RHEL 6 : chromium-browser (RHSA-2020:0514)

high Nessus Plugin ID 133749

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0514 advisory.

- libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197)

- CVE-2019-19926 sqlite: error mishandling because of incomplete fix of (CVE-2019-19880)

- sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923)

- sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925)

- sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926)

- chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)

- chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)

- chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385)

- chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387, CVE-2020-6389)

- chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)

- chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)

- chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391)

- chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392)

- chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393, CVE-2020-6394)

- chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)

- chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)

- chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)

- chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)

- chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399)

- chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)

- chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401, CVE-2020-6411, CVE-2020-6412)

- chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402)

- chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)

- chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404, CVE-2020-6413)

- sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)

- chromium-browser: Use after free in audio (CVE-2020-6406)

- chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)

- chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)

- chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410)

- chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414)

- chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415)

- chromium-browser: Insufficient data validation in streams (CVE-2020-6416)

- chromium-browser: Inappropriate implementation in installer (CVE-2020-6417)

- chromium-browser: Inappropriate implementation in AppCache (CVE-2020-6499)

- chromium-browser: Inappropriate implementation in interstitials (CVE-2020-6500)

- chromium-browser: Insufficient policy enforcement in CSP (CVE-2020-6501)

- chromium-browser: Incorrect security UI in permissions (CVE-2020-6502)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromium-browser package.

See Also

https://access.redhat.com/errata/RHSA-2020:0514

https://cwe.mitre.org/data/definitions/125.html

https://cwe.mitre.org/data/definitions/416.html

https://cwe.mitre.org/data/definitions/20.html

https://cwe.mitre.org/data/definitions/476.html

https://access.redhat.com/security/cve/CVE-2019-19923

https://access.redhat.com/security/cve/CVE-2019-19925

https://bugzilla.redhat.com/1788846

https://bugzilla.redhat.com/1788866

https://access.redhat.com/security/cve/CVE-2019-18197

https://bugzilla.redhat.com/1770768

https://access.redhat.com/security/cve/CVE-2020-6405

https://bugzilla.redhat.com/1801181

https://access.redhat.com/security/cve/CVE-2019-19880

https://access.redhat.com/security/cve/CVE-2019-19926

https://access.redhat.com/security/cve/CVE-2020-6381

https://access.redhat.com/security/cve/CVE-2020-6382

https://access.redhat.com/security/cve/CVE-2020-6385

https://access.redhat.com/security/cve/CVE-2020-6387

https://access.redhat.com/security/cve/CVE-2020-6388

https://access.redhat.com/security/cve/CVE-2020-6389

https://access.redhat.com/security/cve/CVE-2020-6390

https://access.redhat.com/security/cve/CVE-2020-6391

https://access.redhat.com/security/cve/CVE-2020-6392

https://access.redhat.com/security/cve/CVE-2020-6393

https://access.redhat.com/security/cve/CVE-2020-6394

https://access.redhat.com/security/cve/CVE-2020-6395

https://access.redhat.com/security/cve/CVE-2020-6396

https://access.redhat.com/security/cve/CVE-2020-6397

https://access.redhat.com/security/cve/CVE-2020-6398

https://access.redhat.com/security/cve/CVE-2020-6399

https://access.redhat.com/security/cve/CVE-2020-6400

https://access.redhat.com/security/cve/CVE-2020-6401

https://access.redhat.com/security/cve/CVE-2020-6402

https://access.redhat.com/security/cve/CVE-2020-6403

https://access.redhat.com/security/cve/CVE-2020-6404

https://access.redhat.com/security/cve/CVE-2020-6406

https://access.redhat.com/security/cve/CVE-2020-6408

https://access.redhat.com/security/cve/CVE-2020-6409

https://access.redhat.com/security/cve/CVE-2020-6410

https://access.redhat.com/security/cve/CVE-2020-6411

https://access.redhat.com/security/cve/CVE-2020-6412

https://access.redhat.com/security/cve/CVE-2020-6413

https://access.redhat.com/security/cve/CVE-2020-6414

https://access.redhat.com/security/cve/CVE-2020-6415

https://access.redhat.com/security/cve/CVE-2020-6416

https://access.redhat.com/security/cve/CVE-2020-6417

https://access.redhat.com/security/cve/CVE-2020-6499

https://access.redhat.com/security/cve/CVE-2020-6500

https://access.redhat.com/security/cve/CVE-2020-6501

https://access.redhat.com/security/cve/CVE-2020-6502

https://bugzilla.redhat.com/1787032

https://bugzilla.redhat.com/1789364

https://bugzilla.redhat.com/1801160

https://bugzilla.redhat.com/1801161

https://bugzilla.redhat.com/1801162

https://bugzilla.redhat.com/1801163

https://bugzilla.redhat.com/1801164

https://bugzilla.redhat.com/1801165

https://bugzilla.redhat.com/1801166

https://bugzilla.redhat.com/1801167

https://bugzilla.redhat.com/1801168

https://bugzilla.redhat.com/1801169

https://bugzilla.redhat.com/1801170

https://bugzilla.redhat.com/1801171

https://bugzilla.redhat.com/1801172

https://bugzilla.redhat.com/1801173

https://bugzilla.redhat.com/1801174

https://bugzilla.redhat.com/1801175

https://bugzilla.redhat.com/1801176

https://bugzilla.redhat.com/1801177

https://bugzilla.redhat.com/1801178

https://bugzilla.redhat.com/1801179

https://bugzilla.redhat.com/1801180

https://bugzilla.redhat.com/1801182

https://bugzilla.redhat.com/1801184

https://bugzilla.redhat.com/1801185

https://bugzilla.redhat.com/1801186

https://bugzilla.redhat.com/1801187

https://bugzilla.redhat.com/1801188

https://bugzilla.redhat.com/1801189

https://bugzilla.redhat.com/1801190

https://bugzilla.redhat.com/1801191

https://bugzilla.redhat.com/1801192

https://bugzilla.redhat.com/1801193

https://bugzilla.redhat.com/1844539

https://bugzilla.redhat.com/1844542

https://bugzilla.redhat.com/1844546

https://bugzilla.redhat.com/1844549

Plugin Details

Severity: High

ID: 133749

File Name: redhat-RHSA-2020-0514.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2/18/2020

Updated: 4/27/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent

Risk Information

CVSS Score Source: CVE-2020-6416

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*, cpe:2.3:o:redhat:rhel_eus:6.0:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:chromium-browser:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/17/2020

Vulnerability Publication Date: 10/18/2019

Reference Information

CVE: CVE-2019-18197, CVE-2019-19880, CVE-2019-19926, CVE-2019-19925, CVE-2019-19923, CVE-2020-6381, CVE-2020-6382, CVE-2020-6385, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6417

CWE: 20, 125, 416, 476

RHSA: 2020:0514

IAVA: 2020-A-0051-S