FreeBSD : chromium -- multiple vulnerabilities (d73bc4e6-e7c4-11ea-a878-e09467587c17)

high Nessus Plugin ID 139886

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This update includes 20 security fixes, including :

- [1109120] High CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-24

- [1116706] High CVE-2020-6559: Use after free in presentation API.
Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-08-15

- [1108181] Medium CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de on 2020-07-22

- [932892] Medium CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu on 2019-02-16

- [1086845] Medium CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa on 2020-05-27

- [1104628] Medium CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira on 2020-07-12

- [841622] Medium CVE-2020-6564: Incorrect security UI in permissions.
Reported by Khalil Zhani on 2018-05-10

- [1029907] Medium CVE-2020-6565: Incorrect security UI in Omnibox.
Reported by Khalil Zhani on 2019-12-02

- [1065264] Medium CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-27

- [937179] Low CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS on 2019-03-01

- [1092451] Low CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08

- [995732] Low CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei on 2019-08-20

- [1084699] Low CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable on 2020-05-19

- [1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox.
Reported by Rayyan Bijoora on 2020-05-21

Solution

Update the affected package.

See Also

http://www.nessus.org/u?6e44927e

http://www.nessus.org/u?6d3dc658

Plugin Details

Severity: High

ID: 139886

File Name: freebsd_pkg_d73bc4e6e7c411eaa878e09467587c17.nasl

Version: 1.4

Type: local

Published: 8/27/2020

Updated: 9/30/2020

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2020-6559

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/26/2020

Vulnerability Publication Date: 8/25/2020

Reference Information

CVE: CVE-2020-6558, CVE-2020-6559, CVE-2020-6560, CVE-2020-6561, CVE-2020-6562, CVE-2020-6563, CVE-2020-6564, CVE-2020-6565, CVE-2020-6566, CVE-2020-6567, CVE-2020-6568, CVE-2020-6569, CVE-2020-6570, CVE-2020-6571