Vulnerabilities > CVE-2020-6377 - Use After Free vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Vulnerable Configurations

Part Description Count
Application
Google
5470
Application
Opensuse
1
OS
Opensuse
1
OS
Fedoraproject
2
OS
Redhat
2
OS
Debian
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-08 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof an URL or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-13
    plugin id134475
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134475
    titleGLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 202003-08.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134475);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18");
    
      script_cve_id("CVE-2019-13723", "CVE-2019-13724", "CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764", "CVE-2019-13767", "CVE-2020-6377", "CVE-2020-6378", "CVE-2020-6379", "CVE-2020-6380", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6385", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6403", "CVE-2020-6404", "CVE-2020-6406", "CVE-2020-6407", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6418", "CVE-2020-6420");
      script_xref(name:"GLSA", value:"202003-08");
    
      script_name(english:"GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-202003-08
    (Chromium, Google Chrome: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Chromium and Google
          Chrome. Please review the referenced CVE identifiers and Google Chrome
          Releases for details.
      
    Impact :
    
        A remote attacker could execute arbitrary code, escalate privileges,
          obtain sensitive information, spoof an URL or cause a Denial of Service
          condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/202003-08"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Chromium users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=www-client/chromium-80.0.3987.132'
        All Google Chrome users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=www-client/google-chrome-80.0.3987.132'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 80 JSCreate side-effect type confusion exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:google-chrome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 80.0.3987.132"), vulnerable:make_list("lt 80.0.3987.132"))) flag++;
    if (qpkg_check(package:"www-client/google-chrome", unaffected:make_list("ge 80.0.3987.132"), vulnerable:make_list("lt 80.0.3987.132"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / Google Chrome");
    }
    
  • NASL familyWindows
    NASL idGOOGLE_CHROME_79_0_3945_117.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.117. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_01_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132717
    published2020-01-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132717
    titleGoogle Chrome < 79.0.3945.117 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132717);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/23");
    
      script_cve_id("CVE-2020-6377");
    
      script_name(english:"Google Chrome < 79.0.3945.117 Multiple Vulnerabilities");
    
      script_set_attribute(attribute:"synopsis", value:
    "A web browser installed on the remote Windows host is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.117. It is, therefore, affected
    by multiple vulnerabilities as referenced in the 2020_01_stable-channel-update-for-desktop advisory. Note that Nessus
    has not tested for this issue but has instead relied only on the application's self-reported version number.");
      # https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c729b434");
      script_set_attribute(attribute:"see_also", value:"https://crbug.com/1029462");
      script_set_attribute(attribute:"see_also", value:"https://crbug.com/1039803");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome version 79.0.3945.117 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    include('google_chrome_version.inc');
    
    get_kb_item_or_exit('SMB/Google_Chrome/Installed');
    installs = get_kb_list('SMB/Google_Chrome/*');
    
    google_chrome_check_version(installs:installs, fix:'79.0.3945.117', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-6.NASL
    descriptionThis update for chromium version 79.0.3945.117 fixes the following issues : - CVE-2020-6377: Fixed a use-after-free in audio - Various fixes from internal audits, fuzzing and other initiatives
    last seen2020-05-31
    modified2020-01-13
    plugin id132848
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132848
    titleopenSUSE Security Update : chromium (openSUSE-2020-6)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2020-6.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132848);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2019-5844", "CVE-2019-5845", "CVE-2019-5846", "CVE-2020-6377");
    
      script_name(english:"openSUSE Security Update : chromium (openSUSE-2020-6)");
      script_summary(english:"Check for the openSUSE-2020-6 patch");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for chromium version 79.0.3945.117 fixes the following
    issues :
    
      - CVE-2020-6377: Fixed a use-after-free in audio
    
      - Various fixes from internal audits, fuzzing and other
        initiatives"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1160337"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected chromium packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libre2-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libre2-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libre2-0-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libre2-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:re2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:re2-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"libre2-0-20200101-lp151.10.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libre2-0-debuginfo-20200101-lp151.10.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"re2-debugsource-20200101-lp151.10.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"re2-devel-20200101-lp151.10.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromedriver-79.0.3945.117-lp151.2.57.2") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromedriver-debuginfo-79.0.3945.117-lp151.2.57.2") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromium-79.0.3945.117-lp151.2.57.2", allowmaj:TRUE) ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromium-debuginfo-79.0.3945.117-lp151.2.57.2", allowmaj:TRUE) ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromium-debugsource-79.0.3945.117-lp151.2.57.2", allowmaj:TRUE) ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libre2-0-32bit-20200101-lp151.10.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libre2-0-32bit-debuginfo-20200101-lp151.10.6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-581537C8AA.NASL
    descriptionUpdate to 79.0.3945.117. Fixes CVE-2020-6377. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-01-13
    plugin id132788
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132788
    titleFedora 31 : chromium (2020-581537c8aa)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2020-581537c8aa.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132788);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2020-6377");
      script_xref(name:"FEDORA", value:"2020-581537c8aa");
    
      script_name(english:"Fedora 31 : chromium (2020-581537c8aa)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Update to 79.0.3945.117. Fixes CVE-2020-6377.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-581537c8aa"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected chromium package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC31", reference:"chromium-79.0.3945.117-1.fc31", allowmaj:TRUE)) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-4355EA258E.NASL
    descriptionUpdate to 79.0.3945.117. Fixes CVE-2020-6377. ---- Security fix for CVE-2019-13767. ---- Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-01-21
    plugin id133113
    published2020-01-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133113
    titleFedora 30 : chromium (2020-4355ea258e)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2020-4355ea258e.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133113);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764", "CVE-2019-13767", "CVE-2020-6377");
      script_xref(name:"FEDORA", value:"2020-4355ea258e");
    
      script_name(english:"Fedora 30 : chromium (2020-4355ea258e)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Update to 79.0.3945.117. Fixes CVE-2020-6377.
    
    ----
    
    Security fix for CVE-2019-13767.
    
    ----
    
    Update to Chromium 79. Fixes the usual giant pile of bugs and security
    issues. This time, the list is :
    
    CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728
    CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734
    CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737
    CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741
    CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745
    CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749
    CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753
    CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757
    CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762
    CVE-2019-13763
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-4355ea258e"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected chromium package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"chromium-79.0.3945.117-1.fc30", allowmaj:TRUE)) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4606.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. - CVE-2019-13726 Sergei Glazunov discovered a buffer overflow issue. - CVE-2019-13727 @piochu discovered a policy enforcement error. - CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 JavaScript library. - CVE-2019-13729 Zhe Jin discovered a use-after-free issue. - CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. - CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. - CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. - CVE-2019-13737 Mark Amery discovered a policy enforcement error. - CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error. - CVE-2019-13739 xisigr discovered a user interface error. - CVE-2019-13740 Khalil Zhani discovered a user interface error. - CVE-2019-13741 Michal Bentkowski discovered that user input could be incompletely validated. - CVE-2019-13742 Khalil Zhani discovered a user interface error. - CVE-2019-13743 Zhiyang Zeng discovered a user interface error. - CVE-2019-13744 Prakash discovered a policy enforcement error. - CVE-2019-13745 Luan Herrera discovered a policy enforcement error. - CVE-2019-13746 David Erceg discovered a policy enforcement error. - CVE-2019-13747 Ivan Popelyshev and Andre Bonatti discovered an uninitialized value. - CVE-2019-13748 David Erceg discovered a policy enforcement error. - CVE-2019-13749 Khalil Zhani discovered a user interface error. - CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. - CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. - CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13754 Cody Crews discovered a policy enforcement error. - CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. - CVE-2019-13756 Khalil Zhani discovered a user interface error. - CVE-2019-13757 Khalil Zhani discovered a user interface error. - CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. - CVE-2019-13759 Wenxu Wu discovered a user interface error. - CVE-2019-13761 Khalil Zhani discovered a user interface error. - CVE-2019-13762 csanuragjain discovered a policy enforecement error. - CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. - CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. - CVE-2020-6377 Zhe Jin discovered a use-after-free issue. - CVE-2020-6378 Antti Levomaki and Christian Jalio discovered a use-after-free issue. - CVE-2020-6379 Guang Gong discovered a use-after-free issue. - CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages.
    last seen2020-03-17
    modified2020-01-21
    plugin id133109
    published2020-01-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133109
    titleDebian DSA-4606-1 : chromium - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4606. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133109);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/02");
    
      script_cve_id("CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764", "CVE-2019-13767", "CVE-2020-6377", "CVE-2020-6378", "CVE-2020-6379", "CVE-2020-6380");
      script_xref(name:"DSA", value:"4606");
    
      script_name(english:"Debian DSA-4606-1 : chromium - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the chromium web
    browser.
    
      - CVE-2019-13725
        Gengming Liu and Jianyu Chen discovered a use-after-free
        issue in the bluetooth implementation.
    
      - CVE-2019-13726
        Sergei Glazunov discovered a buffer overflow issue.
    
      - CVE-2019-13727
        @piochu discovered a policy enforcement error.
    
      - CVE-2019-13728
        Rong Jian and Guang Gong discovered an out-of-bounds
        write error in the v8 JavaScript library.
    
      - CVE-2019-13729
        Zhe Jin discovered a use-after-free issue.
    
      - CVE-2019-13730
        Soyeon Park and Wen Xu discovered the use of a wrong
        type in the v8 JavaScript library.
    
      - CVE-2019-13732
        Sergei Glazunov discovered a use-after-free issue in the
        WebAudio implementation.
    
      - CVE-2019-13734
        Wenxiang Qian discovered an out-of-bounds write issue in
        the sqlite library.
    
      - CVE-2019-13735
        Gengming Liu and Zhen Feng discovered an out-of-bounds
        write issue in the v8 JavaScript library.
    
      - CVE-2019-13736
        An integer overflow issue was discovered in the pdfium
        library.
    
      - CVE-2019-13737
        Mark Amery discovered a policy enforcement error.
    
      - CVE-2019-13738
        Johnathan Norman and Daniel Clark discovered a policy
        enforcement error.
    
      - CVE-2019-13739
        xisigr discovered a user interface error.
    
      - CVE-2019-13740
        Khalil Zhani discovered a user interface error.
    
      - CVE-2019-13741
        Michal Bentkowski discovered that user input could be
        incompletely validated.
    
      - CVE-2019-13742
        Khalil Zhani discovered a user interface error.
    
      - CVE-2019-13743
        Zhiyang Zeng discovered a user interface error.
    
      - CVE-2019-13744
        Prakash discovered a policy enforcement error.
    
      - CVE-2019-13745
        Luan Herrera discovered a policy enforcement error.
    
      - CVE-2019-13746
        David Erceg discovered a policy enforcement error.
    
      - CVE-2019-13747
        Ivan Popelyshev and Andre Bonatti discovered an
        uninitialized value.
    
      - CVE-2019-13748
        David Erceg discovered a policy enforcement error.
    
      - CVE-2019-13749
        Khalil Zhani discovered a user interface error.
    
      - CVE-2019-13750
        Wenxiang Qian discovered insufficient validation of data
        in the sqlite library.
    
      - CVE-2019-13751
        Wenxiang Qian discovered an uninitialized value in the
        sqlite library.
    
      - CVE-2019-13752
        Wenxiang Qian discovered an out-of-bounds read issue in
        the sqlite library.
    
      - CVE-2019-13753
        Wenxiang Qian discovered an out-of-bounds read issue in
        the sqlite library.
    
      - CVE-2019-13754
        Cody Crews discovered a policy enforcement error.
    
      - CVE-2019-13755
        Masato Kinugawa discovered a policy enforcement error.
    
      - CVE-2019-13756
        Khalil Zhani discovered a user interface error.
    
      - CVE-2019-13757
        Khalil Zhani discovered a user interface error.
    
      - CVE-2019-13758
        Khalil Zhani discovered a policy enforecement error.
    
      - CVE-2019-13759
        Wenxu Wu discovered a user interface error.
    
      - CVE-2019-13761
        Khalil Zhani discovered a user interface error.
    
      - CVE-2019-13762
        csanuragjain discovered a policy enforecement error.
    
      - CVE-2019-13763
        weiwangpp93 discovered a policy enforecement error.
    
      - CVE-2019-13764
        Soyeon Park and Wen Xu discovered the use of a wrong
        type in the v8 JavaScript library.
    
      - CVE-2019-13767
        Sergei Glazunov discovered a use-after-free issue.
    
      - CVE-2020-6377
        Zhe Jin discovered a use-after-free issue.
    
      - CVE-2020-6378
        Antti Levomaki and Christian Jalio discovered a
        use-after-free issue.
    
      - CVE-2020-6379
        Guang Gong discovered a use-after-free issue.
    
      - CVE-2020-6380
        Sergei Glazunov discovered an error verifying extension
        messages."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13725"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13726"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13730"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13736"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13737"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13742"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13744"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13747"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13749"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13753"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13754"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13755"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13757"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13758"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13759"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13761"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13762"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13763"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-13767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6379"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6380"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/chromium"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/buster/chromium"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2020/dsa-4606"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the chromium packages.
    
    For the oldstable distribution (stretch), security support for
    chromium has been discontinued.
    
    For the stable distribution (buster), these problems have been fixed
    in version 79.0.3945.130-1~deb10u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"10.0", prefix:"chromium", reference:"79.0.3945.130-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-common", reference:"79.0.3945.130-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-driver", reference:"79.0.3945.130-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-l10n", reference:"79.0.3945.130-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-sandbox", reference:"79.0.3945.130-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-shell", reference:"79.0.3945.130-1~deb10u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_79_0_3945_117.NASL
    descriptionThe version of Google Chrome installed on the remote macOS host is prior to 79.0.3945.117. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_01_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132716
    published2020-01-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132716
    titleGoogle Chrome < 79.0.3945.117 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132716);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/23");
    
      script_cve_id("CVE-2020-6377");
    
      script_name(english:"Google Chrome < 79.0.3945.117 Multiple Vulnerabilities");
    
      script_set_attribute(attribute:"synopsis", value:
    "A web browser installed on the remote macOS host is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote macOS host is prior to 79.0.3945.117. It is, therefore, affected by
    multiple vulnerabilities as referenced in the 2020_01_stable-channel-update-for-desktop advisory. Note that Nessus has
    not tested for this issue but has instead relied only on the application's self-reported version number.");
      # https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c729b434");
      script_set_attribute(attribute:"see_also", value:"https://crbug.com/1029462");
      script_set_attribute(attribute:"see_also", value:"https://crbug.com/1039803");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome version 79.0.3945.117 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_google_chrome_installed.nbin");
      script_require_keys("MacOSX/Google Chrome/Installed");
    
      exit(0);
    }
    include('google_chrome_version.inc');
    
    get_kb_item_or_exit('MacOSX/Google Chrome/Installed');
    
    google_chrome_check_version(fix:'79.0.3945.117', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);
     
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0084.NASL
    descriptionAn update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 79.0.3945.117. Security Fix(es) : * chromium-browser: Use after free in audio (CVE-2020-6377) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-02
    modified2020-01-15
    plugin id132883
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132883
    titleRHEL 6 : chromium-browser (RHSA-2020:0084)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:0084. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132883);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2020-6377");
      script_xref(name:"RHSA", value:"2020:0084");
    
      script_name(english:"RHEL 6 : chromium-browser (RHSA-2020:0084)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for chromium-browser is now available for Red Hat Enterprise
    Linux 6 Supplementary.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Chromium is an open source web browser, powered by WebKit (Blink).
    
    This update upgrades Chromium to version 79.0.3945.117.
    
    Security Fix(es) :
    
    * chromium-browser: Use after free in audio (CVE-2020-6377)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6377"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Update the affected chromium-browser and / or
    chromium-browser-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'chromium-browser-79.0.3945.117-1.el6_10', 'cpu':'i686', 'release':'6', 'allowmaj':TRUE},
        {'reference':'chromium-browser-79.0.3945.117-1.el6_10', 'cpu':'x86_64', 'release':'6', 'allowmaj':TRUE}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser');
    }
    

Redhat

advisories
rhsa
idRHSA-2020:0084
rpms
  • chromium-browser-0:79.0.3945.117-1.el6_10
  • chromium-browser-debuginfo-0:79.0.3945.117-1.el6_10

References