Executive Summary
Summary | |
---|---|
Title | chromium-browser security update |
Informations | |||
---|---|---|---|
Name | RHSA-2020:0514 | First vendor Publication | 2020-02-17 |
Vendor | RedHat | Last vendor Modification | 2020-02-17 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 8.8 | ||
Base Score | 8.8 | Environmental Score | 8.8 |
impact SubScore | 5.9 | Temporal Score | 8.8 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | Required |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 80.0.3987.87. Security Fix(es): * chromium-browser: Integer overflow in JavaScript (CVE-2020-6381) * chromium-browser: Type Confusion in JavaScript (CVE-2020-6382) * chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387) * chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389) * chromium-browser: Out of bounds memory access in streams (CVE-2020-6390) * libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197) * sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880) * sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) * sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926) * chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394) * chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395) * chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396) * chromium-browser: Incorrect security UI in sharing (CVE-2020-6397) * chromium-browser: Uninitialized use in PDFium (CVE-2020-6398) * chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399) * chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402) * chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404) * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405) * chromium-browser: Use after free in audio (CVE-2020-6406) * chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408) * chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409) * chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413) * chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414) * chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415) * chromium-browser: Insufficient data validation in streams (CVE-2020-6416) * chromium-browser: Inappropriate implementation in installer (CVE-2020-6417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure 1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c 1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference 1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive 1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880 1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript 1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript 1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage 1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC 1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio 1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC 1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams 1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink 1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions 1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink 1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink 1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript 1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia 1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing 1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium 1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache 1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS 1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox 1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads 1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox 1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink 1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause 1801182 - CVE-2020-6406 chromium-browser: Use after free in audio 1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS 1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox 1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation 1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox 1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox 1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink 1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing 1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript 1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams 1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2020-0514.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
24 % | CWE-20 | Improper Input Validation |
20 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
12 % | CWE-476 | NULL Pointer Dereference |
8 % | CWE-416 | Use After Free |
8 % | CWE-125 | Out-of-bounds Read |
8 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
4 % | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
4 % | CWE-434 | Unrestricted Upload of File with Dangerous Type (CWE/SANS Top 25) |
4 % | CWE-362 | Race Condition |
4 % | CWE-203 | Information Exposure Through Discrepancy |
4 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55810 - Revision : 1 - Type : BROWSER-CHROME |
2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55809 - Revision : 1 - Type : BROWSER-CHROME |
2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54623 - Revision : 1 - Type : BROWSER-CHROME |
2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54622 - Revision : 1 - Type : BROWSER-CHROME |
Alert History
Date | Informations |
---|---|
2020-05-23 13:03:45 |
|
2020-03-19 13:19:58 |
|