Vulnerability-Lookup

CVE-2020-6461 (GCVE-0-2020-6461)

Vulnerability from cvelistv5 – Published: 2020-05-21 03:46 – Updated: 2024-08-04 09:02

Summary

Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

URL

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 81.0.4044.129 (custom)

RHSA-2020:1981

Vulnerability from csaf_redhat - Published: 2020-04-30 09:55 - Updated: 2025-11-21 18:14

Summary

Red Hat Security Advisory: chromium-browser security update

Notes

Topic

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 81.0.4044.129. Security Fix(es): * chromium-browser: Use after free in storage (CVE-2020-6461) * chromium-browser: Use after free in task scheduling (CVE-2020-6462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 81.0.4044.129.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in storage (CVE-2020-6461)\n\n* chromium-browser: Use after free in task scheduling (CVE-2020-6462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:1981",
        "url": "https://access.redhat.com/errata/RHSA-2020:1981"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1828859",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828859"
      },
      {
        "category": "external",
        "summary": "1828860",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828860"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1981.json"
      }
    ],
    "title": "Red Hat Security Advisory: chromium-browser security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:14:09+00:00",
      "generator": {
        "date": "2025-11-21T18:14:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2020:1981",
      "initial_release_date": "2020-04-30T09:55:05+00:00",
      "revision_history": [
        {
          "date": "2020-04-30T09:55:05+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-04-30T09:55:05+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:14:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
                  "product_id": "6ComputeNode-Supplementary-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromium-browser-0:81.0.4044.129-1.el6_10.i686",
                "product": {
                  "name": "chromium-browser-0:81.0.4044.129-1.el6_10.i686",
                  "product_id": "chromium-browser-0:81.0.4044.129-1.el6_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser@81.0.4044.129-1.el6_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
                "product": {
                  "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
                  "product_id": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@81.0.4044.129-1.el6_10?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
                "product": {
                  "name": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
                  "product_id": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser@81.0.4044.129-1.el6_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
                "product": {
                  "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
                  "product_id": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@81.0.4044.129-1.el6_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:81.0.4044.129-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-0:81.0.4044.129-1.el6_10.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
        "relates_to_product_reference": "6Client-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
        "relates_to_product_reference": "6Client-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:81.0.4044.129-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
          "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-0:81.0.4044.129-1.el6_10.i686",
        "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
          "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
        "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
          "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
        "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
          "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
        "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:81.0.4044.129-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-0:81.0.4044.129-1.el6_10.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
        "relates_to_product_reference": "6Server-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
        "relates_to_product_reference": "6Server-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:81.0.4044.129-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-0:81.0.4044.129-1.el6_10.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
        "relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
        "relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-6461",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2020-04-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828860"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use after free in storage",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
          "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
          "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
          "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
          "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-6461"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828860",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828860"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-6461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6461"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html",
          "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html"
        }
      ],
      "release_date": "2020-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-30T09:55:05+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1981"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use after free in storage"
    },
    {
      "cve": "CVE-2020-6462",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2020-04-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828859"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Chromium browser. The task scheduling component was found to have a use-after-free memory flaw. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use after free in task scheduling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
          "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
          "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
          "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
          "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-6462"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828859",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828859"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-6462"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6462",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6462"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html",
          "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html"
        }
      ],
      "release_date": "2020-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-30T09:55:05+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1981"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:81.0.4044.129-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:81.0.4044.129-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use after free in task scheduling"
    }
  ]
}

CERTFR-2020-AVI-245

Vulnerability from certfr_avis - Published: 2020-04-28 - Updated: 2020-04-28

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome versions antérieures à 81.0.4044.129

References

Title

Publication Time

OPENSUSE-SU-2020:0635-1

Vulnerability from csaf_opensuse - Published: 2020-05-09 10:17 - Updated: 2020-05-09 10:17

Summary

Security update for opera

Notes

Title of the patch

Security update for opera

Description of the patch

This update for opera fixes the following issues: Opera was updated to version 68.0.3618.63 - CHR-7889 Update chromium on desktop-stable-81-3618 to 81.0.4044.122 - CHR-7896 Update chromium on desktop-stable-81-3618 to 81.0.4044.129 - DNA-85287 Set standard spacing for Yandex prompt - DNA-85416 [Mac] Animation of tab insert is glitchy on slow machines - DNA-85568 Verify API for triggering “unread” mode with Instagram. - DNA-86027 Present Now not working in google meet after canceling it once - DNA-86028 Add a back and forward button in the Instagram panel - DNA-86029 Investigate and implement re-freshing of the instagram panel content - Update chromium to 81.0.4044.122 fixes CVE-2020-6458, CVE-2020-6459, CVE-2020-6460 - Update chromium to 81.0.4044.129 fixes CVE-2020-6461, CVE-2020-6462 Update to version 68.0.3618.56 - DNA-85256 [Win] Cookies section on site pages is white in dark mode - DNA-85474 [Mac] Dragging tabs to the left with hidden sidebar is broken - DNA-85771 DNS-over-HTTPS example in settings is wrong - DNA-85976 Change page display time when navigating from opera:startpage - CHR-7878 Update chromium on desktop-stable-81-3618 to 81.0.4044.113 (CVE-2020-6457) - DNA-78158 PATCH-1272 should be removed - DNA-84721 Weather widget is overlapped when ‘Use bigger tiles’ - DNA-85246 Implement 0-state dialog and onboarding - DNA-85354 O-menu is misplaced when opened with maximized opera - DNA-85405 Add link to Privacy Policy on the 0-state dialog - DNA-85409 Ask for geolocation EULA once - DNA-85426 Crash at opera::DownloadActionButton::Update() - DNA-85454 Add id’s to elements for testing - DNA-85493 Add “Show Weather” toggle to “Start Page” section in Easy Setup - DNA-85501 Set timestamps in geolocation exception record - DNA-85514 Add fallback when geolocation fails - DNA-85713 Report consent for geolocation on start page - DNA-85753 Fetch news configuration from new endpoint - DNA-85798 Incorrect padding in Search in Tabs window - DNA-85801 Disable notification on instagram panel - DNA-85809 Update instagram icon in the Sidebar Setup - DNA-85854 Change Instagram panel size, to fit desktop version - Complete Opera 68.0 changelog at: https://blogs.opera.com/desktop/changelog-for-68/ Update to version 67.0.3575.137 - CHR-7852 Update chromium on desktop-stable-80-3575 to 80.0.3987.163 - DNA-82540 Crash at remote_cocoa::NativeWidgetNSWindowBridge:: SetVisibilityState(remote_cocoa::mojom::WindowVisibilityState) - DNA-84951 New PiP is completely black for some 2 GPU setups - DNA-85284 Chrome “Open link in same tab, pop-up as tab [Free]” extension is no longer working in Opera - DNA-85415 [Mac] Inspect Popup not working - DNA-85530 Create API for displaying and triggering “unread” mode for messengers from in-app - DNA-85537 Let addons.opera.com interact with sidebar messengers Update to version 67.0.3575.115 - CHR-7833 Update chromium on desktop-stable-80-3575 to 80.0.3987.149 - DNA-74423 [Mac] Search/Copy popup stuck on top left of screen - DNA-82975 Crash at blink::DocumentLifecycle::EnsureStateAtMost (blink::DocumentLifecycle::LifecycleState) - DNA-83834 Crash at base::MessagePumpNSApplication:: DoRun (base::MessagePump::Delegate*) - DNA-84632 macOS 10.15.2 fail on creating testlist.json - DNA-84713 Switching through tabs broken when using workspaces

Patchnames

openSUSE-2020-635

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for opera",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for opera fixes the following issues:\n\nOpera was updated to version 68.0.3618.63\n\n- CHR-7889 Update chromium on desktop-stable-81-3618 to\n  81.0.4044.122\n- CHR-7896 Update chromium on desktop-stable-81-3618 to\n  81.0.4044.129\n- DNA-85287 Set standard spacing for Yandex prompt\n- DNA-85416 [Mac] Animation of tab insert is glitchy on slow\n  machines\n- DNA-85568 Verify API for triggering \u201cunread\u201d mode with\n  Instagram.\n- DNA-86027 Present Now not working in google meet after\n  canceling it once\n- DNA-86028 Add a back and forward button in the Instagram panel\n- DNA-86029 Investigate and implement re-freshing of the\n  instagram panel content\n\n- Update chromium to 81.0.4044.122 fixes CVE-2020-6458, CVE-2020-6459, CVE-2020-6460\n- Update chromium to 81.0.4044.129 fixes CVE-2020-6461, CVE-2020-6462\n\nUpdate to version 68.0.3618.56\n\n- DNA-85256 [Win] Cookies section on site pages is white in\n  dark mode\n- DNA-85474 [Mac] Dragging tabs to the left with hidden sidebar\n  is broken\n- DNA-85771 DNS-over-HTTPS example in settings is wrong\n- DNA-85976 Change page display time when navigating from \n  opera:startpage\n- CHR-7878 Update chromium on desktop-stable-81-3618 to \n  81.0.4044.113 (CVE-2020-6457)\n- DNA-78158 PATCH-1272 should be removed\n- DNA-84721 Weather widget is overlapped when \u2018Use bigger tiles\u2019\n- DNA-85246 Implement 0-state dialog and onboarding\n- DNA-85354 O-menu is misplaced when opened with maximized opera\n- DNA-85405 Add link to Privacy Policy on the 0-state dialog\n- DNA-85409 Ask for geolocation EULA once\n- DNA-85426 Crash at opera::DownloadActionButton::Update()\n- DNA-85454 Add id\u2019s to elements for testing\n- DNA-85493 Add \u201cShow Weather\u201d toggle to \u201cStart Page\u201d section \n  in Easy Setup\n- DNA-85501 Set timestamps in geolocation exception record\n- DNA-85514 Add fallback when geolocation fails\n- DNA-85713 Report consent for geolocation on start page\n- DNA-85753 Fetch news configuration from new endpoint\n- DNA-85798 Incorrect padding in Search in Tabs window\n- DNA-85801 Disable notification on instagram panel\n- DNA-85809 Update instagram icon in the Sidebar Setup\n- DNA-85854 Change Instagram panel size, to fit desktop \n  version\n- Complete Opera 68.0 changelog at:\n  https://blogs.opera.com/desktop/changelog-for-68/\n\nUpdate to version 67.0.3575.137\n\n- CHR-7852 Update chromium on desktop-stable-80-3575\n  to 80.0.3987.163\n- DNA-82540 Crash at remote_cocoa::NativeWidgetNSWindowBridge::\n  SetVisibilityState(remote_cocoa::mojom::WindowVisibilityState)\n- DNA-84951 New PiP is completely black for some 2 GPU setups\n- DNA-85284 Chrome \u201cOpen link in same tab, pop-up as tab [Free]\u201d\n  extension is no longer working in Opera\n- DNA-85415 [Mac] Inspect Popup not working\n- DNA-85530 Create API for displaying and triggering \u201cunread\u201d\n  mode for messengers from in-app\n- DNA-85537 Let addons.opera.com interact with sidebar messengers\n\nUpdate to version 67.0.3575.115\n\n- CHR-7833 Update chromium on desktop-stable-80-3575\n  to 80.0.3987.149\n- DNA-74423 [Mac] Search/Copy popup stuck on top left of screen\n- DNA-82975 Crash at blink::DocumentLifecycle::EnsureStateAtMost\n  (blink::DocumentLifecycle::LifecycleState)\n- DNA-83834 Crash at base::MessagePumpNSApplication:: DoRun\n  (base::MessagePump::Delegate*)\n- DNA-84632 macOS 10.15.2 fail on creating testlist.json\n- DNA-84713 Switching through tabs broken when using workspaces\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-635",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0635-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0635-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F6JPGRCMJIBFSTEUKUCXOWZKVCHWU4O7/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0635-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F6JPGRCMJIBFSTEUKUCXOWZKVCHWU4O7/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6457 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6457/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6458 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6458/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6459 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6459/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6460 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6460/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6461 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6461/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-6462 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-6462/"
      }
    ],
    "title": "Security update for opera",
    "tracking": {
      "current_release_date": "2020-05-09T10:17:29Z",
      "generator": {
        "date": "2020-05-09T10:17:29Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0635-1",
      "initial_release_date": "2020-05-09T10:17:29Z",
      "revision_history": [
        {
          "date": "2020-05-09T10:17:29Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "opera-68.0.3618.63-lp151.2.15.1.x86_64",
                "product": {
                  "name": "opera-68.0.3618.63-lp151.2.15.1.x86_64",
                  "product_id": "opera-68.0.3618.63-lp151.2.15.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1 NonFree",
                "product": {
                  "name": "openSUSE Leap 15.1 NonFree",
                  "product_id": "openSUSE Leap 15.1 NonFree",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "opera-68.0.3618.63-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1 NonFree",
          "product_id": "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
        },
        "product_reference": "opera-68.0.3618.63-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1 NonFree"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-6457",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6457"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6457",
          "url": "https://www.suse.com/security/cve/CVE-2020-6457"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169729 for CVE-2020-6457",
          "url": "https://bugzilla.suse.com/1169729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-09T10:17:29Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-6457"
    },
    {
      "cve": "CVE-2020-6458",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6458"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6458",
          "url": "https://www.suse.com/security/cve/CVE-2020-6458"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170107 for CVE-2020-6458",
          "url": "https://bugzilla.suse.com/1170107"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-09T10:17:29Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-6458"
    },
    {
      "cve": "CVE-2020-6459",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6459"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6459",
          "url": "https://www.suse.com/security/cve/CVE-2020-6459"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170107 for CVE-2020-6459",
          "url": "https://bugzilla.suse.com/1170107"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-09T10:17:29Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-6459"
    },
    {
      "cve": "CVE-2020-6460",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6460"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6460",
          "url": "https://www.suse.com/security/cve/CVE-2020-6460"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170107 for CVE-2020-6460",
          "url": "https://bugzilla.suse.com/1170107"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-09T10:17:29Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-6460"
    },
    {
      "cve": "CVE-2020-6461",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6461"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6461",
          "url": "https://www.suse.com/security/cve/CVE-2020-6461"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170707 for CVE-2020-6461",
          "url": "https://bugzilla.suse.com/1170707"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-09T10:17:29Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-6461"
    },
    {
      "cve": "CVE-2020-6462",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-6462"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-6462",
          "url": "https://www.suse.com/security/cve/CVE-2020-6462"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170707 for CVE-2020-6462",
          "url": "https://bugzilla.suse.com/1170707"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-09T10:17:29Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-6462"
    }
  ]
}

FKIE_CVE-2020-6461

Vulnerability from fkie_nvd - Published: 2020-05-21 04:15 - Updated: 2024-11-21 05:35

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html	Release Notes, Vendor Advisory
chrome-cve-admin@google.com	https://crbug.com/1072983	Permissions Required, Vendor Advisory
chrome-cve-admin@google.com	https://security.gentoo.org/glsa/202005-13	Third Party Advisory
chrome-cve-admin@google.com	https://www.debian.org/security/2020/dsa-4714	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://crbug.com/1072983	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202005-13	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4714	Third Party Advisory

Impacted products

Vendor	Product	Version
google	chrome	*
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8453C67C-73ED-4C64-8CBD-43DC81B7B647",
              "versionEndExcluding": "81.0.4044.129",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
    },
    {
      "lang": "es",
      "value": "Un uso de la memoria previamente liberada en storage en Google Chrome versiones anteriores a la versi\u00f3n   81.0.4044.129, permiti\u00f3 a un atacante remoto que hab\u00eda comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una p\u00e1gina HTML especialmente dise\u00f1ada."
    }
  ],
  "id": "CVE-2020-6461",
  "lastModified": "2024-11-21T05:35:46.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-21T04:15:11.083",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://crbug.com/1072983"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202005-13"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://crbug.com/1072983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202005-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4714"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-29367

Vulnerability from cnvd - Published: 2020-05-21

Title

Google Chrome资源管理错误漏洞（CNVD-2020-29367）

Description

Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome 81.0.4044.129之前版本中存在资源管理错误漏洞。远程攻击者可利用该漏洞执行任意代码或导致拒绝服务。

Severity

高

Patch Name

Google Chrome资源管理错误漏洞（CNVD-2020-29367）的补丁

Patch Description

Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome 81.0.4044.129之前版本中存在资源管理错误漏洞。远程攻击者可利用该漏洞执行任意代码或导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://chromereleases.googleblog.com/

Reference

https://www.auscert.org.au/bulletins/ESB-2020.1554/

Impacted products

Name
Google Chrome <81.0.4044.129

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6461",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-6461"
    }
  },
  "description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\n\nGoogle Chrome 81.0.4044.129\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-29367",
  "openTime": "2020-05-21",
  "patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome 81.0.4044.129\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-29367\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c81.0.4044.129"
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2020.1554/",
  "serverity": "\u9ad8",
  "submitTime": "2020-04-28",
  "title": "Google Chrome\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-29367\uff09"
}

GHSA-2CHH-QCXJ-M24M

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-10-06 00:00

Details

Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Severity ?

9.6 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-21T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
  "id": "GHSA-2chh-qcxj-m24m",
  "modified": "2022-10-06T00:00:42Z",
  "published": "2022-05-24T17:18:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6461"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1072983"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202005-13"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4714"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2020-6461

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Aliases

CVE-2020-6461

Aliases

CVE-2020-6461

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-6461",
    "description": "Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
    "id": "GSD-2020-6461",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-6461.html",
      "https://www.debian.org/security/2020/dsa-4714",
      "https://access.redhat.com/errata/RHSA-2020:1981",
      "https://advisories.mageia.org/CVE-2020-6461.html",
      "https://security.archlinux.org/CVE-2020-6461"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-6461"
      ],
      "details": "Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
      "id": "GSD-2020-6461",
      "modified": "2023-12-13T01:21:55.068007Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "chrome-cve-admin@google.com",
        "ID": "CVE-2020-6461",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Chrome",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "81.0.4044.129"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use after free"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-202005-13",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202005-13"
          },
          {
            "name": "https://crbug.com/1072983",
            "refsource": "MISC",
            "url": "https://crbug.com/1072983"
          },
          {
            "name": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html",
            "refsource": "MISC",
            "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html"
          },
          {
            "name": "DSA-4714",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4714"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "81.0.4044.129",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2020-6461"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html"
            },
            {
              "name": "https://crbug.com/1072983",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://crbug.com/1072983"
            },
            {
              "name": "GLSA-202005-13",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202005-13"
            },
            {
              "name": "DSA-4714",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4714"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2022-10-05T20:40Z",
      "publishedDate": "2020-05-21T04:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-6461 (GCVE-0-2020-6461)

RHSA-2020:1981

CERTFR-2020-AVI-245

Solution

OPENSUSE-SU-2020:0635-1

FKIE_CVE-2020-6461

CNVD-2020-29367

GHSA-2CHH-QCXJ-M24M

GSD-2020-6461

Tags

Sightings

Nomenclature