Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-64988354-0889-11EB-A01B-E09467587C17 (CVE-2020-15977): chromium -- multiple vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-64988354-0889-11EB-A01B-E09467587C17 (CVE-2020-15977): chromium -- multiple vulnerabilities

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
10/06/2020
Created
10/10/2020
Added
10/08/2020
Modified
11/06/2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-64988354-0889-11EB-A01B-E09467587C17:

Chrome releases reports:

This release contains 35 security fixes, including:

[1127322] Critical CVE-2020-15967: Use after free in payments.

Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11

[1126424] High CVE-2020-15968: Use after free in Blink.

Reported by Anonymous on 2020-09-09

[1124659] High CVE-2020-15969: Use after free in WebRTC.

Reported by Anonymous on 2020-09-03

[1108299] High CVE-2020-15970: Use after free in NFC. Reported

by Man Yue Mo of GitHub Security Lab on 2020-07-22

[1114062] High CVE-2020-15971: Use after free in printing.

Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on

2020-08-07

[1115901] High CVE-2020-15972: Use after free in audio.

Reported by Anonymous on 2020-08-13

[1133671] High CVE-2020-15990: Use after free in autofill.

Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on

2020-09-30

[1133688] High CVE-2020-15991: Use after free in password

manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo

360 on 2020-09-30

[1106890] Medium CVE-2020-15973: Insufficient policy

enforcement in extensions. Reported by David Erceg on

2020-07-17

[1104103] Medium CVE-2020-15974: Integer overflow in Blink.

Reported by Juno Im (junorouse) of Theori on 2020-07-10

[1110800] Medium CVE-2020-15975: Integer overflow in

SwiftShader. Reported by Anonymous on 2020-07-29

[1123522] Medium CVE-2020-15976: Use after free in WebXR.

Reported by YoungJoo Lee (@ashuu_lee) of Raon Whitehat on

2020-08-31

[1083278] Medium CVE-2020-6557: Inappropriate implementation

in networking. Reported by Matthias Gierlings and Marcus Brinkmann

(NDS Ruhr-University Bochum) on 2020-05-15

[1097724] Medium CVE-2020-15977: Insufficient data validation

in dialogs. Reported by Narendra Bhati (@imnarendrabhati) on

2020-06-22

[1116280] Medium CVE-2020-15978: Insufficient data validation

in navigation. Reported by Luan Herrera (@lbherrera_) on

2020-08-14

[1127319] Medium CVE-2020-15979: Inappropriate implementation

in V8. Reported by Avihay Cohen (@SeraphicAlgorithms) on

2020-09-11

[1092453] Medium CVE-2020-15980: Insufficient policy

enforcement in Intents. Reported by Yongke Wang (@Rudykewang) and

Aryb1n (@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08

[1123023] Medium CVE-2020-15981: Out of bounds read in audio.

Reported by Christoph Guttandin on 2020-08-28

[1039882] Medium CVE-2020-15982: Side-channel information

leakage in cache. Reported by Luan Herrera (@lbherrera_) on

2020-01-07

[1076786] Medium CVE-2020-15983: Insufficient data validation

in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability

Research on 2020-04-30

[1080395] Medium CVE-2020-15984: Insufficient policy

enforcement in Omnibox. Reported by Rayyan Bijoora on

2020-05-07

[1099276] Medium CVE-2020-15985: Inappropriate implementation

in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser

Vulnerability Research on 2020-06-25

[1100247] Medium CVE-2020-15986: Integer overflow in media.

Reported by Mark Brand of Google Project Zero on 2020-06-29

[1127774] Medium CVE-2020-15987: Use after free in WebRTC.

Reported by Philipp Hancke on 2020-09-14

[1110195] Medium CVE-2020-15992: Insufficient policy

enforcement in networking. Reported by Alison Huffman, Microsoft

Browser Vulnerability Research on 2020-07-28

[1092518] Low CVE-2020-15988: Insufficient policy enforcement

in downloads. Reported by Samuel Attard on 2020-06-08

[1108351] Low CVE-2020-15989: Uninitialized Use in PDFium.

Reported by Gareth Evans (Microsoft) on 2020-07-22

Solution(s)

  • freebsd-upgrade-package-chromium

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;