Vulnerabilities > CVE-2019-13738 - Improper Privilege Management vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Restful Privilege Elevation Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-08.NASL description The remote host is affected by the vulnerability described in GLSA-202003-08 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof an URL or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-13 plugin id 134475 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134475 title GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202003-08. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(134475); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18"); script_cve_id("CVE-2019-13723", "CVE-2019-13724", "CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764", "CVE-2019-13767", "CVE-2020-6377", "CVE-2020-6378", "CVE-2020-6379", "CVE-2020-6380", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6385", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6403", "CVE-2020-6404", "CVE-2020-6406", "CVE-2020-6407", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6418", "CVE-2020-6420"); script_xref(name:"GLSA", value:"202003-08"); script_name(english:"GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202003-08 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof an URL or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-08" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-80.0.3987.132' All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/google-chrome-80.0.3987.132'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 80 JSCreate side-effect type confusion exploit'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:google-chrome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/25"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 80.0.3987.132"), vulnerable:make_list("lt 80.0.3987.132"))) flag++; if (qpkg_check(package:"www-client/google-chrome", unaffected:make_list("ge 80.0.3987.132"), vulnerable:make_list("lt 80.0.3987.132"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / Google Chrome"); }
NASL family Windows NASL id GOOGLE_CHROME_79_0_3945_79.NASL description The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_12_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131954 published 2019-12-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131954 title Google Chrome < 79.0.3945.79 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(131954); script_version("1.4"); script_cvs_date("Date: 2020/01/10"); script_cve_id( "CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764" ); script_name(english:"Google Chrome < 79.0.3945.79 Multiple Vulnerabilities"); script_summary(english:"Checks version of Google Chrome"); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_12_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5e80c206"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025067"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1027152"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/944619"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1024758"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025489"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1028862"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1023817"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025466"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025468"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1028863"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1020899"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1013882"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1017441"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/824715"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1005596"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1011950"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1017564"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/754304"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/853670"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/990867"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/999932"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1018528"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/993706"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1010765"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025464"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025465"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025470"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025471"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/442579"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/696208"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/708595"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/884693"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/979441"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/901789"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1002687"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1004212"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1011600"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1032080"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 79.0.3945.79 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13725"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include('google_chrome_version.inc'); get_kb_item_or_exit('SMB/Google_Chrome/Installed'); installs = get_kb_list('SMB/Google_Chrome/*'); google_chrome_check_version(installs:installs, fix:'79.0.3945.79', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);
NASL family Fedora Local Security Checks NASL id FEDORA_2019-1A10C04281.NASL description Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2019-12-18 plugin id 132111 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132111 title Fedora 31 : chromium (2019-1a10c04281) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-1a10c04281. # include("compat.inc"); if (description) { script_id(132111); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764"); script_xref(name:"FEDORA", value:"2019-1a10c04281"); script_name(english:"Fedora 31 : chromium (2019-1a10c04281)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a10c04281" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"chromium-79.0.3945.79-1.fc31", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2692.NASL description This update for chromium fixes the following issues : Chromium was updated to 79.0.3945.79 (boo#1158982)	 - CVE-2019-13725: Fixed a use after free in Bluetooth - CVE-2019-13726: Fixed a heap buffer overflow in password manager - CVE-2019-13727: Fixed an insufficient policy enforcement in WebSockets - CVE-2019-13728: Fixed an out of bounds write in V8 - CVE-2019-13729: Fixed a use after free in WebSockets - CVE-2019-13730: Fixed a type Confusion in V8 - CVE-2019-13732: Fixed a use after free in WebAudio - CVE-2019-13734: Fixed an out of bounds write in SQLite - CVE-2019-13735: Fixed an out of bounds write in V8 - CVE-2019-13764: Fixed a type Confusion in V8 - CVE-2019-13736: Fixed an integer overflow in PDFium - CVE-2019-13737: Fixed an insufficient policy enforcement in autocomplete - CVE-2019-13738: Fixed an insufficient policy enforcement in navigation - CVE-2019-13739: Fixed an incorrect security UI in Omnibox - CVE-2019-13740: Fixed an incorrect security UI in sharing - CVE-2019-13741: Fixed an insufficient validation of untrusted input in Blink - CVE-2019-13742: Fixed an incorrect security UI in Omnibox - CVE-2019-13743: Fixed an incorrect security UI in external protocol handling - CVE-2019-13744: Fixed an insufficient policy enforcement in cookies - CVE-2019-13745: Fixed an insufficient policy enforcement in audio - CVE-2019-13746: Fixed an insufficient policy enforcement in Omnibox - CVE-2019-13747: Fixed an uninitialized Use in rendering - CVE-2019-13748: Fixed an insufficient policy enforcement in developer tools - CVE-2019-13749: Fixed an incorrect security UI in Omnibox - CVE-2019-13750: Fixed an insufficient data validation in SQLite - CVE-2019-13751: Fixed an uninitialized Use in SQLite - CVE-2019-13752: Fixed an out of bounds read in SQLite - CVE-2019-13753: Fixed an out of bounds read in SQLite - CVE-2019-13754: Fixed an insufficient policy enforcement in extensions - CVE-2019-13755: Fixed an insufficient policy enforcement in extensions - CVE-2019-13756: Fixed an incorrect security UI in printing - CVE-2019-13757: Fixed an incorrect security UI in Omnibox - CVE-2019-13758: Fixed an insufficient policy enforcement in navigation - CVE-2019-13759: Fixed an incorrect security UI in interstitials - CVE-2019-13761: Fixed an incorrect security UI in Omnibox - CVE-2019-13762: Fixed an insufficient policy enforcement in downloads - CVE-2019-13763: Fixed an insufficient policy enforcement in payments last seen 2020-05-31 modified 2019-12-17 plugin id 132087 published 2019-12-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132087 title openSUSE Security Update : chromium (openSUSE-2019-2692) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_79_0_3945_79.NASL description The version of Google Chrome installed on the remote macOS host is prior to 79.0.3945.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_12_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131953 published 2019-12-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131953 title Google Chrome < 79.0.3945.79 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2020-4355EA258E.NASL description Update to 79.0.3945.117. Fixes CVE-2020-6377. ---- Security fix for CVE-2019-13767. ---- Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-01-21 plugin id 133113 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133113 title Fedora 30 : chromium (2020-4355ea258e) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4606.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. - CVE-2019-13726 Sergei Glazunov discovered a buffer overflow issue. - CVE-2019-13727 @piochu discovered a policy enforcement error. - CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 JavaScript library. - CVE-2019-13729 Zhe Jin discovered a use-after-free issue. - CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. - CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. - CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. - CVE-2019-13737 Mark Amery discovered a policy enforcement error. - CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error. - CVE-2019-13739 xisigr discovered a user interface error. - CVE-2019-13740 Khalil Zhani discovered a user interface error. - CVE-2019-13741 Michal Bentkowski discovered that user input could be incompletely validated. - CVE-2019-13742 Khalil Zhani discovered a user interface error. - CVE-2019-13743 Zhiyang Zeng discovered a user interface error. - CVE-2019-13744 Prakash discovered a policy enforcement error. - CVE-2019-13745 Luan Herrera discovered a policy enforcement error. - CVE-2019-13746 David Erceg discovered a policy enforcement error. - CVE-2019-13747 Ivan Popelyshev and Andre Bonatti discovered an uninitialized value. - CVE-2019-13748 David Erceg discovered a policy enforcement error. - CVE-2019-13749 Khalil Zhani discovered a user interface error. - CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. - CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. - CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13754 Cody Crews discovered a policy enforcement error. - CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. - CVE-2019-13756 Khalil Zhani discovered a user interface error. - CVE-2019-13757 Khalil Zhani discovered a user interface error. - CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. - CVE-2019-13759 Wenxu Wu discovered a user interface error. - CVE-2019-13761 Khalil Zhani discovered a user interface error. - CVE-2019-13762 csanuragjain discovered a policy enforecement error. - CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. - CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. - CVE-2020-6377 Zhe Jin discovered a use-after-free issue. - CVE-2020-6378 Antti Levomaki and Christian Jalio discovered a use-after-free issue. - CVE-2020-6379 Guang Gong discovered a use-after-free issue. - CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages. last seen 2020-03-17 modified 2020-01-21 plugin id 133109 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133109 title Debian DSA-4606-1 : chromium - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-4238.NASL description An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 79.0.3945.79. Security Fix(es) : * chromium-browser: Use after free in Bluetooth (CVE-2019-13725) * chromium-browser: Heap buffer overflow in password manager (CVE-2019-13726) * chromium-browser: Insufficient policy enforcement in WebSockets (CVE-2019-13727) * chromium-browser: Out of bounds write in V8 (CVE-2019-13728) * chromium-browser: Use after free in WebSockets (CVE-2019-13729) * chromium-browser: Type Confusion in V8 (CVE-2019-13730) * chromium-browser: Use after free in WebAudio (CVE-2019-13732) * chromium-browser: Out of bounds write in SQLite (CVE-2019-13734) * chromium-browser: Out of bounds write in V8 (CVE-2019-13735) * chromium-browser: Type Confusion in V8 (CVE-2019-13764) * chromium-browser: Integer overflow in PDFium (CVE-2019-13736) * chromium-browser: Insufficient policy enforcement in autocomplete (CVE-2019-13737) * chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13738) * chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13739) * chromium-browser: Incorrect security UI in sharing (CVE-2019-13740) * chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2019-13741) * chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13742) * chromium-browser: Incorrect security UI in external protocol handling (CVE-2019-13743) * chromium-browser: Insufficient policy enforcement in cookies (CVE-2019-13744) * chromium-browser: Insufficient policy enforcement in audio (CVE-2019-13745) * chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-13746) * chromium-browser: Uninitialized Use in rendering (CVE-2019-13747) * chromium-browser: Insufficient policy enforcement in developer tools (CVE-2019-13748) * chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13749) * chromium-browser: Insufficient data validation in SQLite (CVE-2019-13750) * chromium-browser: Uninitialized Use in SQLite (CVE-2019-13751) * chromium-browser: Out of bounds read in SQLite (CVE-2019-13752) * chromium-browser: Out of bounds read in SQLite (CVE-2019-13753) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13754) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13755) * chromium-browser: Incorrect security UI in printing (CVE-2019-13756) * chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13757) * chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13758) * chromium-browser: Incorrect security UI in interstitials (CVE-2019-13759) * chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13761) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2019-13762) * chromium-browser: Insufficient policy enforcement in payments (CVE-2019-13763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-12-18 plugin id 132228 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132228 title RHEL 6 : chromium-browser (RHSA-2019:4238)
Redhat
advisories |
| ||||
rpms |
|
References
- https://crbug.com/1017441
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
- https://access.redhat.com/errata/RHSA-2019:4238
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
- https://seclists.org/bugtraq/2020/Jan/27
- https://www.debian.org/security/2020/dsa-4606
- https://security.gentoo.org/glsa/202003-08
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/