031479](<https://crbug.com/1031479>)] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06\n\n[$2000][[1040755](<https://crbug.com/1040755>)] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Micha\u0142 Bentkowski of Securitum on 2020-01-10\n\n[$1000][[852645](<https://crbug.com/852645>)] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14\n\n[$1000][[965611](<https://crbug.com/965611>)] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21\n\n[$1000][[1043965](<https://crbug.com/1043965>)] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21\n\n[$500][[1048555](<https://crbug.com/1048555>)] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04\n\n[$N/A][[1032158](<https://crbug.com/1032158>)] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09\n\n[$TBD][[1034519](<https://crbug.com/1034519>)] Medium CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov from Vivaldi on 2019-12-16\n\n[$500][[639173](<https://crbug.com/639173>)] Low CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19\n\n[$500][[714617](<https://crbug.com/714617>)] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24\n\n[$500][[868145](<https://crbug.com/868145>)] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26\n\n[$500][[894477](<https://crbug.com/894477>)] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11\n\n[$500][[959571](<https://crbug.com/959571>)] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04\n\n[$500][[1013906](<https://crbug.com/1013906>)] Low CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey on 2019-10-12\n\n[$500][[1040080](<https://crbug.com/1040080>)] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08\n\n[$N/A][[922882](<https://crbug.com/922882>)] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17\n\n[$N/A][[933171](<https://crbug.com/933171>)] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18\n\n[$N/A][[933172](<https://crbug.com/933172>)] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18\n\n[$N/A][[991217](<https://crbug.com/991217>)] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06\n\n[$N/A][[1037872](<https://crbug.com/1037872>)] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26\n\n** \n** \n\n\nThanks also to Hosein Askari for identifying a [vulnerability](<https://crbug.com/1058895>) with the Chromium website.\n\n** \n** \n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1067891](<https://crbug.com/1067891>)] Various fixes from internal audits, fuzzing and other initiatives\n\n** \n** \n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\nThank you,\n\nPrudhvikumar Bommana", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-07T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6419", "CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6572"], "modified": "2020-04-07T00:00:00", "id": "GCSA-4697812152063391612", "href": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:40:18", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 81.0.4044.92.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in audio (CVE-2020-6423)\n\n* chromium-browser: Use after free in extensions (CVE-2020-6454)\n\n* chromium-browser: Out of bounds read in WebSQL (CVE-2020-6455)\n\n* chromium-browser: Type Confusion in V8 (CVE-2020-6430)\n\n* chromium-browser: Insufficient policy enforcement in full screen (CVE-2020-6431)\n\n* chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6432)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6433)\n\n* chromium-browser: Use after free in devtools (CVE-2020-6434)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6435)\n\n* chromium-browser: Use after free in window management (CVE-2020-6436)\n\n* chromium-browser: Insufficient validation of untrusted input in clipboard (CVE-2020-6456)\n\n* chromium-browser: Inappropriate implementation in WebView (CVE-2020-6437)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6438)\n\n* chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6439)\n\n* chromium-browser: Inappropriate implementation in extensions (CVE-2020-6440)\n\n* chromium-browser: Insufficient policy enforcement in omnibox (CVE-2020-6441)\n\n* chromium-browser: Inappropriate implementation in cache (CVE-2020-6442)\n\n* chromium-browser: Insufficient data validation in developer tools (CVE-2020-6443)\n\n* chromium-browser: Uninitialized use in WebRTC (CVE-2020-6444)\n\n* chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6445)\n\n* chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6446)\n\n* chromium-browser: Inappropriate implementation in developer tools (CVE-2020-6447)\n\n* chromium-browser: Use after free in V8 (CVE-2020-6448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-16T06:55:24", "type": "redhat", "title": "(RHSA-2020:1487) Important: chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6419", "CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-06-08T09:24:14", "id": "RHSA-2020:1487", "href": "https://access.redhat.com/errata/RHSA-2020:1487", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:41:22", "description": "An update that fixes 26 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium was updated to 81.0.4044.92 boo#1168911:\n\n * CVE-2020-6454: Use after free in extensions\n * CVE-2020-6423: Use after free in audio\n * CVE-2020-6455: Out of bounds read in WebSQL\n * CVE-2020-6430: Type Confusion in V8\n * CVE-2020-6456: Insufficient validation of untrusted input in clipboard\n * CVE-2020-6431: Insufficient policy enforcement in full screen\n * CVE-2020-6432: Insufficient policy enforcement in navigations\n * CVE-2020-6433: Insufficient policy enforcement in extensions\n * CVE-2020-6434: Use after free in devtools\n * CVE-2020-6435: Insufficient policy enforcement in extensions\n * CVE-2020-6436: Use after free in window management\n * CVE-2020-6437: Inappropriate implementation in WebView\n * CVE-2020-6438: Insufficient policy enforcement in extensions\n * CVE-2020-6439: Insufficient policy enforcement in navigations\n * CVE-2020-6440: Inappropriate implementation in extensions\n * CVE-2020-6441: Insufficient policy enforcement in omnibox\n * CVE-2020-6442: Inappropriate implementation in cache\n * CVE-2020-6443: Insufficient data validation in developer tools\n * CVE-2020-6444: Uninitialized Use in WebRTC\n * CVE-2020-6445: Insufficient policy enforcement in trusted types\n * CVE-2020-6446: Insufficient policy enforcement in trusted types\n * CVE-2020-6447: Inappropriate implementation in developer tools\n * CVE-2020-6448: Use after free in V8\n\n Chromium was updated to 80.0.3987.162 boo#1168421:\n\n * CVE-2020-6450: Use after free in WebAudio.\n * CVE-2020-6451: Use after free in WebAudio.\n * CVE-2020-6452: Heap buffer overflow in media.\n\n - Use a symbolic icon for GNOME\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-519=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6450", "CVE-2020-6451", "CVE-2020-6452", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-04-15T00:00:00", "id": "OPENSUSE-SU-2020:0519-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAKCPEJQA3VJJ2VNICHLV5YRCLKMZYQ6/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-13T00:52:56", "description": "An update that fixes 26 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium was updated to 81.0.4044.92 boo#1168911:\n\n * CVE-2020-6454: Use after free in extensions\n * CVE-2020-6423: Use after free in audio\n * CVE-2020-6455: Out of bounds read in WebSQL\n * CVE-2020-6430: Type Confusion in V8\n * CVE-2020-6456: Insufficient validation of untrusted input in clipboard\n * CVE-2020-6431: Insufficient policy enforcement in full screen\n * CVE-2020-6432: Insufficient policy enforcement in navigations\n * CVE-2020-6433: Insufficient policy enforcement in extensions\n * CVE-2020-6434: Use after free in devtools\n * CVE-2020-6435: Insufficient policy enforcement in extensions\n * CVE-2020-6436: Use after free in window management\n * CVE-2020-6437: Inappropriate implementation in WebView\n * CVE-2020-6438: Insufficient policy enforcement in extensions\n * CVE-2020-6439: Insufficient policy enforcement in navigations\n * CVE-2020-6440: Inappropriate implementation in extensions\n * CVE-2020-6441: Insufficient policy enforcement in omnibox\n * CVE-2020-6442: Inappropriate implementation in cache\n * CVE-2020-6443: Insufficient data validation in developer tools\n * CVE-2020-6444: Uninitialized Use in WebRTC\n * CVE-2020-6445: Insufficient policy enforcement in trusted types\n * CVE-2020-6446: Insufficient policy enforcement in trusted types\n * CVE-2020-6447: Inappropriate implementation in developer tools\n * CVE-2020-6448: Use after free in V8\n\n Chromium was updated to 80.0.3987.162 boo#1168421:\n\n * CVE-2020-6450: Use after free in WebAudio.\n * CVE-2020-6451: Use after free in WebAudio.\n * CVE-2020-6452: Heap buffer overflow in media.\n\n - Use a symbolic icon for GNOME\n\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-540=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-19T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6450", "CVE-2020-6451", "CVE-2020-6452", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-04-19T00:00:00", "id": "OPENSUSE-SU-2020:0540-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IAAT3MZYTALQ3ILCHMGAM3ZF7UWCYRNX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Chromium-browser 81.0.4044.92 fixes security issues: Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6423, CVE-2020-6430, CVE-2020-6431, CVE-2020-6432, CVE-2020-6433, CVE-2020-6434, CVE-2020-6435, CVE-2020-6436, CVE-2020-6437, CVE-2020-6438, CVE-2020-6439, CVE-2020-6440, CVE-2020-6441, CVE-2020-6442, CVE-2020-6443, CVE-2020-6444, CVE-2020-6445, CVE-2020-6446, CVE-2020-6447, CVE-2020-6448, CVE-2020-6450, CVE-2020-6451, CVE-2020-6452, CVE-2020-6454, CVE-2020-6455, CVE-2020-6456) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-16T23:01:23", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6450", "CVE-2020-6451", "CVE-2020-6452", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-04-16T23:01:23", "id": "MGASA-2020-0174", "href": "https://advisories.mageia.org/MGASA-2020-0174.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:02:08", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted HTML or multimedia file using Chromium or Google Chrome, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-81.0.4044.92\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-81.0.4044.92\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-10T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6450", "CVE-2020-6451", "CVE-2020-6452", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456"], "modified": "2020-04-10T00:00:00", "id": "GLSA-202004-09", "href": "https://security.gentoo.org/glsa/202004-09", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T18:41:39", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-05-03T04:41:39", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: chromium-81.0.4044.122-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460"], "modified": "2020-05-03T04:41:39", "id": "FEDORA:1E7B860877B2", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:39", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-04-28T02:34:05", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-81.0.4044.122-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460"], "modified": "2020-04-28T02:34:05", "id": "FEDORA:7D6D56068146", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:39", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-05-17T03:49:25", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: chromium-81.0.4044.138-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6462", "CVE-2020-6464"], "modified": "2020-05-17T03:49:25", "id": "FEDORA:A07B96077AF9", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-11-30T10:17:04", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4714-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 01, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432\n CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436\n CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440\n CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444\n CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448\n CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457\n CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461\n CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465\n CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469\n CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473\n CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478\n CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482\n CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486\n CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490\n CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495\n CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505\n CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2020-6423\n\n A use-after-free issue was found in the audio implementation.\n\nCVE-2020-6430\n\n Avihay Cohen discovered a type confusion issue in the v8 javascript\n library.\n\nCVE-2020-6431\n\n Luan Herrera discovered a policy enforcement error.\n\nCVE-2020-6432\n\n Luan Herrera discovered a policy enforcement error.\n\nCVE-2020-6433\n\n Luan Herrera discovered a policy enforcement error in extensions.\n\nCVE-2020-6434\n\n HyungSeok Han discovered a use-after-free issue in the developer tools.\n\nCVE-2020-6435\n\n Sergei Glazunov discovered a policy enforcement error in extensions.\n\nCVE-2020-6436\n\n Igor Bukanov discovered a use-after-free issue.\n\nCVE-2020-6437\n\n Jann Horn discovered an implementation error in WebView.\n\nCVE-2020-6438\n\n Ng Yik Phang discovered a policy enforcement error in extensions.\n\nCVE-2020-6439\n\n remkoboonstra discovered a policy enforcement error.\n\nCVE-2020-6440\n\n David Erceg discovered an implementation error in extensions.\n\nCVE-2020-6441\n\n David Erceg discovered a policy enforcement error.\n\nCVE-2020-6442\n\n B@rMey discovered an implementation error in the page cache.\n\nCVE-2020-6443\n\n @lovasoa discovered an implementation error in the developer tools.\n\nCVE-2020-6444\n\n mlfbrown discovered an uninitialized variable in the WebRTC\n implementation.\n\nCVE-2020-6445\n\n Jun Kokatsu discovered a policy enforcement error.\n\nCVE-2020-6446\n\n Jun Kokatsu discovered a policy enforcement error.\n\nCVE-2020-6447\n\n David Erceg discovered an implementation error in the developer tools.\n\nCVE-2020-6448\n\n Guang Gong discovered a use-after-free issue in the v8 javascript library.\n\nCVE-2020-6454\n\n Leecraso and Guang Gong discovered a use-after-free issue in extensions.\n\nCVE-2020-6455\n\n Nan Wang and Guang Gong discovered an out-of-bounds read issue in the\n WebSQL implementation.\n\nCVE-2020-6456\n\n Micha\u0142 Bentkowski discovered insufficient validation of untrusted input.\n\nCVE-2020-6457\n\n Leecraso and Guang Gong discovered a use-after-free issue in the speech\n recognizer.\n\nCVE-2020-6458\n\n Aleksandar Nikolic discoved an out-of-bounds read and write issue in the\n pdfium library.\n\nCVE-2020-6459\n\n Zhe Jin discovered a use-after-free issue in the payments implementation.\n\nCVE-2020-6460\n\n It was discovered that URL formatting was insufficiently validated.\n\nCVE-2020-6461\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2020-6462\n\n Zhe Jin discovered a use-after-free issue in task scheduling.\n\nCVE-2020-6463\n\n Pawel Wylecial discovered a use-after-free issue in the ANGLE library.\n\nCVE-2020-6464\n\n Looben Yang discovered a type confusion issue in Blink/Webkit.\n\nCVE-2020-6465\n\n Woojin Oh discovered a use-after-free issue.\n\nCVE-2020-6466\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2020-6467\n\n ZhanJia Song discovered a use-after-free issue in the WebRTC\n implementation.\n\nCVE-2020-6468\n\n Chris Salls and Jake Corina discovered a type confusion issue in the v8\n javascript library.\n\nCVE-2020-6469\n\n David Erceg discovered a policy enforcement error in the developer tools.\n\nCVE-2020-6470\n\n Micha\u0142 Bentkowski discovered insufficient validation of untrusted input.\n\nCVE-2020-6471\n\n David Erceg discovered a policy enforcement error in the developer tools.\n\nCVE-2020-6472\n\n David Erceg discovered a policy enforcement error in the developer tools.\n\nCVE-2020-6473\n\n Soroush Karami and Panagiotis Ilia discovered a policy enforcement error\n in Blink/Webkit.\n\nCVE-2020-6474\n\n Zhe Jin discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2020-6475\n\n Khalil Zhani discovered a user interface error.\n\nCVE-2020-6476\n\n Alexandre Le Borgne discovered a policy enforcement error.\n\nCVE-2020-6478\n\n Khalil Zhani discovered an implementation error in full screen mode.\n\nCVE-2020-6479\n\n Zhong Zhaochen discovered an implementation error.\n\nCVE-2020-6480\n\n Marvin Witt discovered a policy enforcement error.\n\nCVE-2020-6481\n\n Rayyan Bijoora discovered a policy enforcement error.\n\nCVE-2020-6482\n\n Abdulrahman Alqabandi discovered a policy enforcement error in the\n developer tools.\n\nCVE-2020-6483\n\n Jun Kokatsu discovered a policy enforcement error in payments.\n\nCVE-2020-6484\n\n Artem Zinenko discovered insufficient validation of user data in the\n ChromeDriver implementation.\n\nCVE-2020-6485\n\n Sergei Glazunov discovered a policy enforcement error.\n\nCVE-2020-6486\n\n David Erceg discovered a policy enforcement error.\n\nCVE-2020-6487\n\n Jun Kokatsu discovered a policy enforcement error.\n\nCVE-2020-6488\n\n David Erceg discovered a policy enforcement error.\n\nCVE-2020-6489\n\n @lovasoa discovered an implementation error in the developer tools.\n\nCVE-2020-6490\n\n Insufficient validation of untrusted data was discovered.\n\nCVE-2020-6491\n\n Sultan Haikal discovered a user interface error.\n\nCVE-2020-6493\n\n A use-after-free issue was discovered in the WebAuthentication\n implementation.\n\nCVE-2020-6494\n\n Juho Nurimen discovered a user interface error.\n\nCVE-2020-6495\n\n David Erceg discovered a policy enforcement error in the developer tools.\n\nCVE-2020-6496\n\n Khalil Zhani discovered a use-after-free issue in payments.\n\nCVE-2020-6497\n\n Rayyan Bijoora discovered a policy enforcement issue.\n\nCVE-2020-6498\n\n Rayyan Bijoora discovered a user interface error.\n\nCVE-2020-6505\n\n Khalil Zhani discovered a use-after-free issue.\n\nCVE-2020-6506\n\n Alesandro Ortiz discovered a policy enforcement error.\n\nCVE-2020-6507\n\n Sergei Glazunov discovered an out-of-bounds write issue in the v8\n javascript library.\n\nCVE-2020-6509\n\n A use-after-free issue was discovered in extensions.\n\nCVE-2020-6831\n\n Natalie Silvanovich discovered a buffer overflow issue in the SCTP\n library.\n\nFor the oldstable distribution (stretch), security support for chromium\nhas been discontinued.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 83.0.4103.116-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-02T01:58:01", "type": "debian", "title": "[SECURITY] [DSA 4714-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6462", "CVE-2020-6463", "CVE-2020-6464", "CVE-2020-6465", "CVE-2020-6466", "CVE-2020-6467", "CVE-2020-6468", "CVE-2020-6469", "CVE-2020-6470", "CVE-2020-6471", "CVE-2020-6472", "CVE-2020-6473", "CVE-2020-6474", "CVE-2020-6475", "CVE-2020-6476", "CVE-2020-6478", "CVE-2020-6479", "CVE-2020-6480", "CVE-2020-6481", "CVE-2020-6482", "CVE-2020-6483", "CVE-2020-6484", "CVE-2020-6485", "CVE-2020-6486", "CVE-2020-6487", "CVE-2020-6488", "CVE-2020-6489", "CVE-2020-6490", "CVE-2020-6491", "CVE-2020-6493", "CVE-2020-6494", "CVE-2020-6495", "CVE-2020-6496", "CVE-2020-6497", "CVE-2020-6498", "CVE-2020-6505", "CVE-2020-6506", "CVE-2020-6507", "CVE-2020-6509", "CVE-2020-6831"], "modified": "2020-07-02T01:58:01", "id": "DEBIAN:DSA-4714-1:832A3", "href": "https://lists.debian.org/debian-security-announce/2020/msg00118.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T21:41:24", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4714-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 01, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432\n CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436\n CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440\n CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444\n CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448\n CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457\n CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461\n CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465\n CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469\n CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473\n CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478\n CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482\n CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486\n CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490\n CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495\n CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505\n CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2020-6423\n\n A use-after-free issue was found in the audio implementation.\n\nCVE-2020-6430\n\n Avihay Cohen discovered a type confusion issue in the v8 javascript\n library.\n\nCVE-2020-6431\n\n Luan Herrera discovered a policy enforcement error.\n\nCVE-2020-6432\n\n Luan Herrera discovered a policy enforcement error.\n\nCVE-2020-6433\n\n Luan Herrera discovered a policy enforcement error in extensions.\n\nCVE-2020-6434\n\n HyungSeok Han discovered a use-after-free issue in the developer tools.\n\nCVE-2020-6435\n\n Sergei Glazunov discovered a policy enforcement error in extensions.\n\nCVE-2020-6436\n\n Igor Bukanov discovered a use-after-free issue.\n\nCVE-2020-6437\n\n Jann Horn discovered an implementation error in WebView.\n\nCVE-2020-6438\n\n Ng Yik Phang discovered a policy enforcement error in extensions.\n\nCVE-2020-6439\n\n remkoboonstra discovered a policy enforcement error.\n\nCVE-2020-6440\n\n David Erceg discovered an implementation error in extensions.\n\nCVE-2020-6441\n\n David Erceg discovered a policy enforcement error.\n\nCVE-2020-6442\n\n B@rMey discovered an implementation error in the page cache.\n\nCVE-2020-6443\n\n @lovasoa discovered an implementation error in the developer tools.\n\nCVE-2020-6444\n\n mlfbrown discovered an uninitialized variable in the WebRTC\n implementation.\n\nCVE-2020-6445\n\n Jun Kokatsu discovered a policy enforcement error.\n\nCVE-2020-6446\n\n Jun Kokatsu discovered a policy enforcement error.\n\nCVE-2020-6447\n\n David Erceg discovered an implementation error in the developer tools.\n\nCVE-2020-6448\n\n Guang Gong discovered a use-after-free issue in the v8 javascript library.\n\nCVE-2020-6454\n\n Leecraso and Guang Gong discovered a use-after-free issue in extensions.\n\nCVE-2020-6455\n\n Nan Wang and Guang Gong discovered an out-of-bounds read issue in the\n WebSQL implementation.\n\nCVE-2020-6456\n\n Micha\u0142 Bentkowski discovered insufficient validation of untrusted input.\n\nCVE-2020-6457\n\n Leecraso and Guang Gong discovered a use-after-free issue in the speech\n recognizer.\n\nCVE-2020-6458\n\n Aleksandar Nikolic discoved an out-of-bounds read and write issue in the\n pdfium library.\n\nCVE-2020-6459\n\n Zhe Jin discovered a use-after-free issue in the payments implementation.\n\nCVE-2020-6460\n\n It was discovered that URL formatting was insufficiently validated.\n\nCVE-2020-6461\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2020-6462\n\n Zhe Jin discovered a use-after-free issue in task scheduling.\n\nCVE-2020-6463\n\n Pawel Wylecial discovered a use-after-free issue in the ANGLE library.\n\nCVE-2020-6464\n\n Looben Yang discovered a type confusion issue in Blink/Webkit.\n\nCVE-2020-6465\n\n Woojin Oh discovered a use-after-free issue.\n\nCVE-2020-6466\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2020-6467\n\n ZhanJia Song discovered a use-after-free issue in the WebRTC\n implementation.\n\nCVE-2020-6468\n\n Chris Salls and Jake Corina discovered a type confusion issue in the v8\n javascript library.\n\nCVE-2020-6469\n\n David Erceg discovered a policy enforcement error in the developer tools.\n\nCVE-2020-6470\n\n Micha\u0142 Bentkowski discovered insufficient validation of untrusted input.\n\nCVE-2020-6471\n\n David Erceg discovered a policy enforcement error in the developer tools.\n\nCVE-2020-6472\n\n David Erceg discovered a policy enforcement error in the developer tools.\n\nCVE-2020-6473\n\n Soroush Karami and Panagiotis Ilia discovered a policy enforcement error\n in Blink/Webkit.\n\nCVE-2020-6474\n\n Zhe Jin discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2020-6475\n\n Khalil Zhani discovered a user interface error.\n\nCVE-2020-6476\n\n Alexandre Le Borgne discovered a policy enforcement error.\n\nCVE-2020-6478\n\n Khalil Zhani discovered an implementation error in full screen mode.\n\nCVE-2020-6479\n\n Zhong Zhaochen discovered an implementation error.\n\nCVE-2020-6480\n\n Marvin Witt discovered a policy enforcement error.\n\nCVE-2020-6481\n\n Rayyan Bijoora discovered a policy enforcement error.\n\nCVE-2020-6482\n\n Abdulrahman Alqabandi discovered a policy enforcement error in the\n developer tools.\n\nCVE-2020-6483\n\n Jun Kokatsu discovered a policy enforcement error in payments.\n\nCVE-2020-6484\n\n Artem Zinenko discovered insufficient validation of user data in the\n ChromeDriver implementation.\n\nCVE-2020-6485\n\n Sergei Glazunov discovered a policy enforcement error.\n\nCVE-2020-6486\n\n David Erceg discovered a policy enforcement error.\n\nCVE-2020-6487\n\n Jun Kokatsu discovered a policy enforcement error.\n\nCVE-2020-6488\n\n David Erceg discovered a policy enforcement error.\n\nCVE-2020-6489\n\n @lovasoa discovered an implementation error in the developer tools.\n\nCVE-2020-6490\n\n Insufficient validation of untrusted data was discovered.\n\nCVE-2020-6491\n\n Sultan Haikal discovered a user interface error.\n\nCVE-2020-6493\n\n A use-after-free issue was discovered in the WebAuthentication\n implementation.\n\nCVE-2020-6494\n\n Juho Nurimen discovered a user interface error.\n\nCVE-2020-6495\n\n David Erceg discovered a policy enforcement error in the developer tools.\n\nCVE-2020-6496\n\n Khalil Zhani discovered a use-after-free issue in payments.\n\nCVE-2020-6497\n\n Rayyan Bijoora discovered a policy enforcement issue.\n\nCVE-2020-6498\n\n Rayyan Bijoora discovered a user interface error.\n\nCVE-2020-6505\n\n Khalil Zhani discovered a use-after-free issue.\n\nCVE-2020-6506\n\n Alesandro Ortiz discovered a policy enforcement error.\n\nCVE-2020-6507\n\n Sergei Glazunov discovered an out-of-bounds write issue in the v8\n javascript library.\n\nCVE-2020-6509\n\n A use-after-free issue was discovered in extensions.\n\nCVE-2020-6831\n\n Natalie Silvanovich discovered a buffer overflow issue in the SCTP\n library.\n\nFor the oldstable distribution (stretch), security support for chromium\nhas been discontinued.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 83.0.4103.116-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-02T01:58:01", "type": "debian", "title": "[SECURITY] [DSA 4714-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6462", "CVE-2020-6463", "CVE-2020-6464", "CVE-2020-6465", "CVE-2020-6466", "CVE-2020-6467", "CVE-2020-6468", "CVE-2020-6469", "CVE-2020-6470", "CVE-2020-6471", "CVE-2020-6472", "CVE-2020-6473", "CVE-2020-6474", "CVE-2020-6475", "CVE-2020-6476", "CVE-2020-6478", "CVE-2020-6479", "CVE-2020-6480", "CVE-2020-6481", "CVE-2020-6482", "CVE-2020-6483", "CVE-2020-6484", "CVE-2020-6485", "CVE-2020-6486", "CVE-2020-6487", "CVE-2020-6488", "CVE-2020-6489", "CVE-2020-6490", "CVE-2020-6491", "CVE-2020-6493", "CVE-2020-6494", "CVE-2020-6495", "CVE-2020-6496", "CVE-2020-6497", "CVE-2020-6498", "CVE-2020-6505", "CVE-2020-6506", "CVE-2020-6507", "CVE-2020-6509", "CVE-2020-6831"], "modified": "2020-07-02T01:58:01", "id": "DEBIAN:DSA-4714-1:13A79", "href": "https://lists.debian.org/debian-security-announce/2020/msg00118.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2021-12-06T18:25:12", "description": "**Please note:** Starting 1/21/2021, we will be releasing the Chrome CVEs that are included in the new releases of Microsoft Edge (Chromium-based) directly in the Security Update Guide. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>) for more information.\n\nThis advisory will be updated whenever Microsoft releases a version of Microsoft Edge (Chromium-based) which incorporates publicly disclosed security updates from the Chromium project. Microsoft will document separately any vulnerabilities in Microsoft Edge (Chromium-based), that are not in Chromium, under a Microsoft-assigned CVE number (see, for example: [CVE-2020-1341](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/cve-2020-1341>)).\n\n**History of Microsoft Edge (Chromium-based) Security Updates**\n\nMicrosoft Edge Version | Date Released | Based on Chromium Version | Highest Severity Fix in Release | CVEs \n---|---|---|---|--- \n87.0.664.75 | 1/7/2021 | 87.0.4280.141 | High | [CVE-2021-21106](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21106>), [CVE-2021-21107](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21107>), [CVE-2021-21108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21108>), [CVE-2021-21109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21109>), [CVE-2021-21110](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21110>), [CVE-2021-21111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21111>), [CVE-2021-21112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21112>), [CVE-2021-21113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21113>), [CVE-2021-21114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21114>), [CVE-2021-21115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21115>), [CVE-2021-21116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21116>), [CVE-2020-16043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16043>), [CVE-2020-15995](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15995>) \n87.0.664.57 | 12/7/2020 | 87.0.4280.88 | High | [CVE-2020-16037](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037>), [CVE-2020-16038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038>), [CVE-2020-16039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039>), [CVE-2020-16040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040>), [CVE-2020-16041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041>), [CVE-2020-16042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042>) \n87.0.664.41 | 11/19/2020 | 87.0.4280.66 for Windows and Linux, 87.0.4280.67 for Mac | High | [CVE-2019-8075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8075>), [CVE-2020-16012](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012>), [CVE-2020-16014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014>), [CVE-2020-16015](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015>), [CVE-2020-16018](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018>), [CVE-2020-16022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022>), [CVE-2020-16023](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023>), [CVE-2020-16024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024>), [CVE-2020-16025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025>), [CVE-2020-16026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026>), [CVE-2020-16027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027>), [CVE-2020-16028](<https://cve.mitre.org/ci-bin/cvename.cgi?name=CVE-2020-16028>), [CVE-2020-16029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029>), [CVE-2020-16030](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030>), [CVE-2020-16031](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031>), [CVE-2020-16032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032>), [CVE-2020-16033](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033>), [CVE-2020-16034](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034>), [CVE-2020-16036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036>) \n86.0.622.69 | 11/13/2020 | 86.0.4240.198 | High | [**CVE-2020-16013**](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013>) *, [**CVE-2020-16017**](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017>) * \n86.0.622.68 | 11/11/2020 | 86.0.4240.193 | High | [CVE-2020-16016](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016>) \n86.0.622.63 | 11/4/2020 | 86.0.4240.183 | High | [CVE-2020-16004](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004>), [CVE-2020-16005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005>), [CVE-2020-16006](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006>), [CVE-2020-16007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16007>), [CVE-2020-16008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008>), [**CVE-2020-16009**](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009>) *, [CVE-2020-16011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011>) \n86.0.622.51 | 10/22/2020 | 86.0.4240.111 | High | [**CVE-2020-15999**](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999>) *, [CVE-2020-16000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000>), [CVE-2020-16001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001>), [CVE-2020-16002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002>), [CVE-2020-16003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003>) \n86.0.622.38 | 10/8/2020 | 86.0.4240.75 | High | [CVE-2020-6557](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557>), [CVE-2020-15968](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968>), [CVE-2020-15969](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969>), [CVE-2020-15971](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971>), [CVE-2020-15972](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972>), [CVE-2020-15973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973>), [CVE-2020-15974](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974>), [CVE-2020-15975](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975>), [CVE-2020-15977](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977>), [CVE-2020-15979](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979>), [CVE-2020-15981](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981>), [CVE-2020-15982](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982>), [CVE-2020-15985](<https://cve.mitre.org/cgi-bin/cvenamecgi?name=CVE-2020-15985>), [CVE-2020-15987](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987>), [CVE-2020-15988](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988>), [CVE-2020-15989](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989>), [CVE-2020-15990](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990>), [CVE-2020-15991](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991>), [CVE-2020-15992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992>) \n85.0.564.63 | 9/23/2020 | 85.0.4183.121 | High | [CVE-2020-15960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960>), [CVE-2020-15961](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961>), [CVE-2020-15962](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962>), [CVE-2020-15963](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963>), [CVE-2020-15964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964>), [CVE-2020-15965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965>), [CVE-2020-15966](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966>) \n85.0.564.51 | 9/9/2020 | 85.0.4183.102 | High | [CVE-2020-6574](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6574>), [CVE-2020-6575](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575>), [CVE-2020-6576](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576>), [CVE-2020-15959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959>) \n85.0.564.41 | 8/27/2020 | 85.0.4183.83 | High | [CVE-2020-6558](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6558>), [CVE-2020-6559](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559>), [CVE-2020-6560](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560>), [CVE-2020-6561](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561>), [CVE-2020-6562](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562>), [CVE-2020-6563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563>), [CVE-2020-6564](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564>), [CVE-2020-6566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566>), [CVE-2020-6567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567>), [CVE-2020-6568](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568>), [CVE-2020-6569](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569>), [CVE-2020-6570](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570>), [CVE-2020-6571](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571>) \n84.0.522.63 | 8/20/2020 | 84.0.4147.135 | High | [CVE-2020-6556](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556>) \n84.0.522.59 | 8/11/2020 | 84.0.4147.125 | High | [CVE-2020-6542](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542>), [CVE-2020-6543](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543>), [CVE-2020-6544](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544>), [CVE-2020-6545](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545>), [CVE-2020-6546](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6546>), [CVE-2020-6547](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547>), [CVE-2020-6548](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548>), [CVE-2020-6549](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549>), [CVE-2020-6550](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550>), [CVE-2020-6551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551>), [CVE-2020-6552](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552>), [CVE-2020-6553](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553>), [CVE-2020-6554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554>), [CVE-2020-6555](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555>) \n84.0.522.49 | 7/30/2020 | 84.0.4147.105 | High | [CVE-2020-6532](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532>), [CVE-2020-6537](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537>), [CVE-2020-6538](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538>), [CVE-2020-6539](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539>), [CVE-2020-6540](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540>), [CVE-2020-6541](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541>) \n84.0.522.40 | 7/16/2020 | 84.0.4147.89 | Critical | [CVE-2020-6510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510>), [CVE-2020-6511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511>), [CVE-2020-6512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512>), [CVE-2020-6513](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513>), [CVE-2020-6514](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514>), [CVE-2020-6515](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515>), [CVE-2020-6516](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516>), [CVE-2020-6517](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517>), [CVE-2020-6518](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518>), [CVE-2020-6519](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519>), [CVE-2020-6520](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520>), [CVE-2020-6521](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521>), [CVE-2020-6522](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522>), [CVE-2020-6523](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523>), [CVE-2020-6524](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524>), [CVE-2020-6525](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525>), [CVE-2020-6526](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526>), [CVE-2020-6527](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527>), [CVE-2020-6528](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528>), [CVE-2020-6529](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529>), [CVE-2020-6530](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530>), [CVE-2020-6531](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531>), [CVE-2020-6533](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533>), [CVE-2020-6534](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534>), [CVE-2020-6535](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535>), [CVE-2020-6536](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536>) \n83.0.478.56 | 6/24/2020 | 83.0.4103.116 | High | [CVE-2020-6509](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6509>) \n83.0.478.53 | 6/17/2020 | 83.0.4103.106 | High | [CVE-2020-6505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6505>), [CVE-2020-6506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6506>), [CVE-2020-6507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6507>) \n83.0.478.45 | 6/4/2020 | 83.0.4103.97 | High | [CVE-2020-6493](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6493>), [CVE-2020-6494](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6494>), [CVE-2020-6495](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6495>), [CVE-2020-6496](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6496>) \n83.0.478.37 | 5/21/2020 | 83.0.4103.61 | High | [CVE-2020-6465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6465>), [CVE-2020-6466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6466>), [CVE-2020-6467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6467>), [CVE-2020-6468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6468>), [CVE-2020-6469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6469>), [CVE-2020-6470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6470>), [CVE-2020-6471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6471>), [CVE-2020-6472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6472>), [CVE-2020-6473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6473>), [CVE-2020-6474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6474>), [CVE-2020-6475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6475>), [CVE-2020-6476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6476>), [CVE-2020-6478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6478>), [CVE-2020-6479](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6479>), [CVE-2020-6480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6480>), [CVE-2020-6481](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6481>), [CVE-2020-6482](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6482>), [CVE-2020-6483](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6483>), [CVE-2020-6484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6484>), [CVE-2020-6486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6486>), [CVE-2020-6487](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6487>), [CVE-2020-6488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6488>), [CVE-2020-6489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6489>), [CVE-2020-6490](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-640>) \n81.0.416.72 | 5/7/2020 | 81.0.4044.138 | High | [CVE-2020-6831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831>), [CVE-2020-6464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6464>) \n81.0.416.68 | 4/29/2020 | 81.0.4044.129 | High | [CVE-2020-6461](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6461>), [CVE-2020-6462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6462>) \n81.0.416.64 | 4/23/2020 | 81.0.4044.122 | High | [CVE-2020-6458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458>), [CVE-2020-6459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459>), [CVE-2020-6460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460>) \n81.0.416.58 | 4/17/2020 | 81.0.4044.113 | Critical | [CVE-2020-6457](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457>) \n81.0.416.53 | 4/13/2020 | 81.0.4044.92 | High | [CVE-2020-6454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454>), [CVE-2020-6423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423>), [CVE-2020-6455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455>), [CVE-2020-6430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430>), [CVE-2020-6456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456>), [CVE-2020-6431](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431>), [CVE-2020-6432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432>), [CVE-2020-6433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433>), [CVE-2020-6434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434>), [CVE-2020-6435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435>), [CVE-2020-6436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436>), [CVE-2020-6437](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437>), [CVE-2020-6438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438>), [CVE-2020-6439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439>), [CVE-2020-6440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440>), [CVE-2020-6441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441>), [CVE-2020-6442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442>), [CVE-2020-6443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443>), [CVE-2020-6444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444>), [CVE-2020-6445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445>), [CVE-2020-6446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446>), [CVE-2020-6447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447>), [CVE-2020-6448](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448>) \n80.0.361.109 | 4/1/2020 | 80.0.3987.162 | High | [CVE-2020-6450](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6450>), [CVE-2020-6451](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6451>), [CVE-2020-6452](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6452>) \n80.0.361.69 | 3/19/2020 | 80.0.3987.149 | High | [CVE-2020-6422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6422>), [CVE-2020-6424](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6424>), [CVE-2020-6425](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6425>), [CVE-2020-6426](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6426>), [CVE-2020-6427](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6427>), [CVE-2020-6428](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6428>), [CVE-2020-6429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6429>), [CVE-2019-20503](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20503>), [CVE-2020-6449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6449>) \n80.0.361.66 | 3/4/2020 | 80.0.3987.132 | High | [CVE-2020-6420](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6420>) \n80.0.361.62 | 2/25/2020 | 80.0.3987.122 | High | [CVE-2020-6407](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407>), [**CVE-2020-6418**](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418>) * \n80.0.361.57 | 2/20/2020 | 80.0.3987.116 | High | [CVE-2020-6383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383>), [CVE-2020-6384](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384>), [CVE-2020-6386](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386>) \n80.0.361.48 | 2/7/2020 | 80.0.3987.87 | High | [CVE-2020-6381](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381>), [CVE-2020-6382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382>), [CVE-2019-18197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197>), [CVE-2019-19926](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926>), [CVE-2020-6385](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385>), [CVE-2019-19880](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880>), [CVE-2019-19925](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925>), [CVE-2020-6387](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387>), [CVE-2020-6388](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388>), [CVE-2020-6389](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389>), [CVE-2020-6390](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390>), [CVE-2020-6391](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391>), [CVE-2020-6392](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-202-6392>), [CVE-2020-6393](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393>), [CVE-2020-6394](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394>), [CVE-2020-6395](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395>), [CVE-2020-6396](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396>), [CVE-2020-6397](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397>), [CVE-2020-6398](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398>), [CVE-2020-6399](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399>), [CVE-2020-6400](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400>), [CVE-2020-6401](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401>), [CVE-2020-6402](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402>), [CVE-2020-6404](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404>), [CVE-2020-6405](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-220-6405>), [CVE-2020-6406](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406>), [CVE-2019-19923](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923>), [CVE-2020-6408](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408>), [CVE-2020-6409](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409>), [CVE-2020-6410](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410>), [CVE-2020-6411](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411>), [CVE-2020-6412](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412>), [CVE-2020-6413](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413>), [CVE-2020-6414](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414>), [CVE-2020-6415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415>), [CVE-2020-6416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416>), [CVE-2020-6417](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6417>) \n79.0.309.68 | 1/17/2020 | 79.0.3945.130 | Critical | [CVE-2020-6378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6378>), [CVE-2020-6379](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6379>), [CVE-2020-6380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6380>), [CVE-2020-0601](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601>) \n \n* CVE\u2019s in **bold** have been reported to be exploited in the wild.\n\n**How can I see the version of the browser?**\n\n 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window\n 2. Click on **Help and Feedback**\n 3. Click on **About Microsoft Edge**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-28T08:00:00", "type": "mscve", "title": "Chromium Security Updates for Microsoft Edge (Chromium-Based)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18197", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-20503", "CVE-2019-8075", "CVE-2020-0601", "CVE-2020-1341", "CVE-2020-15959", "CVE-2020-15960", "CVE-2020-15961", "CVE-2020-15962", "CVE-2020-15963", "CVE-2020-15964", "CVE-2020-15965", "CVE-2020-15966", "CVE-2020-15968", "CVE-2020-15969", "CVE-2020-15971", "CVE-2020-15972", "CVE-2020-15973", "CVE-2020-15974", "CVE-2020-15975", "CVE-2020-15977", "CVE-2020-15979", "CVE-2020-15981", "CVE-2020-15982", "CVE-2020-15985", "CVE-2020-15987", "CVE-2020-15988", "CVE-2020-15989", "CVE-2020-15990", "CVE-2020-15991", "CVE-2020-15992", "CVE-2020-15995", "CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011", "CVE-2020-16012", "CVE-2020-16013", "CVE-2020-16014", "CVE-2020-16015", "CVE-2020-16016", "CVE-2020-16017", "CVE-2020-16018", "CVE-2020-16022", "CVE-2020-16023", "CVE-2020-16024", "CVE-2020-16025", "CVE-2020-16026", "CVE-2020-16027", "CVE-2020-16028", "CVE-2020-16029", "CVE-2020-16030", "CVE-2020-16031", "CVE-2020-16032", "CVE-2020-16033", "CVE-2020-16034", "CVE-2020-16036", "CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042", "CVE-2020-16043", "CVE-2020-6378", "CVE-2020-6379", "CVE-2020-6380", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6383", "CVE-2020-6384", "CVE-2020-6385", "CVE-2020-6386", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6404", "CVE-2020-6405", "CVE-2020-6406", "CVE-2020-6407", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6417", "CVE-2020-6418", "CVE-2020-6420", "CVE-2020-6422", "CVE-2020-6423", "CVE-2020-6424", "CVE-2020-6425", "CVE-2020-6426", "CVE-2020-6427", "CVE-2020-6428", "CVE-2020-6429", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6449", "CVE-2020-6450", "CVE-2020-6451", "CVE-2020-6452", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6462", "CVE-2020-6464", "CVE-2020-6465", "CVE-2020-6466", "CVE-2020-6467", "CVE-2020-6468", "CVE-2020-6469", "CVE-2020-6470", "CVE-2020-6471", "CVE-2020-6472", "CVE-2020-6473", "CVE-2020-6474", "CVE-2020-6475", "CVE-2020-6476", "CVE-2020-6478", "CVE-2020-6479", "CVE-2020-6480", "CVE-2020-6481", "CVE-2020-6482", "CVE-2020-6483", "CVE-2020-6484", "CVE-2020-6486", "CVE-2020-6487", "CVE-2020-6488", "CVE-2020-6489", "CVE-2020-6490", "CVE-2020-6493", "CVE-2020-6494", "CVE-2020-6495", "CVE-2020-6496", "CVE-2020-6505", "CVE-2020-6506", "CVE-2020-6507", "CVE-2020-6509", "CVE-2020-6510", "CVE-2020-6511", "CVE-2020-6512", "CVE-2020-6513", "CVE-2020-6514", "CVE-2020-6515", "CVE-2020-6516", "CVE-2020-6517", "CVE-2020-6518", "CVE-2020-6519", "CVE-2020-6520", "CVE-2020-6521", "CVE-2020-6522", "CVE-2020-6523", "CVE-2020-6524", "CVE-2020-6525", "CVE-2020-6526", "CVE-2020-6527", "CVE-2020-6528", "CVE-2020-6529", "CVE-2020-6530", "CVE-2020-6531", "CVE-2020-6532", "CVE-2020-6533", "CVE-2020-6534", "CVE-2020-6535", "CVE-2020-6536", "CVE-2020-6537", "CVE-2020-6538", "CVE-2020-6539", "CVE-2020-6540", "CVE-2020-6541", "CVE-2020-6542", "CVE-2020-6543", "CVE-2020-6544", "CVE-2020-6545", "CVE-2020-6546", "CVE-2020-6547", "CVE-2020-6548", "CVE-2020-6549", "CVE-2020-6550", "CVE-2020-6551", "CVE-2020-6552", "CVE-2020-6553", "CVE-2020-6554", "CVE-2020-6555", "CVE-2020-6556", "CVE-2020-6557", "CVE-2020-6558", "CVE-2020-6559", "CVE-2020-6560", "CVE-2020-6561", "CVE-2020-6562", "CVE-2020-6563", "CVE-2020-6564", "CVE-2020-6566", "CVE-2020-6567", "CVE-2020-6568", "CVE-2020-6569", "CVE-2020-6570", "CVE-2020-6571", "CVE-2020-6574", "CVE-2020-6575", "CVE-2020-6576", "CVE-2020-6831", "CVE-2021-21106", "CVE-2021-21107", "CVE-2021-21108", "CVE-2021-21109", "CVE-2021-21110", "CVE-2021-21111", "CVE-2021-21112", "CVE-2021-21113", "CVE-2021-21114", "CVE-2021-21115", "CVE-2021-21116"], "modified": "2021-01-21T08:00:00", "id": "MS:ADV200002", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200002", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}