openSUSE-SU-2020:1061

openSUSE-SU-2020:1148

https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

https://crbug.com/1073409

FEDORA-2020-bf684961d9

FEDORA-2020-84d87cbd50

GLSA-202007-08

Just enough time for one more update. 

Chromium 84.

Fixes CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Microsoft Edge (Chromium) installed on the remote Windows host is prior to 84.0.522.40. It is, therefore, affected by multiple vulnerabilities :

  - Heap-based buffer overflow in PDFium allowed a remote attacker to potentially exploit heap corruption via a     crafted PDF file. (CVE-2020-6513)

  - Use after free in tab strip allowed a remote attacker to potentially exploit heap corruption via a crafted     HTML page. (CVE-2020-6515)

  - Out of bounds write in Skia allowed a remote attacker to potentially exploit heap corruption via a crafted     HTML page. (CVE-2020-6523)

In addition, Microsoft Edge (Chromium) is also affected by several additional vulnerabilities including additional use-after-free vulnerabilities, multiple heap-based buffer overflow conditions, privilege escalation, type confusion, and insufficient policy enforcements.

The remote host is affected by the vulnerability described in GLSA-202007-08 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

This update for chromium fixes the following issues :

  - Update to 84.0.4147.89 boo#1174189 :

  - Critical CVE-2020-6510: Heap buffer overflow in     background fetch. 

  - High CVE-2020-6511: Side-channel information leakage in     content security policy. 

  - High CVE-2020-6512: Type Confusion in V8. 

  - High CVE-2020-6513: Heap buffer overflow in PDFium. 

  - High CVE-2020-6514: Inappropriate implementation in     WebRTC. 

  - High CVE-2020-6515: Use after free in tab strip. 

  - High CVE-2020-6516: Policy bypass in CORS. 

  - High CVE-2020-6517: Heap buffer overflow in history. 

  - Medium CVE-2020-6518: Use after free in developer tools. 

  - Medium CVE-2020-6519: Policy bypass in CSP. 

  - Medium CVE-2020-6520: Heap buffer overflow in Skia. 

  - Medium CVE-2020-6521: Side-channel information leakage     in autofill.

  - Medium CVE-2020-6522: Inappropriate implementation in     external protocol handlers. 

  - Medium CVE-2020-6523: Out of bounds write in Skia. 

  - Medium CVE-2020-6524: Heap buffer overflow in WebAudio. 

  - Medium CVE-2020-6525: Heap buffer overflow in Skia. 

  - Low CVE-2020-6526: Inappropriate implementation in     iframe sandbox. 

  - Low CVE-2020-6527: Insufficient policy enforcement in     CSP. 

  - Low CVE-2020-6528: Incorrect security UI in basic auth. 

  - Low CVE-2020-6529: Inappropriate implementation in     WebRTC. 

  - Low CVE-2020-6530: Out of bounds memory access in     developer tools. 

  - Low CVE-2020-6531: Side-channel information leakage in     scroll to text. 

  - Low CVE-2020-6533: Type Confusion in V8. 

  - Low CVE-2020-6534: Heap buffer overflow in WebRTC. 

  - Low CVE-2020-6535: Insufficient data validation in     WebUI. 

  - Low CVE-2020-6536: Incorrect security UI in PWAs.

  - Use bundled xcb-proto as we need to generate py2     bindings

  - Try to fix non-wayland build for Leap builds

Chrome Releases reports :

This update contains 38 security fixes, including :

- [1103195] Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08

- [1074317] High CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24

- [1084820] High CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20

- [1091404] High CVE-2020-6513: Heap buffer overflow in PDFium.
Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04

- [1076703] High CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30

- [1082755] High CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA on 2020-05-14

- [1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08

- [1095560] High CVE-2020-6517: Heap buffer overflow in history.
Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16

- [986051] Medium CVE-2020-6518: Use after free in developer tools.
Reported by David Erceg on 2019-07-20

- [1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25

- [1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia.
Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08

- [1075734] Medium CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27

- [1052093] Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13

- [1080481] Medium CVE-2020-6523: Out of bounds write in Skia.
Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08

- [1081722] Medium CVE-2020-6524: Heap buffer overflow in WebAudio.
Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12

- [1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia.
Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05

- [1074340] Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24

- [992698] Low CVE-2020-6527: Insufficient policy enforcement in CSP.
Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10

- [1063690] Low CVE-2020-6528: Incorrect security UI in basic auth.
Reported by Rayyan Bijoora on 2020-03-22

- [978779] Low CVE-2020-6529: Inappropriate implementation in WebRTC.
Reported by kaustubhvats7 on 2019-06-26

- [1016278] Low CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21

- [1042986] Low CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17

- [1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11

- [1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC.
Reported by Anonymous on 2020-04-20

- [1073409] Low CVE-2020-6535: Insufficient data validation in WebUI.
Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22

- [1080934] Low CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09

The version of Google Chrome installed on the remote Windows host is prior to 84.0.4147.89. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_07_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 84.0.4147.89. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_07_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
139261	Fedora 31 : chromium (2020-84d87cbd50)	Nessus	Fedora Local Security Checks	high
139106	Fedora 32 : chromium (2020-bf684961d9)	Nessus	Fedora Local Security Checks	high
139034	Microsoft Edge (Chromium) < 84.0.522.40 Multiple Vulnerabilities	Nessus	Windows	high
138931	GLSA-202007-08 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
138788	openSUSE Security Update : chromium (openSUSE-2020-1021)	Nessus	SuSE Local Security Checks	high
138787	openSUSE Security Update : chromium (openSUSE-2020-1020)	Nessus	SuSE Local Security Checks	high
138537	FreeBSD : chromium -- multiple vulnerabilities (870d59b0-c6c4-11ea-8015-e09467587c17)	Nessus	FreeBSD Local Security Checks	high
138449	Google Chrome < 84.0.4147.89 Multiple Vulnerabilities	Nessus	Windows	high
138448	Google Chrome < 84.0.4147.89 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

CVE-2020-6535

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins