FreeBSD: VID-01FFD06A-36ED-11EB-B655-3065EC8FD3EC (CVE-2020-16038): chromium -- multiple vulnerabilities
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-01FFD06A-36ED-11EB-B655-3065EC8FD3EC:
Chrome Releases reports:
This release contains 8 security fixes, including:
[1142331] High CVE-2020-16037: Use after free in clipboard.
Reported by Ryoya Tsukasaki on 2020-10-26
[1138683] High CVE-2020-16038: Use after free in media.
Reported by Khalil Zhani on 2020-10-14
[1149177] High CVE-2020-16039: Use after free in extensions.
Reported by Anonymous on 2020-11-15
[1150649] High CVE-2020-16040: Insufficient data validation in
V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability
Research on 2020-11-19
[1151865] Medium CVE-2020-16041: Out of bounds read in
networking. Reported by Sergei Glazunov and Mark Brand of Google
Project Zero on 2020-11-23
[1151890] Medium CVE-2020-16042: Uninitialized Use in V8.
Reported by André Bargull on 2020-11-2
Solution(s)
- freebsd-upgrade-package-chromium
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center