vulnerability

FreeBSD: VID-D153C4D2-50F8-11EB-8046-3065EC8FD3EC (CVE-2020-16043): chromium -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Jan 6, 2021	Jan 8, 2021	Mar 8, 2021

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jan 6, 2021

Added

Jan 8, 2021

Modified

Mar 8, 2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-D153C4D2-50F8-11EB-8046-3065EC8FD3EC:

Chrome Releases reports:

This release includes 16 security fixes, including:

[1148749] High CVE-2021-21106: Use after free in autofill.

Reported by Weipeng Jiang (@Krace) from Codesafe Team of

Legendsec at Qi'anxin Group on 2020-11-13

[1153595] High CVE-2021-21107: Use after free in drag and

drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab on

2020-11-30

[1155426] High CVE-2021-21108: Use after free in media.

Reported by Leecraso and Guang Gong of 360 Alpha Lab on

2020-12-04

[1152334] High CVE-2021-21109: Use after free in payments.

Reported by Rong Jian and Guang Gong of 360 Alpha Lab on

2020-11-24

[1152451] High CVE-2021-21110: Use after free in safe

browsing. Reported by Anonymous on 2020-11-24

[1149125] High CVE-2021-21111: Insufficient policy enforcement

in WebUI. Reported by Alesandro Ortiz on 2020-11-15

[1151298] High CVE-2021-21112: Use after free in Blink.

Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on

2020-11-20

[1155178] High CVE-2021-21113: Heap buffer overflow in Skia.

Reported by tsubmunu on 2020-12-03

[1148309] High CVE-2020-16043: Insufficient data validation in

networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory

Vishnepolsky at Armis on 2020-11-12

[1150065] High CVE-2021-21114: Use after free in audio.

Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17

[1157790] High CVE-2020-15995: Out of bounds write in V8.

Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu

Lab on 2020-12-11

[1157814] High CVE-2021-21115: Use after free in safe browsing.

Reported by Leecraso and Guang Gong of 360 Alpha Lab on

2020-12-11

[1151069] Medium CVE-2021-21116: Heap buffer overflow in audio.

Reported by Alison Huffman, Microsoft Browser Vulnerability

Research on 2020-11-19

Solution

freebsd-upgrade-package-chromium

References

NVD-CVE-2020-16043

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today