openSUSE-SU-2020:1829

openSUSE-SU-2020:1831

http://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html

https://crbug.com/1143772

FEDORA-2020-3e005ce2e0

FEDORA-2020-4e8e48da22

GLSA-202011-12

DSA-4824

Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.

Update to 87.0.4280.66. Fixes bugs and security holes. Yay!

CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036

----

Update to 86.0.4240.198. Fixes the following security issues :

CVE-2020-16013 CVE-2020-16016 CVE-2020-16017

----

Update to 86.0.4240.183.

Fixes the following security issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009

Also disables the very verbose output going to stdout.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for opera fixes the following issues :

Opera was updated to version 72.0.3815.320

  - CHR-8177 Update chromium on desktop-stable-86-3815 to     86.0.4240.183

  - DNA-89748 &lsquo;Manage Extensions&rsquo; dialog is     displayed with preloaded extensions

  - DNA-89766 Address bar does not respond to actions

  - The update to chromium 86.0.4240.183 fixes following     issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006,     CVE-2020-16007, CVE-2020-16008, CVE-2020-16009,     CVE-2020-16011

  - Update to version 72.0.3815.200

  - DNA-87150 Speed Dial tile can&rsquo;t be dragged to     proper place

  - DNA-89632 Improve hovering over icons

  - DNA-89647 [Light mode] Wrong URL color in &lsquo;Add     Site&rsquo; section

  - DNA-89791 Typo in Spanish

  - The update to chromium 86.0.4240.111 fixes following     issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002,     CVE-2020-15999, CVE-2020-16003

  - Complete Opera 72.0 changelog at:
    https://blogs.opera.com/desktop/changelog-for-72/

  - Update to version 71.0.3770.271

  - DNA-88353 Crash at     opera::TabCyclerView::HighlightContents     (content::WebContents*, bool)

  - DNA-89177 Device update request should only be called     when FCM token has changed

  - DNA-89186 Handle device expired case in all server calls

  - DNA-89202 Pages are rendered in dark mode when force     dark mode prefs were synced from Opera GX

  - DNA-89247 [Mac] Fullscreen video broken if sidebar is     hidden

  - DNA-89298 Some elements of VPN popup are misaligned to     design

  - DNA-89305 Crash after closing Downloads pop-up

Update to 86.0.4240.183.

Fixes the following security issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009

Also disables the very verbose output going to stdout.

----

Update to Chromium 86. A few big things here :

1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium :

chrome://flags/#enable-accelerated-video-decode

Be sure it is turned on. Note that not all GPUs are supported.

2. All the security fixes you expect with a major release:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003

3. Without bats acting as pollinators, agave and cacao plants would struggle. That means that bats are responsible for tequila and chocolate.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202011-12 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4974 advisory.

  - chromium-browser: Use after free in user interface (CVE-2020-16004)

  - chromium-browser: Insufficient policy enforcement in ANGLE (CVE-2020-16005)

  - chromium-browser: Inappropriate implementation in V8 (CVE-2020-16006, CVE-2020-16009)

  - chromium-browser: Stack buffer overflow in WebRTC (CVE-2020-16008)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for chromium fixes the following issues :

  - Update to 86.0.4240.183 boo#1178375

  - CVE-2020-16004: Use after free in user interface.

  - CVE-2020-16005: Insufficient policy enforcement in     ANGLE.

  - CVE-2020-16006: Inappropriate implementation in V8

  - CVE-2020-16007: Insufficient data validation in     installer.

  - CVE-2020-16008: Stack-based buffer overflow in WebRTC.

  - CVE-2020-16009: Inappropriate implementation in V8.

  - CVE-2020-16011: Heap buffer overflow in UI on Windows.

Chrome Releases reports :

This release contains 10 security fixes, including :

- [1138911] High CVE-2020-16004: Use after free in user interface.
Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-15

- [1139398] High CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on 2020-10-16

- [1133527] High CVE-2020-16006: Inappropriate implementation in V8.
Reported by Bill Parks on 2020-09-29

- [1125018] High CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri (halov) on 2020-09-04

- [1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC.
Reported by Tolya Korniltsev on 2020-10-01

- [1143772] High CVE-2020-16009: Inappropriate implementation in V8.
Reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Gross of Google Project Zero on 2020-10-29

- [1144489] High CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero on 2020-11-01

There are reports that an exploit for CVE-2020-16009 exists in the wild.

The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.63. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-4-2020 advisory.

  - Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16004)

  - Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker     to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16005)

  - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16006, CVE-2020-16009)

  - Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker     to potentially elevate privilege via a crafted filesystem. (CVE-2020-16007)

  - Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to     potentially exploit stack corruption via a crafted WebRTC packet. (CVE-2020-16008)

  - Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker     who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2020-16011)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.183. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.183. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
144672	Debian DSA-4824-1 : chromium - security update	Nessus	Debian Local Security Checks	high
143227	Fedora 32 : chromium (2020-3e005ce2e0)	Nessus	Fedora Local Security Checks	high
143001	openSUSE Security Update : opera (openSUSE-2020-1952)	Nessus	SuSE Local Security Checks	critical
142955	Fedora 33 : chromium (2020-4e8e48da22)	Nessus	Fedora Local Security Checks	high
142833	GLSA-202011-12 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
142643	RHEL 6 : chromium-browser (RHSA-2020:4974)	Nessus	Red Hat Local Security Checks	high
142555	openSUSE Security Update : chromium (openSUSE-2020-1831)	Nessus	SuSE Local Security Checks	critical
142539	FreeBSD : chromium -- multiple vulnerabilities (3ec6ab59-1e0c-11eb-a428-3065ec8fd3ec)	Nessus	FreeBSD Local Security Checks	critical
142456	Microsoft Edge (Chromium) < 86.0.622.63 Multiple Vulnerabilities	Nessus	Windows	critical
142209	Google Chrome < 86.0.4240.183 Multiple Vulnerabilities	Nessus	Windows	critical
142208	Google Chrome < 86.0.4240.183 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical

CVE-2020-16009

HIGH

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins

high

high

critical

high

critical

high

critical

critical

critical

critical

critical