Vulnerabilities > CVE-2020-6377 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-08.NASL description The remote host is affected by the vulnerability described in GLSA-202003-08 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof an URL or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-13 plugin id 134475 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134475 title GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202003-08. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(134475); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18"); script_cve_id("CVE-2019-13723", "CVE-2019-13724", "CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764", "CVE-2019-13767", "CVE-2020-6377", "CVE-2020-6378", "CVE-2020-6379", "CVE-2020-6380", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6385", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6403", "CVE-2020-6404", "CVE-2020-6406", "CVE-2020-6407", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6418", "CVE-2020-6420"); script_xref(name:"GLSA", value:"202003-08"); script_name(english:"GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202003-08 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof an URL or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-08" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-80.0.3987.132' All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/google-chrome-80.0.3987.132'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 80 JSCreate side-effect type confusion exploit'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:google-chrome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/25"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 80.0.3987.132"), vulnerable:make_list("lt 80.0.3987.132"))) flag++; if (qpkg_check(package:"www-client/google-chrome", unaffected:make_list("ge 80.0.3987.132"), vulnerable:make_list("lt 80.0.3987.132"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / Google Chrome"); }NASL family Windows NASL id GOOGLE_CHROME_79_0_3945_117.NASL description The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.117. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_01_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132717 published 2020-01-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132717 title Google Chrome < 79.0.3945.117 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(132717); script_version("1.4"); script_cvs_date("Date: 2020/01/23"); script_cve_id("CVE-2020-6377"); script_name(english:"Google Chrome < 79.0.3945.117 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.117. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_01_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c729b434"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1029462"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1039803"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 79.0.3945.117 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include('google_chrome_version.inc'); get_kb_item_or_exit('SMB/Google_Chrome/Installed'); installs = get_kb_list('SMB/Google_Chrome/*'); google_chrome_check_version(installs:installs, fix:'79.0.3945.117', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-6.NASL description This update for chromium version 79.0.3945.117 fixes the following issues : - CVE-2020-6377: Fixed a use-after-free in audio - Various fixes from internal audits, fuzzing and other initiatives last seen 2020-05-31 modified 2020-01-13 plugin id 132848 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132848 title openSUSE Security Update : chromium (openSUSE-2020-6) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-6. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(132848); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2019-5844", "CVE-2019-5845", "CVE-2019-5846", "CVE-2020-6377"); script_name(english:"openSUSE Security Update : chromium (openSUSE-2020-6)"); script_summary(english:"Check for the openSUSE-2020-6 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for chromium version 79.0.3945.117 fixes the following issues : - CVE-2020-6377: Fixed a use-after-free in audio - Various fixes from internal audits, fuzzing and other initiatives" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1160337" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libre2-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libre2-0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libre2-0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libre2-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:re2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:re2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/03"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"libre2-0-20200101-lp151.10.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libre2-0-debuginfo-20200101-lp151.10.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"re2-debugsource-20200101-lp151.10.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"re2-devel-20200101-lp151.10.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromedriver-79.0.3945.117-lp151.2.57.2") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromedriver-debuginfo-79.0.3945.117-lp151.2.57.2") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromium-79.0.3945.117-lp151.2.57.2", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromium-debuginfo-79.0.3945.117-lp151.2.57.2", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"chromium-debugsource-79.0.3945.117-lp151.2.57.2", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libre2-0-32bit-20200101-lp151.10.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libre2-0-32bit-debuginfo-20200101-lp151.10.6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2020-581537C8AA.NASL description Update to 79.0.3945.117. Fixes CVE-2020-6377. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-01-13 plugin id 132788 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132788 title Fedora 31 : chromium (2020-581537c8aa) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-581537c8aa. # include("compat.inc"); if (description) { script_id(132788); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2020-6377"); script_xref(name:"FEDORA", value:"2020-581537c8aa"); script_name(english:"Fedora 31 : chromium (2020-581537c8aa)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 79.0.3945.117. Fixes CVE-2020-6377. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-581537c8aa" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"chromium-79.0.3945.117-1.fc31", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium"); }NASL family Fedora Local Security Checks NASL id FEDORA_2020-4355EA258E.NASL description Update to 79.0.3945.117. Fixes CVE-2020-6377. ---- Security fix for CVE-2019-13767. ---- Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-01-21 plugin id 133113 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133113 title Fedora 30 : chromium (2020-4355ea258e) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-4355ea258e. # include("compat.inc"); if (description) { script_id(133113); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764", "CVE-2019-13767", "CVE-2020-6377"); script_xref(name:"FEDORA", value:"2020-4355ea258e"); script_name(english:"Fedora 30 : chromium (2020-4355ea258e)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 79.0.3945.117. Fixes CVE-2020-6377. ---- Security fix for CVE-2019-13767. ---- Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-4355ea258e" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"chromium-79.0.3945.117-1.fc30", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4606.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. - CVE-2019-13726 Sergei Glazunov discovered a buffer overflow issue. - CVE-2019-13727 @piochu discovered a policy enforcement error. - CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 JavaScript library. - CVE-2019-13729 Zhe Jin discovered a use-after-free issue. - CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. - CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. - CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. - CVE-2019-13737 Mark Amery discovered a policy enforcement error. - CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error. - CVE-2019-13739 xisigr discovered a user interface error. - CVE-2019-13740 Khalil Zhani discovered a user interface error. - CVE-2019-13741 Michal Bentkowski discovered that user input could be incompletely validated. - CVE-2019-13742 Khalil Zhani discovered a user interface error. - CVE-2019-13743 Zhiyang Zeng discovered a user interface error. - CVE-2019-13744 Prakash discovered a policy enforcement error. - CVE-2019-13745 Luan Herrera discovered a policy enforcement error. - CVE-2019-13746 David Erceg discovered a policy enforcement error. - CVE-2019-13747 Ivan Popelyshev and Andre Bonatti discovered an uninitialized value. - CVE-2019-13748 David Erceg discovered a policy enforcement error. - CVE-2019-13749 Khalil Zhani discovered a user interface error. - CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. - CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. - CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13754 Cody Crews discovered a policy enforcement error. - CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. - CVE-2019-13756 Khalil Zhani discovered a user interface error. - CVE-2019-13757 Khalil Zhani discovered a user interface error. - CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. - CVE-2019-13759 Wenxu Wu discovered a user interface error. - CVE-2019-13761 Khalil Zhani discovered a user interface error. - CVE-2019-13762 csanuragjain discovered a policy enforecement error. - CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. - CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. - CVE-2020-6377 Zhe Jin discovered a use-after-free issue. - CVE-2020-6378 Antti Levomaki and Christian Jalio discovered a use-after-free issue. - CVE-2020-6379 Guang Gong discovered a use-after-free issue. - CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages. last seen 2020-03-17 modified 2020-01-21 plugin id 133109 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133109 title Debian DSA-4606-1 : chromium - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4606. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(133109); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/02"); script_cve_id("CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764", "CVE-2019-13767", "CVE-2020-6377", "CVE-2020-6378", "CVE-2020-6379", "CVE-2020-6380"); script_xref(name:"DSA", value:"4606"); script_name(english:"Debian DSA-4606-1 : chromium - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. - CVE-2019-13726 Sergei Glazunov discovered a buffer overflow issue. - CVE-2019-13727 @piochu discovered a policy enforcement error. - CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 JavaScript library. - CVE-2019-13729 Zhe Jin discovered a use-after-free issue. - CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. - CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. - CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. - CVE-2019-13737 Mark Amery discovered a policy enforcement error. - CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error. - CVE-2019-13739 xisigr discovered a user interface error. - CVE-2019-13740 Khalil Zhani discovered a user interface error. - CVE-2019-13741 Michal Bentkowski discovered that user input could be incompletely validated. - CVE-2019-13742 Khalil Zhani discovered a user interface error. - CVE-2019-13743 Zhiyang Zeng discovered a user interface error. - CVE-2019-13744 Prakash discovered a policy enforcement error. - CVE-2019-13745 Luan Herrera discovered a policy enforcement error. - CVE-2019-13746 David Erceg discovered a policy enforcement error. - CVE-2019-13747 Ivan Popelyshev and Andre Bonatti discovered an uninitialized value. - CVE-2019-13748 David Erceg discovered a policy enforcement error. - CVE-2019-13749 Khalil Zhani discovered a user interface error. - CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. - CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. - CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13754 Cody Crews discovered a policy enforcement error. - CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. - CVE-2019-13756 Khalil Zhani discovered a user interface error. - CVE-2019-13757 Khalil Zhani discovered a user interface error. - CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. - CVE-2019-13759 Wenxu Wu discovered a user interface error. - CVE-2019-13761 Khalil Zhani discovered a user interface error. - CVE-2019-13762 csanuragjain discovered a policy enforecement error. - CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. - CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. - CVE-2020-6377 Zhe Jin discovered a use-after-free issue. - CVE-2020-6378 Antti Levomaki and Christian Jalio discovered a use-after-free issue. - CVE-2020-6379 Guang Gong discovered a use-after-free issue. - CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13725" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13726" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13727" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13728" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13729" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13730" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13732" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13734" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13735" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13736" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13737" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13738" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13739" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13740" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13741" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13742" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13743" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13744" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13745" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13746" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13747" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13748" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13749" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13750" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13751" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13752" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13753" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13754" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13755" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13756" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13757" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13758" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13759" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13761" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13762" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13763" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13764" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13767" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6377" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6378" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6379" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6380" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/chromium" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/buster/chromium" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4606" ); script_set_attribute( attribute:"solution", value: "Upgrade the chromium packages. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 79.0.3945.130-1~deb10u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"10.0", prefix:"chromium", reference:"79.0.3945.130-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-common", reference:"79.0.3945.130-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-driver", reference:"79.0.3945.130-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-l10n", reference:"79.0.3945.130-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-sandbox", reference:"79.0.3945.130-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-shell", reference:"79.0.3945.130-1~deb10u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_79_0_3945_117.NASL description The version of Google Chrome installed on the remote macOS host is prior to 79.0.3945.117. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_01_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132716 published 2020-01-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132716 title Google Chrome < 79.0.3945.117 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(132716); script_version("1.4"); script_cvs_date("Date: 2020/01/23"); script_cve_id("CVE-2020-6377"); script_name(english:"Google Chrome < 79.0.3945.117 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote macOS host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote macOS host is prior to 79.0.3945.117. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_01_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c729b434"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1029462"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1039803"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 79.0.3945.117 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_google_chrome_installed.nbin"); script_require_keys("MacOSX/Google Chrome/Installed"); exit(0); } include('google_chrome_version.inc'); get_kb_item_or_exit('MacOSX/Google Chrome/Installed'); google_chrome_check_version(fix:'79.0.3945.117', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0084.NASL description An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 79.0.3945.117. Security Fix(es) : * chromium-browser: Use after free in audio (CVE-2020-6377) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-02 modified 2020-01-15 plugin id 132883 published 2020-01-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132883 title RHEL 6 : chromium-browser (RHSA-2020:0084) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0084. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(132883); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id("CVE-2020-6377"); script_xref(name:"RHSA", value:"2020:0084"); script_name(english:"RHEL 6 : chromium-browser (RHSA-2020:0084)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 79.0.3945.117. Security Fix(es) : * chromium-browser: Use after free in audio (CVE-2020-6377) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0084" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6377" ); script_set_attribute( attribute:"solution", value: "Update the affected chromium-browser and / or chromium-browser-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6377"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'chromium-browser-79.0.3945.117-1.el6_10', 'cpu':'i686', 'release':'6', 'allowmaj':TRUE}, {'reference':'chromium-browser-79.0.3945.117-1.el6_10', 'cpu':'x86_64', 'release':'6', 'allowmaj':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser'); }
Redhat
| advisories |
| ||||
| rpms |
|
References
- https://crbug.com/1029462
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html
- https://access.redhat.com/errata/RHSA-2020:0084
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html
- https://seclists.org/bugtraq/2020/Jan/27
- https://www.debian.org/security/2020/dsa-4606
- https://security.gentoo.org/glsa/202003-08
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PSUXNEUS6N42UJNQVCQSTSM6CSW2REPG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/