Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:126854
[Rus]
Version
1
Class
patch
ALTXid
316836
Language
English
Severity
Medium
Title
MGASA-2020-0078 -- security update for chromium-browser-stable
Description
Multiple flaws were found in the way Chromium 78.0.3904.108 processes
various types of web content, where loading a web page containing
malicious content could cause Chromium to crash, execute arbitrary code,
or disclose sensitive information.
Family
unix
Platform
Mageia 7
Product
chromium-browser-stable
Reference
VENDOR: MGASA-2020-0078
VENDOR: MGASA-2020-0078
Id:
MGASA-2020-0078
Reference:
https://advisories.mageia.org/MGASA-2020-0078.html
CVE: CVE-2019-13725
CVE: CVE-2019-13725
Id:
CVE-2019-13725
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13725
Comment
: Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1025067 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13726
CVE: CVE-2019-13726
Id:
CVE-2019-13726
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13726
Comment
: Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://crbug.com/1027152 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13727
CVE: CVE-2019-13727
Id:
CVE-2019-13727
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13727
Comment
: Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
281 (Improper Preservation of Permissions)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/944619 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13728
CVE: CVE-2019-13728
Id:
CVE-2019-13728
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13728
Comment
: Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1024758 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13729
CVE: CVE-2019-13729
Id:
CVE-2019-13729
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13729
Comment
: Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1025489 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13730
CVE: CVE-2019-13730
Id:
CVE-2019-13730
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13730
Comment
: Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1028862 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13732
CVE: CVE-2019-13732
Id:
CVE-2019-13732
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13732
Comment
: Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1023817 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13734
CVE: CVE-2019-13734
Id:
CVE-2019-13734
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734
Comment
: Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1025466 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
RHSA-2020:0273 (REDHAT)
RHSA-2020:0229 (REDHAT)
RHSA-2020:0227 (REDHAT)
RHSA-2020:0476 (REDHAT)
RHSA-2020:0463 (REDHAT)
RHSA-2020:0451 (REDHAT)
GLSA-202003-08 (GENTOO)
USN-4298-1 (UBUNTU)
USN-4298-2 (UBUNTU)
https://www.oracle.com/security-alerts/cpujan2022.html (MISC)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13735
CVE: CVE-2019-13735
Id:
CVE-2019-13735
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13735
Comment
: Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1025468 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13736
CVE: CVE-2019-13736
Id:
CVE-2019-13736
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13736
Comment
: Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1020899 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13737
CVE: CVE-2019-13737
Id:
CVE-2019-13737
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13737
Comment
: Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://crbug.com/1013882 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13738
CVE: CVE-2019-13738
Id:
CVE-2019-13738
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13738
Comment
: Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
269 (Improper Privilege Management)
References:
https://crbug.com/1017441 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13739
CVE: CVE-2019-13739
Id:
CVE-2019-13739
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13739
Comment
: Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
https://crbug.com/824715 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13740
CVE: CVE-2019-13740
Id:
CVE-2019-13740
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13740
Comment
: Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
346 (Origin Validation Error)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1005596 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13741
CVE: CVE-2019-13741
Id:
CVE-2019-13741
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13741
Comment
: Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1011950 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13742
CVE: CVE-2019-13742
Id:
CVE-2019-13742
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13742
Comment
: Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
https://crbug.com/1017564 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13743
CVE: CVE-2019-13743
Id:
CVE-2019-13743
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13743
Comment
: Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
https://crbug.com/754304 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13744
CVE: CVE-2019-13744
Id:
CVE-2019-13744
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13744
Comment
: Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://crbug.com/853670 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13745
CVE: CVE-2019-13745
Id:
CVE-2019-13745
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13745
Comment
: Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
https://crbug.com/990867 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13746
CVE: CVE-2019-13746
Id:
CVE-2019-13746
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13746
Comment
: Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/999932 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13747
CVE: CVE-2019-13747
Id:
CVE-2019-13747
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13747
Comment
: Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1018528 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13748
CVE: CVE-2019-13748
Id:
CVE-2019-13748
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13748
Comment
: Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
862 (Missing Authorization)
References:
https://crbug.com/993706 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13749
CVE: CVE-2019-13749
Id:
CVE-2019-13749
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13749
Comment
: Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
https://crbug.com/1010765 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13750
CVE: CVE-2019-13750
Id:
CVE-2019-13750
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750
Comment
: Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
20 (Improper Input Validation)
References:
https://crbug.com/1025464 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
USN-4298-1 (UBUNTU)
USN-4298-2 (UBUNTU)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13751
CVE: CVE-2019-13751
Id:
CVE-2019-13751
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751
Comment
: Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
908 ()
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1025465 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
USN-4298-1 (UBUNTU)
USN-4298-2 (UBUNTU)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13752
CVE: CVE-2019-13752
Id:
CVE-2019-13752
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752
Comment
: Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1025470 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
USN-4298-1 (UBUNTU)
USN-4298-2 (UBUNTU)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13753
CVE: CVE-2019-13753
Id:
CVE-2019-13753
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753
Comment
: Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1025471 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
USN-4298-1 (UBUNTU)
USN-4298-2 (UBUNTU)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13754
CVE: CVE-2019-13754
Id:
CVE-2019-13754
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13754
Comment
: Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/442579 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13755
CVE: CVE-2019-13755
Id:
CVE-2019-13755
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13755
Comment
: Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://crbug.com/696208 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13756
CVE: CVE-2019-13756
Id:
CVE-2019-13756
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13756
Comment
: Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://crbug.com/708595 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13757
CVE: CVE-2019-13757
Id:
CVE-2019-13757
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13757
Comment
: Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://crbug.com/884693 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13758
CVE: CVE-2019-13758
Id:
CVE-2019-13758
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13758
Comment
: Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/979441 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13759
CVE: CVE-2019-13759
Id:
CVE-2019-13759
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13759
Comment
: Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/901789 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13761
CVE: CVE-2019-13761
Id:
CVE-2019-13761
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13761
Comment
: Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://crbug.com/1002687 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13762
CVE: CVE-2019-13762
Id:
CVE-2019-13762
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13762
Comment
: Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSSv3 Score:
3.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE:
667 (Improper Locking)
References:
https://crbug.com/1004212 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13763
CVE: CVE-2019-13763
Id:
CVE-2019-13763
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13763
Comment
: Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References:
https://crbug.com/1011600 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13764
CVE: CVE-2019-13764
Id:
CVE-2019-13764
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13764
Comment
: Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1028863 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13767
CVE: CVE-2019-13767
Id:
CVE-2019-13767
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13767
Comment
: Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1031653 (MISC)
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html (MISC)
openSUSE-SU-2020:0007 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
http://packetstormsecurity.com/files/156563/Chrome-DesktopMediaPickerController-WebContentsDestroyed-Use-After-Free.html (MISC)
GLSA-202003-08 (GENTOO)
FEDORA-2020-4355ea258e ()
CVE: CVE-2020-6377
CVE: CVE-2020-6377
Id:
CVE-2020-6377
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6377
Comment
: Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://crbug.com/1029462 (MISC)
https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0006 (SUSE)
openSUSE-SU-2020:0009 (SUSE)
RHSA-2020:0084 (REDHAT)
openSUSE-SU-2020:0053 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-581537c8aa ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2020-6378
CVE: CVE-2020-6378
Id:
CVE-2020-6378
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6378
Comment
: Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1018677 (MISC)
https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html (MISC)
GLSA-202003-08 (GENTOO)
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6379
CVE: CVE-2020-6379
Id:
CVE-2020-6379
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6379
Comment
: Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html (MISC)
https://crbug.com/1033407 (MISC)
GLSA-202003-08 (GENTOO)
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6380
CVE: CVE-2020-6380
Id:
CVE-2020-6380
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6380
Comment
: Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
863 (Incorrect Authorization)
References:
https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html (MISC)
https://crbug.com/1032170 (MISC)
GLSA-202003-08 (GENTOO)
FEDORA-2020-39e0b8bd14 ()
Content available only for registered users!
ovaldb@altx-soft.com