RHEL 6 : chromium-browser (RHSA-2020:3377)

High Nessus Plugin ID 139467

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3377 advisory.

 - chromium-browser: Heap buffer overflow in background fetch (CVE-2020-6510)

 - chromium-browser: Side-channel information leakage in content security policy (CVE-2020-6511)

 - chromium-browser: Type Confusion in V8 (CVE-2020-6512, CVE-2020-6533, CVE-2020-6537)

 - chromium-browser: Heap buffer overflow in PDFium (CVE-2020-6513)

 - chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514, CVE-2020-6529)

 - chromium-browser: Use after free in tab strip (CVE-2020-6515)

 - chromium-browser: Policy bypass in CORS (CVE-2020-6516)

 - chromium-browser: Heap buffer overflow in history (CVE-2020-6517)

 - chromium-browser: Use after free in developer tools (CVE-2020-6518)

 - chromium-browser: Policy bypass in CSP (CVE-2020-6519)

 - chromium-browser: Heap buffer overflow in Skia (CVE-2020-6520, CVE-2020-6525, CVE-2020-6540)

 - chromium-browser: Side-channel information leakage in autofill (CVE-2020-6521)

 - chromium-browser: Inappropriate implementation in external protocol handlers (CVE-2020-6522)

 - chromium-browser: Out of bounds write in Skia (CVE-2020-6523)

 - chromium-browser: Heap buffer overflow in WebAudio (CVE-2020-6524)

 - chromium-browser: Inappropriate implementation in iframe sandbox (CVE-2020-6526)

 - chromium-browser: Insufficient policy enforcement in CSP (CVE-2020-6527)

 - chromium-browser: Incorrect security UI in basic auth (CVE-2020-6528)

 - chromium-browser: Out of bounds memory access in developer tools (CVE-2020-6530)

 - chromium-browser: Side-channel information leakage in scroll to text (CVE-2020-6531)

 - chromium-browser: Use after free in SCTP (CVE-2020-6532)

 - chromium-browser: Heap buffer overflow in WebRTC (CVE-2020-6534)

 - chromium-browser: Insufficient data validation in WebUI (CVE-2020-6535)

 - chromium-browser: Incorrect security UI in PWAs (CVE-2020-6536)

 - chromium-browser: Inappropriate implementation in WebView (CVE-2020-6538)

 - chromium-browser: Use after free in CSS (CVE-2020-6539)

 - chromium-browser: Use after free in WebUSB (CVE-2020-6541)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromium-browser package.

See Also

https://cwe.mitre.org/data/definitions/122.html

https://cwe.mitre.org/data/definitions/358.html

https://cwe.mitre.org/data/definitions/416.html

https://cwe.mitre.org/data/definitions/843.html

https://access.redhat.com/security/cve/CVE-2020-6510

https://access.redhat.com/security/cve/CVE-2020-6511

https://access.redhat.com/security/cve/CVE-2020-6512

https://access.redhat.com/security/cve/CVE-2020-6513

https://access.redhat.com/security/cve/CVE-2020-6514

https://access.redhat.com/security/cve/CVE-2020-6515

https://access.redhat.com/security/cve/CVE-2020-6516

https://access.redhat.com/security/cve/CVE-2020-6517

https://access.redhat.com/security/cve/CVE-2020-6518

https://access.redhat.com/security/cve/CVE-2020-6519

https://access.redhat.com/security/cve/CVE-2020-6520

https://access.redhat.com/security/cve/CVE-2020-6521

https://access.redhat.com/security/cve/CVE-2020-6522

https://access.redhat.com/security/cve/CVE-2020-6523

https://access.redhat.com/security/cve/CVE-2020-6524

https://access.redhat.com/security/cve/CVE-2020-6525

https://access.redhat.com/security/cve/CVE-2020-6526

https://access.redhat.com/security/cve/CVE-2020-6527

https://access.redhat.com/security/cve/CVE-2020-6528

https://access.redhat.com/security/cve/CVE-2020-6529

https://access.redhat.com/security/cve/CVE-2020-6530

https://access.redhat.com/security/cve/CVE-2020-6531

https://access.redhat.com/security/cve/CVE-2020-6532

https://access.redhat.com/security/cve/CVE-2020-6533

https://access.redhat.com/security/cve/CVE-2020-6534

https://access.redhat.com/security/cve/CVE-2020-6535

https://access.redhat.com/security/cve/CVE-2020-6536

https://access.redhat.com/security/cve/CVE-2020-6537

https://access.redhat.com/security/cve/CVE-2020-6538

https://access.redhat.com/security/cve/CVE-2020-6539

https://access.redhat.com/security/cve/CVE-2020-6540

https://access.redhat.com/security/cve/CVE-2020-6541

https://access.redhat.com/errata/RHSA-2020:3377

https://bugzilla.redhat.com/1857320

https://bugzilla.redhat.com/1857321

https://bugzilla.redhat.com/1857322

https://bugzilla.redhat.com/1857323

https://bugzilla.redhat.com/1857324

https://bugzilla.redhat.com/1857325

https://bugzilla.redhat.com/1857326

https://bugzilla.redhat.com/1857327

https://bugzilla.redhat.com/1857328

https://bugzilla.redhat.com/1857329

https://bugzilla.redhat.com/1857330

https://bugzilla.redhat.com/1857331

https://bugzilla.redhat.com/1857332

https://bugzilla.redhat.com/1857333

https://bugzilla.redhat.com/1857334

https://bugzilla.redhat.com/1857336

https://bugzilla.redhat.com/1857337

https://bugzilla.redhat.com/1857338

https://bugzilla.redhat.com/1857339

https://bugzilla.redhat.com/1857340

https://bugzilla.redhat.com/1857341

https://bugzilla.redhat.com/1857342

https://bugzilla.redhat.com/1857349

https://bugzilla.redhat.com/1857351

https://bugzilla.redhat.com/1857352

https://bugzilla.redhat.com/1857400

https://bugzilla.redhat.com/1861464

https://bugzilla.redhat.com/1861465

https://bugzilla.redhat.com/1861466

https://bugzilla.redhat.com/1861467

https://bugzilla.redhat.com/1861468

https://bugzilla.redhat.com/1861469

Plugin Details

Severity: High

ID: 139467

File Name: redhat-RHSA-2020-3377.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2020/08/10

Updated: 2020/10/20

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 7.4

CVSS Score Source: CVE-2020-6524

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:redhat:rhel_extras:6, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:chromium-browser

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2020/08/10

Vulnerability Publication Date: 2020/07/22

Reference Information

CVE: CVE-2020-6510, CVE-2020-6511, CVE-2020-6512, CVE-2020-6513, CVE-2020-6514, CVE-2020-6515, CVE-2020-6516, CVE-2020-6517, CVE-2020-6518, CVE-2020-6519, CVE-2020-6520, CVE-2020-6521, CVE-2020-6522, CVE-2020-6523, CVE-2020-6524, CVE-2020-6525, CVE-2020-6526, CVE-2020-6527, CVE-2020-6528, CVE-2020-6529, CVE-2020-6530, CVE-2020-6531, CVE-2020-6532, CVE-2020-6533, CVE-2020-6534, CVE-2020-6535, CVE-2020-6536, CVE-2020-6537, CVE-2020-6538, CVE-2020-6539, CVE-2020-6540, CVE-2020-6541

RHSA: 2020:3377

CWE: 122, 358, 416, 843