openSUSE-SU-2020:1061

openSUSE-SU-2020:1148

openSUSE-SU-2020:1172

openSUSE-SU-2020:1048

https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

https://crbug.com/1073409

FEDORA-2020-bf684961d9

FEDORA-2020-84d87cbd50

GLSA-202007-08

DSA-4824

Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3377 advisory.

  - chromium-browser: Heap buffer overflow in background     fetch (CVE-2020-6510)

  - chromium-browser: Side-channel information leakage in     content security policy (CVE-2020-6511)

  - chromium-browser: Type Confusion in V8 (CVE-2020-6512,     CVE-2020-6533, CVE-2020-6537)

  - chromium-browser: Heap buffer overflow in PDFium     (CVE-2020-6513)

  - chromium-browser: Inappropriate implementation in WebRTC     (CVE-2020-6514, CVE-2020-6529)

  - chromium-browser: Use after free in tab strip     (CVE-2020-6515)

  - chromium-browser: Policy bypass in CORS (CVE-2020-6516)

  - chromium-browser: Heap buffer overflow in history     (CVE-2020-6517)

  - chromium-browser: Use after free in developer tools     (CVE-2020-6518)

  - chromium-browser: Policy bypass in CSP (CVE-2020-6519)

  - chromium-browser: Heap buffer overflow in Skia     (CVE-2020-6520, CVE-2020-6525, CVE-2020-6540)

  - chromium-browser: Side-channel information leakage in     autofill (CVE-2020-6521)

  - chromium-browser: Inappropriate implementation in     external protocol handlers (CVE-2020-6522)

  - chromium-browser: Out of bounds write in Skia     (CVE-2020-6523)

  - chromium-browser: Heap buffer overflow in WebAudio     (CVE-2020-6524)

  - chromium-browser: Inappropriate implementation in iframe     sandbox (CVE-2020-6526)

  - chromium-browser: Insufficient policy enforcement in CSP     (CVE-2020-6527)

  - chromium-browser: Incorrect security UI in basic auth     (CVE-2020-6528)

  - chromium-browser: Out of bounds memory access in     developer tools (CVE-2020-6530)

  - chromium-browser: Side-channel information leakage in     scroll to text (CVE-2020-6531)

  - chromium-browser: Use after free in SCTP (CVE-2020-6532)

  - chromium-browser: Heap buffer overflow in WebRTC     (CVE-2020-6534)

  - chromium-browser: Insufficient data validation in WebUI     (CVE-2020-6535)

  - chromium-browser: Incorrect security UI in PWAs     (CVE-2020-6536)

  - chromium-browser: Inappropriate implementation in     WebView (CVE-2020-6538)

  - chromium-browser: Use after free in CSS (CVE-2020-6539)

  - chromium-browser: Use after free in WebUSB     (CVE-2020-6541)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for opera fixes the following issues :

  - Update to version 70.0.3728.71

  - DNA-86267 Make `Recently closed tabs` appearance     consistent with `Search for open tabs`.

  - DNA-86988 Opera 70 translations

  - DNA-87530 Zen news leads not loading

  - DNA-87636 Fix displaying folder icon for closed windows     in recently closed list

  - DNA-87682 Replace Extensions icon in toolbar with icon     from sidebar

  - DNA-87756 Extend chrome.sessions.getRecentlyClosed with     information about last active tab in window.

  - DNA-87778 Crash at opera::InstantSearchViewViews::
    ~InstantSearchViewViews()

  - DNA-87815 Change affiliate links for AliExpress Search

  - Update to version 70.0.3728.59

  - CHR-8010 Update chromium on desktop-stable-84-3728 to     84.0.4147.89

  - DNA-87019 The video image does not respond to the     pressing after closed the &ldquo;Quit Opera?&rdquo;
    dialog

  - DNA-87342 Fix right padding in settings > weather     section

  - DNA-87427 Remove unneeded information from the     requests&rsquo; diagnostics

  - DNA-87560 Crash at views::Widget::GetNativeView()

  - DNA-87561 Crash at CRYPTO_BUFFER_len

  - DNA-87599 Bypass VPN for default search engines     doesn&rsquo;t work

  - DNA-87611 Unittests fails on declarativeNetRequest and     declarativeNetRequestFeedback permissions

  - DNA-87612 [Mac] Misaligned icon in address bar

  - DNA-87619 [Win/Lin] Misaligned icon in address bar

  - DNA-87716 [macOS/Windows] Crash when Search in tabs is     open and Opera is minimised

  - DNA-87749 Crash at     opera::InstantSearchSuggestionLineView::
    SetIsHighlighted(bool)

  - The update to chromium 84.0.4147.89 fixes following     issues :

  - CVE-2020-6510, CVE-2020-6511, CVE-2020-6512,     CVE-2020-6513, CVE-2020-6514, CVE-2020-6515,     CVE-2020-6516, CVE-2020-6517, CVE-2020-6518,     CVE-2020-6519, CVE-2020-6520, CVE-2020-6521,     CVE-2020-6522, CVE-2020-6523, CVE-2020-6524,     CVE-2020-6525, CVE-2020-6526, CVE-2020-6527,     CVE-2020-6528, CVE-2020-6529, CVE-2020-6530,     CVE-2020-6531, CVE-2020-6533, CVE-2020-6534,     CVE-2020-6535, CVE-2020-6536

  - Complete Opera 70.0 changelog at:
    https://blogs.opera.com/desktop/changelog-for-70/

  - Update to version 69.0.3686.77

  - DNA-84207 New Yubikey enrollment is not working

  - DNA-87185 Lost translation

  - DNA-87382 Integrate scrolling to top of the feed with     the existing scroll position restoration

  - DNA-87535 Sort out news on startpage state

  - DNA-87588 Merge &ldquo;Prevent pointer from being sent     in the clear over SCTP&rdquo; to desktop-stable-83-3686

  - Update to version 69.0.3686.57

  - DNA-86682 Title case in Russian translation

  - DNA-86807 Title case in O69 BR Portuguese translation

  - DNA-87104 Right click context menu becomes scrollable     sometimes

  - DNA-87376 Search in tabs opens significantly slower in     O69

  - DNA-87505 [Welcome Pages][Stats] Session stats for     Welcome and Upgrade pages

  - DNA-87535 Sort out news on startpage state

This update for opera fixes the following issues :

  - Update to version 70.0.3728.71

  - DNA-86267 Make `Recently closed tabs` appearance     consistent with `Search for open tabs`.

  - DNA-86988 Opera 70 translations

  - DNA-87530 Zen news leads not loading

  - DNA-87636 Fix displaying folder icon for closed windows     in recently closed list

  - DNA-87682 Replace Extensions icon in toolbar with icon     from sidebar

  - DNA-87756 Extend chrome.sessions.getRecentlyClosed with     information about last active tab in window.

  - DNA-87778 Crash at opera::InstantSearchViewViews::
    ~InstantSearchViewViews()

  - DNA-87815 Change affiliate links for AliExpress Search

  - Update to version 70.0.3728.59

  - CHR-8010 Update chromium on desktop-stable-84-3728 to     84.0.4147.89

  - DNA-87019 The video image does not respond to the     pressing after closed the &ldquo;Quit Opera?&rdquo;
    dialog

  - DNA-87342 Fix right padding in settings > weather     section

  - DNA-87427 Remove unneeded information from the     requests&rsquo; diagnostics

  - DNA-87560 Crash at views::Widget::GetNativeView()

  - DNA-87561 Crash at CRYPTO_BUFFER_len

  - DNA-87599 Bypass VPN for default search engines     doesn&rsquo;t work

  - DNA-87611 Unittests fails on declarativeNetRequest and     declarativeNetRequestFeedback permissions

  - DNA-87612 [Mac] Misaligned icon in address bar

  - DNA-87619 [Win/Lin] Misaligned icon in address bar

  - DNA-87716 [macOS/Windows] Crash when Search in tabs is     open and Opera is minimized

  - DNA-87749 Crash at     opera::InstantSearchSuggestionLineView::
    SetIsHighlighted(bool)

  - The update to chromium 84.0.4147.89 fixes following     issues :

  - CVE-2020-6510, CVE-2020-6511, CVE-2020-6512,     CVE-2020-6513, CVE-2020-6514, CVE-2020-6515,     CVE-2020-6516, CVE-2020-6517, CVE-2020-6518,     CVE-2020-6519, CVE-2020-6520, CVE-2020-6521,     CVE-2020-6522, CVE-2020-6523, CVE-2020-6524,     CVE-2020-6525, CVE-2020-6526, CVE-2020-6527,     CVE-2020-6528, CVE-2020-6529, CVE-2020-6530,     CVE-2020-6531, CVE-2020-6533, CVE-2020-6534,     CVE-2020-6535, CVE-2020-6536

  - Complete Opera 70.0 changelog at:
    https://blogs.opera.com/desktop/changelog-for-70/

  - Update to version 69.0.3686.77

  - DNA-84207 New Yubikey enrollment is not working

  - DNA-87185 Lost translation

  - DNA-87382 Integrate scrolling to top of the feed with     the existing scroll position restoration

  - DNA-87535 Sort out news on start page state

  - DNA-87588 Merge &ldquo;Prevent pointer from being sent     in the clear over SCTP&rdquo; to desktop-stable-83-3686

  - Update to version 69.0.3686.57

  - DNA-86682 Title case in Russian translation

  - DNA-86807 Title case in O69 BR Portuguese translation

  - DNA-87104 Right click context menu becomes scrollable     sometimes

  - DNA-87376 Search in tabs opens significantly slower in     O69

  - DNA-87505 [Welcome Pages][Stats] Session stats for     Welcome and Upgrade pages

  - DNA-87535 Sort out news on start page state

Just enough time for one more update. 

Chromium 84.

Fixes CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Microsoft Edge (Chromium) installed on the remote Windows host is prior to 84.0.522.40. It is, therefore, affected by multiple vulnerabilities :

  - Heap-based buffer overflow in PDFium allowed a remote attacker to potentially exploit heap corruption via a     crafted PDF file. (CVE-2020-6513)

  - Use after free in tab strip allowed a remote attacker to potentially exploit heap corruption via a crafted     HTML page. (CVE-2020-6515)

  - Out of bounds write in Skia allowed a remote attacker to potentially exploit heap corruption via a crafted     HTML page. (CVE-2020-6523)

In addition, Microsoft Edge (Chromium) is also affected by several additional vulnerabilities including additional use-after-free vulnerabilities, multiple heap-based buffer overflow conditions, privilege escalation, type confusion, and insufficient policy enforcements.

The remote host is affected by the vulnerability described in GLSA-202007-08 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

This update for chromium fixes the following issues :

  - Update to 84.0.4147.89 boo#1174189 :

  - Critical CVE-2020-6510: Heap buffer overflow in     background fetch. 

  - High CVE-2020-6511: Side-channel information leakage in     content security policy. 

  - High CVE-2020-6512: Type Confusion in V8. 

  - High CVE-2020-6513: Heap buffer overflow in PDFium. 

  - High CVE-2020-6514: Inappropriate implementation in     WebRTC. 

  - High CVE-2020-6515: Use after free in tab strip. 

  - High CVE-2020-6516: Policy bypass in CORS. 

  - High CVE-2020-6517: Heap buffer overflow in history. 

  - Medium CVE-2020-6518: Use after free in developer tools. 

  - Medium CVE-2020-6519: Policy bypass in CSP. 

  - Medium CVE-2020-6520: Heap buffer overflow in Skia. 

  - Medium CVE-2020-6521: Side-channel information leakage     in autofill.

  - Medium CVE-2020-6522: Inappropriate implementation in     external protocol handlers. 

  - Medium CVE-2020-6523: Out of bounds write in Skia. 

  - Medium CVE-2020-6524: Heap buffer overflow in WebAudio. 

  - Medium CVE-2020-6525: Heap buffer overflow in Skia. 

  - Low CVE-2020-6526: Inappropriate implementation in     iframe sandbox. 

  - Low CVE-2020-6527: Insufficient policy enforcement in     CSP. 

  - Low CVE-2020-6528: Incorrect security UI in basic auth. 

  - Low CVE-2020-6529: Inappropriate implementation in     WebRTC. 

  - Low CVE-2020-6530: Out of bounds memory access in     developer tools. 

  - Low CVE-2020-6531: Side-channel information leakage in     scroll to text. 

  - Low CVE-2020-6533: Type Confusion in V8. 

  - Low CVE-2020-6534: Heap buffer overflow in WebRTC. 

  - Low CVE-2020-6535: Insufficient data validation in     WebUI. 

  - Low CVE-2020-6536: Incorrect security UI in PWAs.

  - Use bundled xcb-proto as we need to generate py2     bindings

  - Try to fix non-wayland build for Leap builds

Chrome Releases reports :

This update contains 38 security fixes, including :

- [1103195] Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08

- [1074317] High CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24

- [1084820] High CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20

- [1091404] High CVE-2020-6513: Heap buffer overflow in PDFium.
Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04

- [1076703] High CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30

- [1082755] High CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA on 2020-05-14

- [1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08

- [1095560] High CVE-2020-6517: Heap buffer overflow in history.
Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16

- [986051] Medium CVE-2020-6518: Use after free in developer tools.
Reported by David Erceg on 2019-07-20

- [1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25

- [1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia.
Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08

- [1075734] Medium CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27

- [1052093] Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13

- [1080481] Medium CVE-2020-6523: Out of bounds write in Skia.
Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08

- [1081722] Medium CVE-2020-6524: Heap buffer overflow in WebAudio.
Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12

- [1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia.
Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05

- [1074340] Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24

- [992698] Low CVE-2020-6527: Insufficient policy enforcement in CSP.
Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10

- [1063690] Low CVE-2020-6528: Incorrect security UI in basic auth.
Reported by Rayyan Bijoora on 2020-03-22

- [978779] Low CVE-2020-6529: Inappropriate implementation in WebRTC.
Reported by kaustubhvats7 on 2019-06-26

- [1016278] Low CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21

- [1042986] Low CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17

- [1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11

- [1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC.
Reported by Anonymous on 2020-04-20

- [1073409] Low CVE-2020-6535: Insufficient data validation in WebUI.
Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22

- [1080934] Low CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09

The version of Google Chrome installed on the remote Windows host is prior to 84.0.4147.89. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_07_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 84.0.4147.89. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_07_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
144672	Debian DSA-4824-1 : chromium - security update	Nessus	Debian Local Security Checks	high
139467	RHEL 6 : chromium-browser (RHSA-2020:3377)	Nessus	Red Hat Local Security Checks	high
139450	openSUSE Security Update : opera (openSUSE-2020-1172)	Nessus	SuSE Local Security Checks	high
139357	openSUSE Security Update : opera (openSUSE-2020-1148)	Nessus	SuSE Local Security Checks	high
139261	Fedora 31 : chromium (2020-84d87cbd50)	Nessus	Fedora Local Security Checks	high
139106	Fedora 32 : chromium (2020-bf684961d9)	Nessus	Fedora Local Security Checks	high
139034	Microsoft Edge (Chromium) < 84.0.522.40 Multiple Vulnerabilities	Nessus	Windows	high
138931	GLSA-202007-08 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
138788	openSUSE Security Update : chromium (openSUSE-2020-1021)	Nessus	SuSE Local Security Checks	high
138787	openSUSE Security Update : chromium (openSUSE-2020-1020)	Nessus	SuSE Local Security Checks	high
138537	FreeBSD : chromium -- multiple vulnerabilities (870d59b0-c6c4-11ea-8015-e09467587c17)	Nessus	FreeBSD Local Security Checks	high
138449	Google Chrome < 84.0.4147.89 Multiple Vulnerabilities	Nessus	Windows	high
138448	Google Chrome < 84.0.4147.89 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

CVE-2020-6535

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins