openSUSE-SU-2020:1499

openSUSE-SU-2020:1510

openSUSE-SU-2020:1514

openSUSE-SU-2020:1713

https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html

https://crbug.com/1116304

FEDORA-2020-aea86f913e

FEDORA-2020-2d994b986d

GLSA-202101-30

DSA-4824

The remote host is affected by the vulnerability described in GLSA-202101-30 (Qt WebEngine: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Qt WebEngine. Please       review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.

This update for opera fixes the following issues :

opera was updated to version 71.0.3770.228

  - DNA-87466 Hide extensions icon is black in dark theme

  - DNA-88580 Implement search_in_tabs telemetry benchmark

  - DNA-88591 Allow to scroll down the Keyboards Shortcuts     section with URL

  - DNA-88693 Random crash in SmartFilesBrowserTest

  - DNA-88793 change VPN disclaimer modal layout

  - DNA-88799 Only active workspaces and active messengers     should be listed in keyboard shortcuts settings

  - DNA-88838 add automatic VPN connection preference     setting

  - DNA-88870 Align VPN popup to new design

  - DNA-88900 Turn off Tutorials in Opera GX &ndash;
    implementation

  - DNA-88931 Add info about channel and product (OPR,     OPRGX) to rollout requests

  - DNA-88940 Allow continue-shopping|booking-host-override     switch to handle host and path

  - DNA-88946 Auto-connect VPN after browser startup only     for existing VPN users

  - DNA-89009 Change URL for search-suggestions

  - DNA-89021 Make RH test driver pack to a separate archive

  - DNA-89150 Unhardcode &lsquo;From&rsquo; and     &lsquo;To&rsquo; strings in Advanced History Search

  - DNA-89175 Desktop without a flow paring should not     initialize in browser startup

Opera was updated to version 71.0.3770.198

  - CHR-8106 Update chromium on desktop-stable-85-3770 to     85.0.4183.121

  - DNA-85648 Reconnecting Flow with iOS is unstable

  - DNA-87130 Spinner is stretched instead of clipped

  - DNA-87989 In Find in Page, &ldquo;No matches&rdquo;
    doesn&rsquo;t go away after deleting all text

  - DNA-88098 Data URLs entries should not open new tab     after click on new history page

  - DNA-88267 Extra semicolon in Russian BABE translation

  - DNA-88312 [Win] Downloads file drag and drop     doesn&rsquo;t work in Opera

  - DNA-88363 Add premium extension functionality

  - DNA-88580 Implement search_in_tabs telemetry benchmark

  - DNA-88611 Black font on a dark background in sync login     dialog

  - DNA-88626 Disable #easy-files on desktop-stable-85-xxxx

  - DNA-88701 String &ldquo;Type a shortcut&rdquo; is     hardcoded

  - DNA-88755 Crash at     extensions::WebstoreOneClickInstallerUIImpl::
    RemoveAllInfobarsExcept(opera::ExtensionInstallInfoBarDe     legate*)

  - DNA-88797 Change &lsquo;Register&rsquo; to     &lsquo;Tab&rsquo; in German

  - DNA-88851 [History][Resized window] Button and date     input look bad

  - DNA-88958 Crash at net::`anonymous     namespace&rdquo;::Escape

  - The update to chromium 85.0.4183.121 fixes following     issues :

  - CVE-2020-15960, CVE-2020-15961, CVE-2020-15962,     CVE-2020-15963, CVE-2020-15965, CVE-2020-15966,     CVE-2020-15964

  - Update to version 71.0.3770.148

  - CHR-8091 Update chromium on desktop-stable-85-3770 to     85.0.4183.102

  - DNA-87785 [Mac] &ldquo;Alitools&rdquo; text in extension     toolbar overlaps Install button

  - DNA-87935 Make SSD smaller by 25%

  - DNA-87963 Hidden Avira extension in avira_2 edition

  - DNA-88015 [MyFlow] Desktop doesn&rsquo;t show itself in     devices list

  - DNA-88469 Add context menu options to configure     shortcuts

  - DNA-88496 Define a/b test in ab_tests.json

  - DNA-88537 Don&rsquo;t filter out hashes from feature     reference groups coming from rollout

  - DNA-88580 Implement search_in_tabs telemetry benchmark

  - DNA-88604 [History panel] Search bar covers the     &ldquo;Clear browsing data&rdquo; button

  - DNA-88619 String &lsquo;Download complete&rsquo; is cut     on download popup

  - DNA-88645 Remove option should not be available for last     workspace

  - DNA-88718 [History panel] fix delete button overflow     issue

  - The update to chromium 85.0.4183.102 fixes following     issues :

  - CVE-2020-6573, CVE-2020-6574, CVE-2020-6575,     CVE-2020-6576, CVE-2020-15959

  - Complete Opera 71.0 changelog at:
    https://blogs.opera.com/desktop/changelog-for-71/

  - Update to version 70.0.3728.144

  - CHR-8057 Update chromium on desktop-stable-84-3728 to     84.0.4147.135

  - DNA-88027 [Mac] Downloads icon disappears when downloads     popup is shown

  - DNA-88204 Crash at     opera::DownloadItemView::OnMousePressed (ui::MouseEvent     const&)

  - The update to chromium 84.0.4147.135 fixes following     issues :

  - CVE-2020-6556

Update to 85.0.4183.121. Why? Because security, that's why. It fixes these CVEs :

CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966

It also has a fix for an issue where networking... uh... didn't.

----

Update Chromium to 85.0.4183.102. Fix issue where unpackaged components prevented hardware accelerated rendering from working. Also fixes the following security issues: CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-15959

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for chromium fixes the following issues :

Chromium was updated to version 85.0.4183.102 (bsc#1176306) fixing :

  - CVE-2020-6573: Use after free in video.

  - CVE-2020-6574: Insufficient policy enforcement in     installer. 

  - CVE-2020-6575: Race in Mojo.

  - CVE-2020-6576: Use after free in offscreen canvas. 

  - CVE-2020-15959: Insufficient policy enforcement in     networking.

Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing :

  - CVE-2020-6558: Insufficient policy enforcement in iOS

  - CVE-2020-6559: Use after free in presentation API

  - CVE-2020-6560: Insufficient policy enforcement in     autofill

  - CVE-2020-6561: Inappropriate implementation in Content     Security Policy

  - CVE-2020-6562: Insufficient policy enforcement in Blink

  - CVE-2020-6563: Insufficient policy enforcement in intent     handling.

  - CVE-2020-6564: Incorrect security UI in permissions

  - CVE-2020-6565: Incorrect security UI in Omnibox.

  - CVE-2020-6566: Insufficient policy enforcement in media.

  - CVE-2020-6567: Insufficient validation of untrusted     input in command line handling.

  - CVE-2020-6568: Insufficient policy enforcement in intent     handling.

  - CVE-2020-6569: Integer overflow in WebUSB.

  - CVE-2020-6570: Side-channel information leakage in     WebRTC.

  - CVE-2020-6571: Incorrect security UI in Omnibox.

Update Chromium to 85.0.4183.102. Fix issue where unpackaged components prevented hardware accelerated rendering from working. Also fixes the following security issues: CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-15959

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3740 advisory.

  - chromium-browser: Insufficient policy enforcement in networking (CVE-2020-15959)

  - chromium-browser: Use after free in video (CVE-2020-6573)

  - chromium-browser: Insufficient policy enforcement in installer (CVE-2020-6574)

  - chromium-browser: Race in Mojo (CVE-2020-6575)

  - chromium-browser: Use after free in offscreen canvas (CVE-2020-6576)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202009-03 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

Chrome Releases reports :

This release contains 5 security fixes :

- [1116304] High CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-14

- [1102196] High CVE-2020-6574: Insufficient policy enforcement in installer. Reported by CodeColorist of Ant-Financial LightYear Labs on 2020-07-05

- [1081874] High CVE-2020-6575: Race in Mojo. Reported by Microsoft on 2020-05-12

- [1111737] High CVE-2020-6576: Use after free in offscreen canvas.
Reported by Looben Yang on 2020-07-31

- [1122684] High CVE-2020-15959: Insufficient policy enforcement in networking. Reported by Eric Lawrence of Microsoft on 2020-08-27

The version of Google Chrome installed on the remote host is prior to 85.0.4183.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_09_stable-channel-update-for-desktop advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 85.0.4183.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_09_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 85.0.4183.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_09_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
145430	GLSA-202101-30 : Qt WebEngine: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
144672	Debian DSA-4824-1 : chromium - security update	Nessus	Debian Local Security Checks	high
141905	openSUSE Security Update : opera (openSUSE-2020-1713)	Nessus	SuSE Local Security Checks	high
141289	Fedora 33 : chromium (2020-2d994b986d)	Nessus	Fedora Local Security Checks	high
141145	Fedora 31 : chromium (2020-aea86f913e)	Nessus	Fedora Local Security Checks	high
140742	openSUSE Security Update : chromium (openSUSE-2020-1499)	Nessus	SuSE Local Security Checks	high
140674	Fedora 32 : chromium (2020-9b9e8e5306)	Nessus	Fedora Local Security Checks	high
140587	RHEL 6 : chromium-browser (RHSA-2020:3740)	Nessus	Red Hat Local Security Checks	high
140474	GLSA-202009-03 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
140473	FreeBSD : chromium -- multiple vulnerabilities (bed5d41a-f2b4-11ea-a878-e09467587c17)	Nessus	FreeBSD Local Security Checks	high
701286	Google Chrome < 85.0.4183.102 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
140406	Google Chrome < 85.0.4183.102 Multiple Vulnerabilities	Nessus	Windows	high
140405	Google Chrome < 85.0.4183.102 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

CVE-2020-6573

CRITICAL

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high