Vulnerabilities > CVE-2020-6496 - Use After Free vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
google
debian
opensuse
CWE-416
nessus

Summary

Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Vulnerable Configurations

Part Description Count
Application
Google
5620
Application
Opensuse
1
OS
Apple
1
OS
Debian
2
OS
Opensuse
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A2CAF7BDA71911EAA857E09467587C17.NASL
    descriptionChrome Releases reports : This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. - [1082105] High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13 - [1083972] High CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen on 2020-05-18 - [1072116] High CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-18 - [1085990] High CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani on 2020-05-24
    last seen2020-06-11
    modified2020-06-08
    plugin id137216
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137216
    titleFreeBSD : chromium -- multiple vulnerabilities (a2caf7bd-a719-11ea-a857-e09467587c17)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_83_0_4103_97.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 83.0.4103.97. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_06_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-03
    plugin id137081
    published2020-06-03
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137081
    titleGoogle Chrome < 83.0.4103.97 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_83_0_4103_97.NASL
    descriptionThe version of Google Chrome installed on the remote macOS host is prior to 83.0.4103.97. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_06_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-03
    plugin id137080
    published2020-06-03
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137080
    titleGoogle Chrome < 83.0.4103.97 Multiple Vulnerabilities