Vulnerabilities > CVE-2020-6464 - Type Confusion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_81_0_4044_138.NASL description The version of Google Chrome installed on the remote macOS host is prior to 81.0.4044.138. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_05_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-05-06 plugin id 136347 published 2020-05-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136347 title Google Chrome < 81.0.4044.138 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(136347); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2020-6464", "CVE-2020-6831"); script_xref(name:"IAVA", value:"2020-A-0185-S"); script_name(english:"Google Chrome < 81.0.4044.138 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote macOS host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote macOS host is prior to 81.0.4044.138. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_05_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?42d92b01"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1073602"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1071059"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1077866"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 81.0.4044.138 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6831"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_google_chrome_installed.nbin"); script_require_keys("MacOSX/Google Chrome/Installed"); exit(0); } include('google_chrome_version.inc'); get_kb_item_or_exit('MacOSX/Google Chrome/Installed'); google_chrome_check_version(fix:'81.0.4044.138', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2064.NASL description The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2064 advisory. - chromium-browser: Type Confusion in Blink (CVE-2020-6464) - usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-05-11 plugin id 136478 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136478 title RHEL 6 : chromium-browser (RHSA-2020:2064) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2064. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136478); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2020-6464", "CVE-2020-6831"); script_xref(name:"RHSA", value:"2020:2064"); script_name(english:"RHEL 6 : chromium-browser (RHSA-2020:2064)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2064 advisory. - chromium-browser: Type Confusion in Blink (CVE-2020-6464) - usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/843.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2064"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-6464"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-6831"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831763"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1832488"); script_set_attribute(attribute:"solution", value: "Update the affected chromium-browser package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6831"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(120, 843); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'chromium-browser-81.0.4044.138-1.el6_10', 'cpu':'i686', 'release':'6', 'allowmaj':TRUE}, {'reference':'chromium-browser-81.0.4044.138-1.el6_10', 'cpu':'x86_64', 'release':'6', 'allowmaj':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser'); }NASL family Fedora Local Security Checks NASL id FEDORA_2020-DA49FBB17C.NASL description The description provided by Fedora was far too silly to endure. Please consult the NIST CVEs for details on these Google Chromium vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-18 plugin id 136685 published 2020-05-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136685 title Fedora 31 : chromium (2020-da49fbb17c) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-da49fbb17c. # include("compat.inc"); if (description) { script_id(136685); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456", "CVE-2020-6457", "CVE-2020-6458", "CVE-2020-6459", "CVE-2020-6460", "CVE-2020-6461", "CVE-2020-6462", "CVE-2020-6464"); script_xref(name:"FEDORA", value:"2020-da49fbb17c"); script_name(english:"Fedora 31 : chromium (2020-da49fbb17c)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "The description provided by Fedora was far too silly to endure. Please consult the NIST CVEs for details on these Google Chromium vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-da49fbb17c" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/13"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"chromium-81.0.4044.138-1.fc31", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-709.NASL description This update for opera fixes the following issues : Opera was updated to version 68.0.3618.104 - CHR-7909 Update chromium on desktop-stable-81-3618 to 81.0.4044.138 - CVE-2020-6831, CVE-2020-6464 - DNA-85609 [Mac] Tabs shrinking & disappearing - DNA-85629 Crash at opera::DownloadButtonPanel::ShouldShowCancelButton() - DNA-85669 Add mocking of AddressDropdownModel in AddressBarControllerTest - DNA-85678 Wrong badge icon on pages with mixed content on desktop-stable-81-3618 - DNA-85820 Flags are blue in default [D] state after restart - DNA-85822 Full screen snap on pkobp.pl - DNA-86077 Problem to upload .JPG file as an wallpaper - DNA-86165 Downloads list doesn’t returns to its original state after clearing search filter - DNA-86236 [Mac] Plus button click area too small - DNA-86241 X tab button is not visible - DNA-86217 Fix performance issue with Background Worker last seen 2020-06-06 modified 2020-05-26 plugin id 136888 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136888 title openSUSE Security Update : opera (openSUSE-2020-709) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-709. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(136888); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05"); script_cve_id("CVE-2020-6464", "CVE-2020-6831"); script_name(english:"openSUSE Security Update : opera (openSUSE-2020-709)"); script_summary(english:"Check for the openSUSE-2020-709 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for opera fixes the following issues : Opera was updated to version 68.0.3618.104 - CHR-7909 Update chromium on desktop-stable-81-3618 to 81.0.4044.138 - CVE-2020-6831, CVE-2020-6464 - DNA-85609 [Mac] Tabs shrinking & disappearing - DNA-85629 Crash at opera::DownloadButtonPanel::ShouldShowCancelButton() - DNA-85669 Add mocking of AddressDropdownModel in AddressBarControllerTest - DNA-85678 Wrong badge icon on pages with mixed content on desktop-stable-81-3618 - DNA-85820 Flags are blue in default [D] state after restart - DNA-85822 Full screen snap on pkobp.pl - DNA-86077 Problem to upload .JPG file as an wallpaper - DNA-86165 Downloads list doesn’t returns to its original state after clearing search filter - DNA-86236 [Mac] Plus button click area too small - DNA-86241 X tab button is not visible - DNA-86217 Fix performance issue with Background Worker" ); script_set_attribute(attribute:"solution", value:"Update the affected opera package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6831"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"opera-68.0.3618.104-lp151.2.18.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera"); }NASL family Fedora Local Security Checks NASL id FEDORA_2020-06C54925D3.NASL description The description provided by Fedora was far too silly to endure. Please consult the NIST CVEs for details on these Google Chromium vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-18 plugin id 136677 published 2020-05-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136677 title Fedora 30 : chromium (2020-06c54925d3) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-06c54925d3. # include("compat.inc"); if (description) { script_id(136677); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2020-6461", "CVE-2020-6462", "CVE-2020-6464"); script_xref(name:"FEDORA", value:"2020-06c54925d3"); script_name(english:"Fedora 30 : chromium (2020-06c54925d3)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "The description provided by Fedora was far too silly to endure. Please consult the NIST CVEs for details on these Google Chromium vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-06c54925d3" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6464"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"chromium-81.0.4044.138-1.fc30", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium"); }NASL family Windows NASL id GOOGLE_CHROME_81_0_4044_138.NASL description The version of Google Chrome installed on the remote Windows host is prior to 81.0.4044.138. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_05_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-05-06 plugin id 136348 published 2020-05-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136348 title Google Chrome < 81.0.4044.138 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(136348); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2020-6464", "CVE-2020-6831"); script_xref(name:"IAVA", value:"2020-A-0185-S"); script_name(english:"Google Chrome < 81.0.4044.138 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Windows host is prior to 81.0.4044.138. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_05_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?42d92b01"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1073602"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1071059"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/1077866"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 81.0.4044.138 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6831"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include('google_chrome_version.inc'); get_kb_item_or_exit('SMB/Google_Chrome/Installed'); installs = get_kb_list('SMB/Google_Chrome/*'); google_chrome_check_version(installs:installs, fix:'81.0.4044.138', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-620.NASL description This update for chromium fixes the following issues : Update to 81.0.4044.138 (boo#1171247) : - CVE-2020-6831: Stack-based buffer overflow in SCTP - CVE-2020-6464: Type Confusion in Blink last seen 2020-06-06 modified 2020-05-11 plugin id 136449 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136449 title openSUSE Security Update : chromium (openSUSE-2020-620) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202005-13.NASL description The remote host is affected by the vulnerability described in GLSA-202005-13 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-05-31 modified 2020-05-15 plugin id 136643 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136643 title GLSA-202005-13 : Chromium, Google Chrome: Multiple vulnerabilities
Redhat
| rpms |
|
References
- https://crbug.com/1071059
- https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00056.html
- https://security.gentoo.org/glsa/202005-13
- https://www.debian.org/security/2020/dsa-4714
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html