Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

The remote host is affected by the vulnerability described in GLSA-202101-30 (Qt WebEngine: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Qt WebEngine. Please       review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.

This update for opera fixes the following issues :

Opera was updated to version 72.0.3815.320

  - CHR-8177 Update chromium on desktop-stable-86-3815 to     86.0.4240.183

  - DNA-89748 &lsquo;Manage Extensions&rsquo; dialog is     displayed with preloaded extensions

  - DNA-89766 Address bar does not respond to actions

  - The update to chromium 86.0.4240.183 fixes following     issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006,     CVE-2020-16007, CVE-2020-16008, CVE-2020-16009,     CVE-2020-16011

  - Update to version 72.0.3815.200

  - DNA-87150 Speed Dial tile can&rsquo;t be dragged to     proper place

  - DNA-89632 Improve hovering over icons

  - DNA-89647 [Light mode] Wrong URL color in &lsquo;Add     Site&rsquo; section

  - DNA-89791 Typo in Spanish

  - The update to chromium 86.0.4240.111 fixes following     issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002,     CVE-2020-15999, CVE-2020-16003

  - Complete Opera 72.0 changelog at:
    https://blogs.opera.com/desktop/changelog-for-72/

  - Update to version 71.0.3770.271

  - DNA-88353 Crash at     opera::TabCyclerView::HighlightContents     (content::WebContents*, bool)

  - DNA-89177 Device update request should only be called     when FCM token has changed

  - DNA-89186 Handle device expired case in all server calls

  - DNA-89202 Pages are rendered in dark mode when force     dark mode prefs were synced from Opera GX

  - DNA-89247 [Mac] Fullscreen video broken if sidebar is     hidden

  - DNA-89298 Some elements of VPN popup are misaligned to     design

  - DNA-89305 Crash after closing Downloads pop-up

Update to 86.0.4240.183.

Fixes the following security issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009

Also disables the very verbose output going to stdout.

----

Update to Chromium 86. A few big things here :

1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium :

chrome://flags/#enable-accelerated-video-decode

Be sure it is turned on. Note that not all GPUs are supported.

2. All the security fixes you expect with a major release:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003

3. Without bats acting as pollinators, agave and cacao plants would struggle. That means that bats are responsible for tequila and chocolate.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to Chromium 86. A few big things here :

1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium :

chrome://flags/#enable-accelerated-video-decode

Be sure it is turned on. Note that not all GPUs are supported.

2. All the security fixes you expect with a major release:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003

3. Without bats acting as pollinators, agave and cacao plants would struggle. That means that bats are responsible for tequila and chocolate.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4351 advisory.

  - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)

  - chromium-browser: Inappropriate implementation in Blink (CVE-2020-16000)

  - chromium-browser: Use after free in media (CVE-2020-16001)

  - chromium-browser: Use after free in PDFium (CVE-2020-16002)

  - chromium-browser: Use after free in printing (CVE-2020-16003)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for chromium fixes the following issues :

  - Update to 86.0.4240.111 boo#1177936

  - CVE-2020-16000: Inappropriate implementation in Blink.

  - CVE-2020-16001: Use after free in media.

  - CVE-2020-16002: Use after free in PDFium.

  - CVE-2020-15999: Heap buffer overflow in Freetype.

  - CVE-2020-16003: Use after free in printing.

The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Chrome Releases reports :

This release includes 5 security fixes :

- [1125337] High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp on 2020-09-06

- [1135018] High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05

- [1137630] High CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-10-13

- [1139963] High CVE-2020-15999: Heap buffer overflow in Freetype.
Reported by Sergei Glazunov of Google Project Zero on 2020-10-19

- [1134960] Medium CVE-2020-16003: Use after free in printing.
Reported by Khalil Zhani on 2020-10-04

The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
145430	GLSA-202101-30 : Qt WebEngine: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
144672	Debian DSA-4824-1 : chromium - security update	Nessus	Debian Local Security Checks	critical
143001	openSUSE Security Update : opera (openSUSE-2020-1952)	Nessus	SuSE Local Security Checks	critical
142955	Fedora 33 : chromium (2020-4e8e48da22)	Nessus	Fedora Local Security Checks	high
142587	Fedora 32 : chromium (2020-127d40f1ab)	Nessus	Fedora Local Security Checks	high
142542	Fedora 31 : chromium (2020-8aca25b5c8)	Nessus	Fedora Local Security Checks	high
142008	RHEL 6 : chromium-browser (RHSA-2020:4351)	Nessus	Red Hat Local Security Checks	high
141929	openSUSE Security Update : chromium (openSUSE-2020-1737)	Nessus	SuSE Local Security Checks	high
141888	openSUSE Security Update : chromium (openSUSE-2020-1718)	Nessus	SuSE Local Security Checks	high
141815	Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities	Nessus	Windows	high
141790	FreeBSD : chromium -- multiple vulnerabilities (f4722927-1375-11eb-8711-3065ec8fd3ec)	Nessus	FreeBSD Local Security Checks	high
141574	Google Chrome < 86.0.4240.111 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
141573	Google Chrome < 86.0.4240.111 Multiple Vulnerabilities	Nessus	Windows	high

Detections

Analytics

CVE-2020-16003

high

Tenable Plugins

critical

critical

critical

high

high

high

high

high

high

high

high

high

high