vulnerability

FreeBSD: VID-64988354-0889-11EB-A01B-E09467587C17 (CVE-2020-15988): chromium -- multiple vulnerabilities

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
2020-10-06
Added
2020-10-08
Modified
2020-11-09

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-64988354-0889-11EB-A01B-E09467587C17:




Chrome releases reports:



This release contains 35 security fixes, including:



[1127322] Critical CVE-2020-15967: Use after free in payments.


Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11


[1126424] High CVE-2020-15968: Use after free in Blink.


Reported by Anonymous on 2020-09-09


[1124659] High CVE-2020-15969: Use after free in WebRTC.


Reported by Anonymous on 2020-09-03


[1108299] High CVE-2020-15970: Use after free in NFC. Reported


by Man Yue Mo of GitHub Security Lab on 2020-07-22


[1114062] High CVE-2020-15971: Use after free in printing.


Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on


2020-08-07


[1115901] High CVE-2020-15972: Use after free in audio.


Reported by Anonymous on 2020-08-13


[1133671] High CVE-2020-15990: Use after free in autofill.


Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on


2020-09-30


[1133688] High CVE-2020-15991: Use after free in password


manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo


360 on 2020-09-30


[1106890] Medium CVE-2020-15973: Insufficient policy


enforcement in extensions. Reported by David Erceg on


2020-07-17


[1104103] Medium CVE-2020-15974: Integer overflow in Blink.


Reported by Juno Im (junorouse) of Theori on 2020-07-10


[1110800] Medium CVE-2020-15975: Integer overflow in


SwiftShader. Reported by Anonymous on 2020-07-29


[1123522] Medium CVE-2020-15976: Use after free in WebXR.


Reported by YoungJoo Lee (@ashuu_lee) of Raon Whitehat on


2020-08-31


[1083278] Medium CVE-2020-6557: Inappropriate implementation


in networking. Reported by Matthias Gierlings and Marcus Brinkmann


(NDS Ruhr-University Bochum) on 2020-05-15


[1097724] Medium CVE-2020-15977: Insufficient data validation


in dialogs. Reported by Narendra Bhati (@imnarendrabhati) on


2020-06-22


[1116280] Medium CVE-2020-15978: Insufficient data validation


in navigation. Reported by Luan Herrera (@lbherrera_) on


2020-08-14


[1127319] Medium CVE-2020-15979: Inappropriate implementation


in V8. Reported by Avihay Cohen (@SeraphicAlgorithms) on


2020-09-11


[1092453] Medium CVE-2020-15980: Insufficient policy


enforcement in Intents. Reported by Yongke Wang (@Rudykewang) and


Aryb1n (@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08


[1123023] Medium CVE-2020-15981: Out of bounds read in audio.


Reported by Christoph Guttandin on 2020-08-28


[1039882] Medium CVE-2020-15982: Side-channel information


leakage in cache. Reported by Luan Herrera (@lbherrera_) on


2020-01-07


[1076786] Medium CVE-2020-15983: Insufficient data validation


in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability


Research on 2020-04-30


[1080395] Medium CVE-2020-15984: Insufficient policy


enforcement in Omnibox. Reported by Rayyan Bijoora on


2020-05-07


[1099276] Medium CVE-2020-15985: Inappropriate implementation


in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser


Vulnerability Research on 2020-06-25


[1100247] Medium CVE-2020-15986: Integer overflow in media.


Reported by Mark Brand of Google Project Zero on 2020-06-29


[1127774] Medium CVE-2020-15987: Use after free in WebRTC.


Reported by Philipp Hancke on 2020-09-14


[1110195] Medium CVE-2020-15992: Insufficient policy


enforcement in networking. Reported by Alison Huffman, Microsoft


Browser Vulnerability Research on 2020-07-28


[1092518] Low CVE-2020-15988: Insufficient policy enforcement


in downloads. Reported by Samuel Attard on 2020-06-08


[1108351] Low CVE-2020-15989: Uninitialized Use in PDFium.


Reported by Gareth Evans (Microsoft) on 2020-07-22





Solution

freebsd-upgrade-package-chromium
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.