Debian DSA-4638-1 : chromium - security update

high Nessus Plugin ID 134433
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

- CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library.

- CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library.

- CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library.

- CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library.

- CVE-2020-6381 UK's National Cyber Security Centre discovered an integer overflow issue in the v8 JavaScript library.

- CVE-2020-6382 Soyeon Park and Wen Xu discovered a type error in the v8 JavaScript library.

- CVE-2020-6383 Sergei Glazunov discovered a type error in the v8 JavaScript library.

- CVE-2020-6384 David Manoucheri discovered a use-after-free issue in WebAudio.

- CVE-2020-6385 Sergei Glazunov discovered a policy enforcement error.

- CVE-2020-6386 Zhe Jin discovered a use-after-free issue in speech processing.

- CVE-2020-6387 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation.

- CVE-2020-6388 Sergei Glazunov discovered an out-of-bounds read error in the WebRTC implementation.

- CVE-2020-6389 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation.

- CVE-2020-6390 Sergei Glazunov discovered an out-of-bounds read error.

- CVE-2020-6391 Michal Bentkowski discoverd that untrusted input was insufficiently validated.

- CVE-2020-6392 The Microsoft Edge Team discovered a policy enforcement error.

- CVE-2020-6393 Mark Amery discovered a policy enforcement error.

- CVE-2020-6394 Phil Freo discovered a policy enforcement error.

- CVE-2020-6395 Pierre Langlois discovered an out-of-bounds read error in the v8 JavaScript library.

- CVE-2020-6396 William Luc Ritchie discovered an error in the skia library.

- CVE-2020-6397 Khalil Zhani discovered a user interface error.

- CVE-2020-6398 pdknsk discovered an uninitialized variable in the pdfium library.

- CVE-2020-6399 Luan Herrera discovered a policy enforcement error.

- CVE-2020-6400 Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing.

- CVE-2020-6401 Tzachy Horesh discovered that user input was insufficiently validated.

- CVE-2020-6402 Vladimir Metnew discovered a policy enforcement error.

- CVE-2020-6403 Khalil Zhani discovered a user interface error.

- CVE-2020-6404 kanchi discovered an error in Blink/Webkit.

- CVE-2020-6405 Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the sqlite library.

- CVE-2020-6406 Sergei Glazunov discovered a use-after-free issue.

- CVE-2020-6407 Sergei Glazunov discovered an out-of-bounds read error.

- CVE-2020-6408 Zhong Zhaochen discovered a policy enforcement error in Cross-Origin Resource Sharing.

- CVE-2020-6409 Divagar S and Bharathi V discovered an error in the omnibox implementation.

- CVE-2020-6410 evil1m0 discovered a policy enforcement error.

- CVE-2020-6411 Khalil Zhani discovered that user input was insufficiently validated.

- CVE-2020-6412 Zihan Zheng discovered that user input was insufficiently validated.

- CVE-2020-6413 Michal Bentkowski discovered an error in Blink/Webkit.

- CVE-2020-6414 Lijo A.T discovered a policy safe browsing policy enforcement error.

- CVE-2020-6415 Avihay Cohen discovered an implementation error in the v8 JavaScript library.

- CVE-2020-6416 Woojin Oh discovered that untrusted input was insufficiently validated.

- CVE-2020-6418 Clement Lecigne discovered a type error in the v8 JavaScript library.

- CVE-2020-6420 Taras Uzdenov discovered a policy enforcement error.

Solution

Upgrade the chromium packages.

For the oldstable distribution (stretch), security support for chromium has been discontinued.

For the stable distribution (buster), these problems have been fixed in version 80.0.3987.132-1~deb10u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2019-19880

https://security-tracker.debian.org/tracker/CVE-2019-19923

https://security-tracker.debian.org/tracker/CVE-2019-19925

https://security-tracker.debian.org/tracker/CVE-2019-19926

https://security-tracker.debian.org/tracker/CVE-2020-6381

https://security-tracker.debian.org/tracker/CVE-2020-6382

https://security-tracker.debian.org/tracker/CVE-2020-6383

https://security-tracker.debian.org/tracker/CVE-2020-6384

https://security-tracker.debian.org/tracker/CVE-2020-6385

https://security-tracker.debian.org/tracker/CVE-2020-6386

https://security-tracker.debian.org/tracker/CVE-2020-6387

https://security-tracker.debian.org/tracker/CVE-2020-6388

https://security-tracker.debian.org/tracker/CVE-2020-6389

https://security-tracker.debian.org/tracker/CVE-2020-6390

https://security-tracker.debian.org/tracker/CVE-2020-6391

https://security-tracker.debian.org/tracker/CVE-2020-6392

https://security-tracker.debian.org/tracker/CVE-2020-6393

https://security-tracker.debian.org/tracker/CVE-2020-6394

https://security-tracker.debian.org/tracker/CVE-2020-6395

https://security-tracker.debian.org/tracker/CVE-2020-6396

https://security-tracker.debian.org/tracker/CVE-2020-6397

https://security-tracker.debian.org/tracker/CVE-2020-6398

https://security-tracker.debian.org/tracker/CVE-2020-6399

https://security-tracker.debian.org/tracker/CVE-2020-6400

https://security-tracker.debian.org/tracker/CVE-2020-6401

https://security-tracker.debian.org/tracker/CVE-2020-6402

https://security-tracker.debian.org/tracker/CVE-2020-6403

https://security-tracker.debian.org/tracker/CVE-2020-6404

https://security-tracker.debian.org/tracker/CVE-2020-6405

https://security-tracker.debian.org/tracker/CVE-2020-6406

https://security-tracker.debian.org/tracker/CVE-2020-6407

https://security-tracker.debian.org/tracker/CVE-2020-6408

https://security-tracker.debian.org/tracker/CVE-2020-6409

https://security-tracker.debian.org/tracker/CVE-2020-6410

https://security-tracker.debian.org/tracker/CVE-2020-6411

https://security-tracker.debian.org/tracker/CVE-2020-6412

https://security-tracker.debian.org/tracker/CVE-2020-6413

https://security-tracker.debian.org/tracker/CVE-2020-6414

https://security-tracker.debian.org/tracker/CVE-2020-6415

https://security-tracker.debian.org/tracker/CVE-2020-6416

https://security-tracker.debian.org/tracker/CVE-2020-6418

https://security-tracker.debian.org/tracker/CVE-2020-6420

https://security-tracker.debian.org/tracker/source-package/chromium

https://packages.debian.org/source/buster/chromium

https://www.debian.org/security/2020/dsa-4638

Plugin Details

Severity: High

ID: 134433

File Name: debian_DSA-4638.nasl

Version: 1.4

Type: local

Agent: unix

Published: 3/12/2020

Updated: 2/8/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:chromium, cpe:/o:debian:debian_linux:10.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/10/2020

Vulnerability Publication Date: 12/18/2019

Exploitable With

Metasploit (Google Chrome 80 JSCreate side-effect type confusion exploit)

Reference Information

CVE: CVE-2019-19880, CVE-2019-19923, CVE-2019-19925, CVE-2019-19926, CVE-2020-6381, CVE-2020-6382, CVE-2020-6383, CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2020-6420

DSA: 4638