FreeBSD : chromium -- multiple vulnerabilities (01ffd06a-36ed-11eb-b655-3065ec8fd3ec)

high Nessus Plugin ID 143517

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This release contains 8 security fixes, including :

- [1142331] High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26

- [1138683] High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14

- [1149177] High CVE-2020-16039: Use after free in extensions.
Reported by Anonymous on 2020-11-15

- [1150649] High CVE-2020-16040: Insufficient data validation in V8.
Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-11-19

- [1151865] Medium CVE-2020-16041: Out of bounds read in networking.
Reported by Sergei Glazunov and Mark Brand of Google Project Zero on 2020-11-23

- [1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported by Andre Bargull on 2020-11-2

Solution

Update the affected package.

See Also

http://www.nessus.org/u?4b9934e1

http://www.nessus.org/u?79a19458

Plugin Details

Severity: High

ID: 143517

File Name: freebsd_pkg_01ffd06a36ed11ebb6553065ec8fd3ec.nasl

Version: 1.10

Type: local

Published: 12/7/2020

Updated: 4/21/2021

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/5/2020

Vulnerability Publication Date: 12/2/2020

Exploitable With

Metasploit (Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase)

Reference Information

CVE: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042

IAVA: 2020-A-0571-S