openSUSE-SU-2020:0823

openSUSE-SU-2020:0832

https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html

https://crbug.com/1068531

FEDORA-2020-08561721ad

FEDORA-2020-77f89ab772

GLSA-202006-02

GLSA-202101-30

DSA-4714

The remote host is affected by the vulnerability described in GLSA-202101-30 (Qt WebEngine: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Qt WebEngine. Please       review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

This update for chromium fixes the following issues :

Chromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496) :

  - CVE-2020-6463: Use after free in ANGLE (boo#1170107     boo#1171975).

  - CVE-2020-6465: Use after free in reader mode. Reported     by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21

  - CVE-2020-6466: Use after free in media. Reported by Zhe     Jin from cdsrc of Qihoo 360 on 2020-04-26

  - CVE-2020-6467: Use after free in WebRTC. Reported by     ZhanJia Song on 2020-04-06

  - CVE-2020-6468: Type Confusion in V8. Reported by Chris     Salls and Jake Corina of Seaside Security, Chani Jindal     of Shellphish on 2020-04-30

  - CVE-2020-6469: Insufficient policy enforcement in     developer tools. Reported by David Erceg on 2020-04-02

  - CVE-2020-6470: Insufficient validation of untrusted     input in clipboard. Reported by Micha&#x142; Bentkowski     of Securitum on 2020-03-30

  - CVE-2020-6471: Insufficient policy enforcement in     developer tools. Reported by David Erceg on 2020-03-08

  - CVE-2020-6472: Insufficient policy enforcement in     developer tools. Reported by David Erceg on 2020-03-25

  - CVE-2020-6473: Insufficient policy enforcement in Blink.
    Reported by Soroush Karami and Panagiotis Ilia on     2020-02-06

  - CVE-2020-6474: Use after free in Blink. Reported by Zhe     Jin from cdsrc of Qihoo 360 on 2020-03-07

  - CVE-2020-6475: Incorrect security UI in full screen.
    Reported by Khalil Zhani on 2019-10-31

  - CVE-2020-6476: Insufficient policy enforcement in tab     strip. Reported by Alexandre Le Borgne on 2019-12-18

  - CVE-2020-6477: Inappropriate implementation in     installer. Reported by RACK911 Labs on 2019-03-26

  - CVE-2020-6478: Inappropriate implementation in full     screen. Reported by Khalil Zhani on 2019-12-24

  - CVE-2020-6479: Inappropriate implementation in sharing.
    Reported by Zhong Zhaochen of andsecurity.cn on     2020-01-14

  - CVE-2020-6480: Insufficient policy enforcement in     enterprise. Reported by Marvin Witt on 2020-02-21

  - CVE-2020-6481: Insufficient policy enforcement in URL     formatting. Reported by Rayyan Bijoora on 2020-04-07

  - CVE-2020-6482: Insufficient policy enforcement in     developer tools. Reported by Abdulrahman Alqabandi     (@qab) on 2017-12-17

  - CVE-2020-6483: Insufficient policy enforcement in     payments. Reported by Jun Kokatsu, Microsoft Browser     Vulnerability Research on 2019-05-23

  - CVE-2020-6484: Insufficient data validation in     ChromeDriver. Reported by Artem Zinenko on 2020-01-26

  - CVE-2020-6485: Insufficient data validation in media     router. Reported by Sergei Glazunov of Google Project     Zero on 2020-01-30

  - CVE-2020-6486: Insufficient policy enforcement in     navigations. Reported by David Erceg on 2020-02-24

  - CVE-2020-6487: Insufficient policy enforcement in     downloads. Reported by Jun Kokatsu (@shhnjk) on     2015-10-06

  - CVE-2020-6488: Insufficient policy enforcement in     downloads. Reported by David Erceg on 2020-01-21

  - CVE-2020-6489: Inappropriate implementation in developer     tools. Reported by @lovasoa (Ophir LOJKINE) on     2020-02-10

  - CVE-2020-6490: Insufficient data validation in loader.
    Reported by Twitter on 2019-12-19

  - CVE-2020-6491: Incorrect security UI in site     information. Reported by Sultan Haikal M.A on 2020-02-07

  - CVE-2020-6493: Use after free in WebAuthentication.

  - CVE-2020-6494: Incorrect security UI in payments.

  - CVE-2020-6495: Insufficient policy enforcement in     developer tools.

  - CVE-2020-6496: Use after free in payments.

Update to 83.0.4103.116. Fixes CVE-2020-6509.

----

Black Lives Matter. Saying this does not mean that other lives do not matter. It should not be controversial to say this. If I say Chromium updates matter, it does not mean that other Fedora packages do not matter, it means that a Chromium update is needed to fix this giant pile of severe security vulnerabilities, here, today, now :

CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6505 CVE-2020-6506 CVE-6507

In making that analogy, I do not intend to trivialize BLM. In no way do I mean to compare the lives of people to a silly web browser update. People are infinitely important than software. But since I'm here to push this software update out, I am also choosing to say clearly and unambiguously that Black Lives Matter. 

Open Source proves that many voices, many contributions, together can change the world. It depends on it. This is my voice.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to 83.0.4103.116. Fixes CVE-2020-6509.

----

Black Lives Matter. Saying this does not mean that other lives do not matter. It should not be controversial to say this. If I say Chromium updates matter, it does not mean that other Fedora packages do not matter, it means that a Chromium update is needed to fix this giant pile of severe security vulnerabilities, here, today, now :

CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507

In making that analogy, I do not intend to trivialize BLM. In no way do I mean to compare the lives of people to a silly web browser update. People are infinitely important than software. But since I'm here to push this software update out, I am also choosing to say clearly and unambiguously that Black Lives Matter. 

Open Source proves that many voices, many contributions, together can change the world. It depends on it. This is my voice.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2020-6423     A use-after-free issue was found in the audio     implementation.

  - CVE-2020-6430     Avihay Cohen discovered a type confusion issue in the v8     JavaScript library.

  - CVE-2020-6431     Luan Herrera discovered a policy enforcement error.

  - CVE-2020-6432     Luan Herrera discovered a policy enforcement error.

  - CVE-2020-6433     Luan Herrera discovered a policy enforcement error in     extensions.

  - CVE-2020-6434     HyungSeok Han discovered a use-after-free issue in the     developer tools.

  - CVE-2020-6435     Sergei Glazunov discovered a policy enforcement error in     extensions.

  - CVE-2020-6436     Igor Bukanov discovered a use-after-free issue.

  - CVE-2020-6437     Jann Horn discovered an implementation error in WebView.

  - CVE-2020-6438     Ng Yik Phang discovered a policy enforcement error in     extensions.

  - CVE-2020-6439     remkoboonstra discovered a policy enforcement error.

  - CVE-2020-6440     David Erceg discovered an implementation error in     extensions.

  - CVE-2020-6441     David Erceg discovered a policy enforcement error.

  - CVE-2020-6442     B@rMey discovered an implementation error in the page     cache.

  - CVE-2020-6443     @lovasoa discovered an implementation error in the     developer tools.

  - CVE-2020-6444     mlfbrown discovered an uninitialized variable in the     WebRTC implementation.

  - CVE-2020-6445     Jun Kokatsu discovered a policy enforcement error.

  - CVE-2020-6446     Jun Kokatsu discovered a policy enforcement error.

  - CVE-2020-6447     David Erceg discovered an implementation error in the     developer tools.

  - CVE-2020-6448     Guang Gong discovered a use-after-free issue in the v8     JavaScript library.

  - CVE-2020-6454     Leecraso and Guang Gong discovered a use-after-free     issue in extensions.

  - CVE-2020-6455     Nan Wang and Guang Gong discovered an out-of-bounds read     issue in the WebSQL implementation.

  - CVE-2020-6456     Michal Bentkowski discovered insufficient validation of     untrusted input.

  - CVE-2020-6457     Leecraso and Guang Gong discovered a use-after-free     issue in the speech recognizer.

  - CVE-2020-6458     Aleksandar Nikolic discoved an out-of-bounds read and     write issue in the pdfium library.

  - CVE-2020-6459     Zhe Jin discovered a use-after-free issue in the     payments implementation.

  - CVE-2020-6460     It was discovered that URL formatting was insufficiently     validated.

  - CVE-2020-6461     Zhe Jin discovered a use-after-free issue.

  - CVE-2020-6462     Zhe Jin discovered a use-after-free issue in task     scheduling.

  - CVE-2020-6463     Pawel Wylecial discovered a use-after-free issue in the     ANGLE library.

  - CVE-2020-6464     Looben Yang discovered a type confusion issue in     Blink/Webkit.

  - CVE-2020-6465     Woojin Oh discovered a use-after-free issue.

  - CVE-2020-6466     Zhe Jin discovered a use-after-free issue.

  - CVE-2020-6467     ZhanJia Song discovered a use-after-free issue in the     WebRTC implementation.

  - CVE-2020-6468     Chris Salls and Jake Corina discovered a type confusion     issue in the v8 JavaScript library.

  - CVE-2020-6469     David Erceg discovered a policy enforcement error in the     developer tools.

  - CVE-2020-6470     Michal Bentkowski discovered insufficient validation of     untrusted input.

  - CVE-2020-6471     David Erceg discovered a policy enforcement error in the     developer tools.

  - CVE-2020-6472     David Erceg discovered a policy enforcement error in the     developer tools.

  - CVE-2020-6473     Soroush Karami and Panagiotis Ilia discovered a policy     enforcement error in Blink/Webkit.

  - CVE-2020-6474     Zhe Jin discovered a use-after-free issue in     Blink/Webkit.

  - CVE-2020-6475     Khalil Zhani discovered a user interface error.

  - CVE-2020-6476     Alexandre Le Borgne discovered a policy enforcement     error.

  - CVE-2020-6478     Khalil Zhani discovered an implementation error in full     screen mode.

  - CVE-2020-6479     Zhong Zhaochen discovered an implementation error.

  - CVE-2020-6480     Marvin Witt discovered a policy enforcement error.

  - CVE-2020-6481     Rayyan Bijoora discovered a policy enforcement error.

  - CVE-2020-6482     Abdulrahman Alqabandi discovered a policy enforcement     error in the developer tools.

  - CVE-2020-6483     Jun Kokatsu discovered a policy enforcement error in     payments.

  - CVE-2020-6484     Artem Zinenko discovered insufficient validation of user     data in the ChromeDriver implementation.

  - CVE-2020-6485     Sergei Glazunov discovered a policy enforcement error.

  - CVE-2020-6486     David Erceg discovered a policy enforcement error.

  - CVE-2020-6487     Jun Kokatsu discovered a policy enforcement error.

  - CVE-2020-6488     David Erceg discovered a policy enforcement error.

  - CVE-2020-6489     @lovasoa discovered an implementation error in the     developer tools.

  - CVE-2020-6490     Insufficient validation of untrusted data was     discovered.

  - CVE-2020-6491     Sultan Haikal discovered a user interface error.

  - CVE-2020-6493     A use-after-free issue was discovered in the     WebAuthentication implementation.

  - CVE-2020-6494     Juho Nurimen discovered a user interface error.

  - CVE-2020-6495     David Erceg discovered a policy enforcement error in the     developer tools.

  - CVE-2020-6496     Khalil Zhani discovered a use-after-free issue in     payments.

  - CVE-2020-6497     Rayyan Bijoora discovered a policy enforcement issue.

  - CVE-2020-6498     Rayyan Bijoora discovered a user interface error.

  - CVE-2020-6505     Khalil Zhani discovered a use-after-free issue.

  - CVE-2020-6506     Alesandro Ortiz discovered a policy enforcement error.

  - CVE-2020-6507     Sergei Glazunov discovered an out-of-bounds write issue     in the v8 JavaScript library.

  - CVE-2020-6509     A use-after-free issue was discovered in extensions.

  - CVE-2020-6831     Natalie Silvanovich discovered a buffer overflow issue     in the SCTP library.

The remote host is affected by the vulnerability described in GLSA-202006-02 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2544 advisory.

  - chromium-browser: Use after free in reader mode (CVE-2020-6465)

  - chromium-browser: Use after free in media (CVE-2020-6466)

  - chromium-browser: Use after free in WebRTC (CVE-2020-6467)

  - chromium-browser: Type Confusion in V8 (CVE-2020-6468)

  - chromium-browser: Insufficient policy enforcement in developer tools (CVE-2020-6469, CVE-2020-6471,     CVE-2020-6472, CVE-2020-6482, CVE-2020-6495)

  - chromium-browser: Insufficient validation of untrusted input in clipboard (CVE-2020-6470)

  - chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6473)

  - chromium-browser: Use after free in Blink (CVE-2020-6474)

  - chromium-browser: Incorrect security UI in full screen (CVE-2020-6475)

  - chromium-browser: Insufficient policy enforcement in tab strip (CVE-2020-6476)

  - chromium-browser: Inappropriate implementation in full screen (CVE-2020-6478)

  - chromium-browser: Inappropriate implementation in sharing (CVE-2020-6479)

  - chromium-browser: Insufficient policy enforcement in enterprise (CVE-2020-6480)

  - chromium-browser: Insufficient policy enforcement in URL formatting (CVE-2020-6481)

  - chromium-browser: Insufficient policy enforcement in payments (CVE-2020-6483)

  - chromium-browser: Insufficient data validation in ChromeDriver (CVE-2020-6484)

  - chromium-browser: Insufficient data validation in media router (CVE-2020-6485)

  - chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6486)

  - chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6487, CVE-2020-6488)

  - chromium-browser: Inappropriate implementation in developer tools (CVE-2020-6489)

  - chromium-browser: Insufficient data validation in loader (CVE-2020-6490)

  - chromium-browser: Incorrect security UI in site information (CVE-2020-6491)

  - chromium-browser: Use after free in WebAuthentication (CVE-2020-6493)

  - chromium-browser: Incorrect security UI in payments (CVE-2020-6494)

  - chromium-browser: Use after free in payments (CVE-2020-6496)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Microsoft Edge (Chromium) installed on the remote Windows host is prior to 83.0.478.37. It is, therefore, affected by multiple vulnerabilities:

  - A use after free in media in Microsoft Edge (Chromium) allowed a remote attacker who had     compromised the renderer  process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2020-6466)

  - A use after free in WebRTC in Microsoft Edge (Chromium) allowed a remote attacker to potentially     exploit  heap corruption via a crafted HTML page. (CVE-2020-6467)

  - Type confusion in V8 in Microsoft Edge (Chromium) allowed a remote attacker to potentially exploit     heap corruption via a crafted HTML page. (CVE-2020-6468)

In addition, Microsoft Edge (Chromium) is also affected by several additional vulnerabilities including additional use-after-free vulnerabilities, privilege escalations, and insufficient policy enforcements.

Google Chrome Releases reports :

This release includes 38 security fixes, including CVEs CVE-2020-6465 through CVE-2020-6491.

The version of Google Chrome installed on the remote Windows host is prior to 83.0.4103.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_05_stable-channel-update-for-desktop_19 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 83.0.4103.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_05_stable-channel-update-for-desktop_19 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
145430	GLSA-202101-30 : Qt WebEngine: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
138688	openSUSE Security Update : chromium (openSUSE-2020-823)	Nessus	SuSE Local Security Checks	high
138194	Fedora 31 : chromium (2020-77f89ab772)	Nessus	Fedora Local Security Checks	critical
138069	Fedora 32 : chromium (2020-08561721ad)	Nessus	Fedora Local Security Checks	critical
138066	Debian DSA-4714-1 : chromium - security update	Nessus	Debian Local Security Checks	critical
137440	GLSA-202006-02 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
137410	RHEL 6 : chromium-browser (RHSA-2020:2544)	Nessus	Red Hat Local Security Checks	high
136968	Microsoft Edge (Chromium) < 83.0.478.37 Multiple Vulnerabilities	Nessus	Windows	high
136849	FreeBSD : chromium -- multiple vulnerabilities (38c676bd-9def-11ea-a94c-3065ec8fd3ec)	Nessus	FreeBSD Local Security Checks	high
136743	Google Chrome < 83.0.4103.61 Multiple Vulnerabilities	Nessus	Windows	high
136742	Google Chrome < 83.0.4103.61 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

CVE-2020-6481

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins

high

high

critical

critical

critical

high

high

high

high

high

high