Ubuntu.comUB:CVE-2020-8910CVE-2020-8910
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
36.4%
A URL parsing issue in goog.uri of the Google Closure Library versions up
to and including v20200224 allows an attacker to send malicious URLs to be
parsed by the library and return the wrong authority. Mitigation: update
your library to version v20200315.
Notes
| Author | Note |
|---|---|
| alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu |
| mdeslaur | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap the third_party/google_input_tools directory doesn’t look like it is built in Ubuntu binary packages, marking as not-affected |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | qtwebengine-opensource-src | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | qtwebengine-opensource-src | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | qtwebengine-opensource-src | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | qtwebengine-opensource-src | < any | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
36.4%