Detections
Analytics

FreeBSD : chromium -- multiple vulnerabilities (a2caf7bd-a719-11ea-a857-e09467587c17)

critical Nessus Plugin ID 137216

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers.

- [1082105] High CVE-2020-6493: Use after free in WebAuthentication.
Reported by Anonymous on 2020-05-13

- [1083972] High CVE-2020-6494: Incorrect security UI in payments.
Reported by Juho Nurminen on 2020-05-18

- [1072116] High CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-18

- [1085990] High CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani on 2020-05-24

Solution

Update the affected package.

See Also

http://www.nessus.org/u?92b89965

http://www.nessus.org/u?749afecb

Plugin Details

Severity: Critical

ID: 137216

File Name: freebsd_pkg_a2caf7bda71911eaa857e09467587c17.nasl

Version: 1.3

Type: local

Published: 6/8/2020

Updated: 5/13/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-6496

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-6493

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 6/5/2020

Vulnerability Publication Date: 6/3/2020

Reference Information

CVE: CVE-2020-6493, CVE-2020-6494, CVE-2020-6495, CVE-2020-6496