FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6441): chromium -- multiple vulnerabilities
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC:
Google Chrome Releases reports:
This updates includes 32 security fixes, including:
[1019161] High CVE-2020-6454: Use after free in extensions.
Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on
2019-10-29
[1043446] High CVE-2020-6423: Use after free in audio.
Reported by Anonymous on 2020-01-18
[1059669] High CVE-2020-6455: Out of bounds read in WebSQL.
Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab,
Qihoo 360 on 2020-03-09
[1031479] Medium CVE-2020-6430: Type Confusion in V8.
Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
[1040755] Medium CVE-2020-6456: Insufficient validation of
untrusted input in clipboard. Reported by Michał Bentkowski of
Securitum on 2020-01-10
[852645] Medium CVE-2020-6431: Insufficient policy
enforcement in full screen. Reported by Luan Herrera (@lbherrera_)
on 2018-06-14
[965611] Medium CVE-2020-6432: Insufficient policy
enforcement in navigations. Reported by David Erceg on
2019-05-21
[1043965] Medium CVE-2020-6433: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-01-21
[1048555] Medium CVE-2020-6434: Use after free in devtools.
Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04
[1032158] Medium CVE-2020-6435: Insufficient policy
enforcement in extensions. Reported by Sergei Glazunov of Google
Project Zero on 2019-12-09
[1034519] Medium CVE-2020-6436: Use after free in window
management. Reported by Igor Bukanov from Vivaldi on 2019-12-16
[639173] Low CVE-2020-6437: Inappropriate implementation in
WebView. Reported by Jann Horn on 2016-08-19
[714617] Low CVE-2020-6438: Insufficient policy enforcement in
extensions. Reported by Ng Yik Phang on 2017-04-24
[868145] Low CVE-2020-6439: Insufficient policy enforcement in
navigations. Reported by remkoboonstra on 2018-07-26
[894477] Low CVE-2020-6440: Inappropriate implementation in
extensions. Reported by David Erceg on 2018-10-11
[959571] Low CVE-2020-6441: Insufficient policy enforcement in
omnibox. Reported by David Erceg on 2019-05-04
[1013906] Low CVE-2020-6442: Inappropriate implementation in
cache. Reported by B@rMey on 2019-10-12
[1040080] Low CVE-2020-6443: Insufficient data validation in
developer tools. Reported by @lovasoa (Ophir LOJKINE) on
2020-01-08
[922882] Low CVE-2020-6444: Uninitialized Use in WebRTC.
Reported by mlfbrown on 2019-01-17
[933171] Low CVE-2020-6445: Insufficient policy enforcement in
trusted types. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2019-02-18
[933172] Low CVE-2020-6446: Insufficient policy enforcement in
trusted types. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2019-02-18
[991217] Low CVE-2020-6447: Inappropriate implementation in
developer tools. Reported by David Erceg on 2019-08-06
[1037872] Low CVE-2020-6448: Use after free in V8. Reported by
Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26
Solution(s)
- freebsd-upgrade-package-chromium
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center