FreeBSD : chromium -- multiple vulnerabilities (01ffd06a-36ed-11eb-b655-3065ec8fd3ec)

high Nessus Plugin ID 143517
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 7.7

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This release contains 8 security fixes, including :

- [1142331] High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26

- [1138683] High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14

- [1149177] High CVE-2020-16039: Use after free in extensions.
Reported by Anonymous on 2020-11-15

- [1150649] High CVE-2020-16040: Insufficient data validation in V8.
Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-11-19

- [1151865] Medium CVE-2020-16041: Out of bounds read in networking.
Reported by Sergei Glazunov and Mark Brand of Google Project Zero on 2020-11-23

- [1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported by Andre Bargull on 2020-11-2

Solution

Update the affected package.

See Also

http://www.nessus.org/u?4b9934e1

http://www.nessus.org/u?79a19458

Plugin Details

Severity: High

ID: 143517

File Name: freebsd_pkg_01ffd06a36ed11ebb6553065ec8fd3ec.nasl

Version: 1.10

Type: local

Published: 12/7/2020

Updated: 4/21/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 7.7

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/5/2020

Vulnerability Publication Date: 12/2/2020

Exploitable With

Metasploit (Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase)

Reference Information

CVE: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042

IAVA: 2020-A-0571-S