https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html

https://crbug.com/1109120

openSUSE-SU-2020:1499

openSUSE-SU-2020:1510

openSUSE-SU-2020:1514

DSA-4824

Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.

This update for chromium fixes the following issues :

Chromium was updated to version 85.0.4183.102 (bsc#1176306) fixing :

  - CVE-2020-6573: Use after free in video.

  - CVE-2020-6574: Insufficient policy enforcement in     installer. 

  - CVE-2020-6575: Race in Mojo.

  - CVE-2020-6576: Use after free in offscreen canvas. 

  - CVE-2020-15959: Insufficient policy enforcement in     networking.

Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing :

  - CVE-2020-6558: Insufficient policy enforcement in iOS

  - CVE-2020-6559: Use after free in presentation API

  - CVE-2020-6560: Insufficient policy enforcement in     autofill

  - CVE-2020-6561: Inappropriate implementation in Content     Security Policy

  - CVE-2020-6562: Insufficient policy enforcement in Blink

  - CVE-2020-6563: Insufficient policy enforcement in intent     handling.

  - CVE-2020-6564: Incorrect security UI in permissions

  - CVE-2020-6565: Incorrect security UI in Omnibox.

  - CVE-2020-6566: Insufficient policy enforcement in media.

  - CVE-2020-6567: Insufficient validation of untrusted     input in command line handling.

  - CVE-2020-6568: Insufficient policy enforcement in intent     handling.

  - CVE-2020-6569: Integer overflow in WebUSB.

  - CVE-2020-6570: Side-channel information leakage in     WebRTC.

  - CVE-2020-6571: Incorrect security UI in Omnibox.

This update for chromium fixes the following issues :

Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing :

  - CVE-2020-6558: Insufficient policy enforcement in iOS

  - CVE-2020-6559: Use after free in presentation API

  - CVE-2020-6560: Insufficient policy enforcement in     autofill

  - CVE-2020-6561: Inappropriate implementation in Content     Security Policy

  - CVE-2020-6562: Insufficient policy enforcement in Blink

  - CVE-2020-6563: Insufficient policy enforcement in intent     handling.

  - CVE-2020-6564: Incorrect security UI in permissions

  - CVE-2020-6565: Incorrect security UI in Omnibox.

  - CVE-2020-6566: Insufficient policy enforcement in media. 

  - CVE-2020-6567: Insufficient validation of untrusted     input in command line handling.

  - CVE-2020-6568: Insufficient policy enforcement in intent     handling.

  - CVE-2020-6569: Integer overflow in WebUSB.

  - CVE-2020-6570: Side-channel information leakage in     WebRTC. 

  - CVE-2020-6571: Incorrect security UI in Omnibox.

This update for chromium fixes the following issues :

Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing :

  - CVE-2020-6558: Insufficient policy enforcement in iOS

  - CVE-2020-6559: Use after free in presentation API

  - CVE-2020-6560: Insufficient policy enforcement in     autofill

  - CVE-2020-6561: Inappropriate implementation in Content     Security Policy

  - CVE-2020-6562: Insufficient policy enforcement in Blink

  - CVE-2020-6563: Insufficient policy enforcement in intent     handling.

  - CVE-2020-6564: Incorrect security UI in permissions

  - CVE-2020-6565: Incorrect security UI in Omnibox.

  - CVE-2020-6566: Insufficient policy enforcement in media.

  - CVE-2020-6567: Insufficient validation of untrusted     input in command line handling.

  - CVE-2020-6568: Insufficient policy enforcement in intent     handling.

  - CVE-2020-6569: Integer overflow in WebUSB.

  - CVE-2020-6570: Side-channel information leakage in     WebRTC.

  - CVE-2020-6571: Incorrect security UI in Omnibox.

Chrome Releases reports :

This update includes 20 security fixes, including :

- [1109120] High CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-24

- [1116706] High CVE-2020-6559: Use after free in presentation API.
Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-08-15

- [1108181] Medium CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de on 2020-07-22

- [932892] Medium CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu on 2019-02-16

- [1086845] Medium CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa on 2020-05-27

- [1104628] Medium CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira on 2020-07-12

- [841622] Medium CVE-2020-6564: Incorrect security UI in permissions.
Reported by Khalil Zhani on 2018-05-10

- [1029907] Medium CVE-2020-6565: Incorrect security UI in Omnibox.
Reported by Khalil Zhani on 2019-12-02

- [1065264] Medium CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-27

- [937179] Low CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS on 2019-03-01

- [1092451] Low CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08

- [995732] Low CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei on 2019-08-20

- [1084699] Low CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable on 2020-05-19

- [1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox.
Reported by Rayyan Bijoora on 2020-05-21

The version of Google Chrome installed on the remote host is prior to 85.0.4183.83. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_08_stable-channel-update-for-desktop_25 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 85.0.4183.83. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_08_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 85.0.4183.83. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_08_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
144672	Debian DSA-4824-1 : chromium - security update	Nessus	Debian Local Security Checks	high
140742	openSUSE Security Update : chromium (openSUSE-2020-1499)	Nessus	SuSE Local Security Checks	high
140171	openSUSE Security Update : chromium (openSUSE-2020-1309)	Nessus	SuSE Local Security Checks	high
140170	openSUSE Security Update : chromium (openSUSE-2020-1306)	Nessus	SuSE Local Security Checks	high
139886	FreeBSD : chromium -- multiple vulnerabilities (d73bc4e6-e7c4-11ea-a878-e09467587c17)	Nessus	FreeBSD Local Security Checks	high
701285	Google Chrome < 85.0.4183.83 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
139794	Google Chrome < 85.0.4183.83 Multiple Vulnerabilities	Nessus	Windows	high
139793	Google Chrome < 85.0.4183.83 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

CVE-2020-6558

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high