Executive Summary
| Summary | |
|---|---|
| Title | chromium security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-4638 | First vendor Publication | 2020-03-10 |
| Vendor | Debian | Last vendor Modification | 2020-03-10 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 8.8 | ||
| Base Score | 8.8 | Environmental Score | 8.8 |
| impact SubScore | 5.9 | Temporal Score | 8.8 |
| Exploitabality Sub Score | 2.8 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library. CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library. CVE-2020-6381 UK's National Cyber Security Centre discovered an integer overflow issue in the v8 javascript library. CVE-2020-6382 Soyeon Park and Wen Xu discovered a type error in the v8 javascript library. CVE-2020-6383 Sergei Glazunov discovered a type error in the v8 javascript library. CVE-2020-6384 David Manoucheri discovered a use-after-free issue in WebAudio. CVE-2020-6385 Sergei Glazunov discovered a policy enforcement error. CVE-2020-6386 Zhe Jin discovered a use-after-free issue in speech processing. CVE-2020-6387 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation. CVE-2020-6388 Sergei Glazunov discovered an out-of-bounds read error in the WebRTC implementation. CVE-2020-6389 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation. CVE-2020-6390 Sergei Glazunov discovered an out-of-bounds read error. CVE-2020-6391 Michał Bentkowski discoverd that untrusted input was insufficiently validated. CVE-2020-6392 The Microsoft Edge Team discovered a policy enforcement error. CVE-2020-6393 Mark Amery discovered a policy enforcement error. CVE-2020-6394 Phil Freo discovered a policy enforcement error. CVE-2020-6395 Pierre Langlois discovered an out-of-bounds read error in the v8 javascript library. CVE-2020-6396 William Luc Ritchie discovered an error in the skia library. CVE-2020-6397 Khalil Zhani discovered a user interface error. CVE-2020-6398 pdknsk discovered an uninitialized variable in the pdfium library. CVE-2020-6399 Luan Herrera discovered a policy enforcement error. CVE-2020-6400 Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing. CVE-2020-6401 Tzachy Horesh discovered that user input was insufficiently validated. CVE-2020-6402 Vladimir Metnew discovered a policy enforcement error. CVE-2020-6403 Khalil Zhani discovered a user interface error. CVE-2020-6404 kanchi discovered an error in Blink/Webkit. CVE-2020-6405 Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the sqlite library. CVE-2020-6406 Sergei Glazunov discovered a use-after-free issue. CVE-2020-6407 Sergei Glazunov discovered an out-of-bounds read error. CVE-2020-6408 Zhong Zhaochen discovered a policy enforcement error in Cross-Origin Resource Sharing. CVE-2020-6409 Divagar S and Bharathi V discovered an error in the omnibox implementation. CVE-2020-6410 evil1m0 discovered a policy enforcement error. CVE-2020-6411 Khalil Zhani discovered that user input was insufficiently validated. CVE-2020-6412 Zihan Zheng discovered that user input was insufficiently validated. CVE-2020-6413 Michał Bentkowski discovered an error in Blink/Webkit. CVE-2020-6414 Lijo A.T discovered a policy safe browsing policy enforcement error. CVE-2020-6415 Avihay Cohen discovered an implementation error in the v8 javascript library. CVE-2020-6416 Woojin Oh discovered that untrusted input was insufficiently validated. CVE-2020-6418 Clement Lecigne discovered a type error in the v8 javascript library. CVE-2020-6420 Taras Uzdenov discovered a policy enforcement error. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 80.0.3987.132-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium |
Original Source
| Url : http://www.debian.org/security/2020/dsa-4638 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 22 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 22 % | CWE-20 | Improper Input Validation |
| 11 % | CWE-476 | NULL Pointer Dereference |
| 11 % | CWE-416 | Use After Free |
| 7 % | CWE-125 | Out-of-bounds Read |
| 7 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 4 % | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
| 4 % | CWE-434 | Unrestricted Upload of File with Dangerous Type (CWE/SANS Top 25) |
| 4 % | CWE-362 | Race Condition |
| 4 % | CWE-203 | Information Exposure Through Discrepancy |
| 4 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55810 - Revision : 1 - Type : BROWSER-CHROME |
| 2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55809 - Revision : 1 - Type : BROWSER-CHROME |
| 2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54623 - Revision : 1 - Type : BROWSER-CHROME |
| 2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54622 - Revision : 1 - Type : BROWSER-CHROME |
| 2020-03-31 | Google Chrome V8 Turbofan Array pop type confusion attempt RuleID : 53343 - Revision : 1 - Type : BROWSER-CHROME |
| 2020-03-31 | Google Chrome V8 Turbofan Array pop type confusion attempt RuleID : 53342 - Revision : 1 - Type : BROWSER-CHROME |
Alert History
| Date | Informations |
|---|---|
| 2020-05-23 13:03:43 |
|
| 2020-03-11 05:19:01 |
|
