certfr_avis - CERTFR-2020-AVI-556

CERTFR-2020-AVI-556

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome versions antérieures à 85.0.4183.102

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 08 septembre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 85.0.4183.102",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6573"
    },
    {
      "name": "CVE-2020-6575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6575"
    },
    {
      "name": "CVE-2020-6576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6576"
    },
    {
      "name": "CVE-2020-15959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15959"
    },
    {
      "name": "CVE-2020-6574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6574"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-556",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 08 septembre 2020",
      "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
    }
  ]
}

CVE-2020-6576 (GCVE-0-2020-6576)

Vulnerability from cvelistv5 – Published: 2020-09-21 19:06 – Updated: 2024-08-04 09:11

Summary

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2020/09/sta…	x_refsource_MISC
	https://crbug.com/1111737	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.debian.org/security/2021/dsa-4824	vendor-advisoryx_refsource_DEBIAN
	https://security.gentoo.org/glsa/202101-30	vendor-advisoryx_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 85.0.4183.102 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:11:04.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1111737"
          },
          {
            "name": "openSUSE-SU-2020:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
          },
          {
            "name": "openSUSE-SU-2020:1510",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
          },
          {
            "name": "openSUSE-SU-2020:1514",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
          },
          {
            "name": "FEDORA-2020-2d994b986d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
          },
          {
            "name": "FEDORA-2020-aea86f913e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
          },
          {
            "name": "openSUSE-SU-2020:1713",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
          },
          {
            "name": "DSA-4824",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4824"
          },
          {
            "name": "GLSA-202101-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-30"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "85.0.4183.102",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-26T02:06:31",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1111737"
        },
        {
          "name": "openSUSE-SU-2020:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
        },
        {
          "name": "openSUSE-SU-2020:1510",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
        },
        {
          "name": "openSUSE-SU-2020:1514",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
        },
        {
          "name": "FEDORA-2020-2d994b986d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
        },
        {
          "name": "FEDORA-2020-aea86f913e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
        },
        {
          "name": "openSUSE-SU-2020:1713",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
        },
        {
          "name": "DSA-4824",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4824"
        },
        {
          "name": "GLSA-202101-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2020-6576",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "85.0.4183.102"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/1111737",
              "refsource": "MISC",
              "url": "https://crbug.com/1111737"
            },
            {
              "name": "openSUSE-SU-2020:1499",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
            },
            {
              "name": "openSUSE-SU-2020:1510",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2020:1514",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
            },
            {
              "name": "FEDORA-2020-2d994b986d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
            },
            {
              "name": "FEDORA-2020-aea86f913e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
            },
            {
              "name": "openSUSE-SU-2020:1713",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
            },
            {
              "name": "DSA-4824",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4824"
            },
            {
              "name": "GLSA-202101-30",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2020-6576",
    "datePublished": "2020-09-21T19:06:56",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T09:11:04.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-6575 (GCVE-0-2020-6575)

Vulnerability from cvelistv5 – Published: 2020-09-21 19:06 – Updated: 2024-08-04 09:11

Summary

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Race

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2020/09/sta…	x_refsource_MISC
	https://crbug.com/1081874	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.debian.org/security/2021/dsa-4824	vendor-advisoryx_refsource_DEBIAN
	https://security.gentoo.org/glsa/202101-30	vendor-advisoryx_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 85.0.4183.102 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:11:04.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1081874"
          },
          {
            "name": "openSUSE-SU-2020:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
          },
          {
            "name": "openSUSE-SU-2020:1510",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
          },
          {
            "name": "openSUSE-SU-2020:1514",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
          },
          {
            "name": "FEDORA-2020-2d994b986d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
          },
          {
            "name": "FEDORA-2020-aea86f913e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
          },
          {
            "name": "openSUSE-SU-2020:1713",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
          },
          {
            "name": "DSA-4824",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4824"
          },
          {
            "name": "GLSA-202101-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-30"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "85.0.4183.102",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Race",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-26T02:06:37",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1081874"
        },
        {
          "name": "openSUSE-SU-2020:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
        },
        {
          "name": "openSUSE-SU-2020:1510",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
        },
        {
          "name": "openSUSE-SU-2020:1514",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
        },
        {
          "name": "FEDORA-2020-2d994b986d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
        },
        {
          "name": "FEDORA-2020-aea86f913e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
        },
        {
          "name": "openSUSE-SU-2020:1713",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
        },
        {
          "name": "DSA-4824",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4824"
        },
        {
          "name": "GLSA-202101-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2020-6575",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "85.0.4183.102"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Race"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/1081874",
              "refsource": "MISC",
              "url": "https://crbug.com/1081874"
            },
            {
              "name": "openSUSE-SU-2020:1499",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
            },
            {
              "name": "openSUSE-SU-2020:1510",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2020:1514",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
            },
            {
              "name": "FEDORA-2020-2d994b986d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
            },
            {
              "name": "FEDORA-2020-aea86f913e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
            },
            {
              "name": "openSUSE-SU-2020:1713",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
            },
            {
              "name": "DSA-4824",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4824"
            },
            {
              "name": "GLSA-202101-30",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2020-6575",
    "datePublished": "2020-09-21T19:06:55",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T09:11:04.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-6573 (GCVE-0-2020-6573)

Vulnerability from cvelistv5 – Published: 2020-09-21 19:06 – Updated: 2024-08-04 09:11

Summary

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2020/09/sta…	x_refsource_MISC
	https://crbug.com/1116304	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.debian.org/security/2021/dsa-4824	vendor-advisoryx_refsource_DEBIAN
	https://security.gentoo.org/glsa/202101-30	vendor-advisoryx_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 85.0.4183.102 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:11:04.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1116304"
          },
          {
            "name": "openSUSE-SU-2020:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
          },
          {
            "name": "openSUSE-SU-2020:1510",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
          },
          {
            "name": "openSUSE-SU-2020:1514",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
          },
          {
            "name": "FEDORA-2020-2d994b986d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
          },
          {
            "name": "FEDORA-2020-aea86f913e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
          },
          {
            "name": "openSUSE-SU-2020:1713",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
          },
          {
            "name": "DSA-4824",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4824"
          },
          {
            "name": "GLSA-202101-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-30"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "85.0.4183.102",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-26T02:07:00",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1116304"
        },
        {
          "name": "openSUSE-SU-2020:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
        },
        {
          "name": "openSUSE-SU-2020:1510",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
        },
        {
          "name": "openSUSE-SU-2020:1514",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
        },
        {
          "name": "FEDORA-2020-2d994b986d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
        },
        {
          "name": "FEDORA-2020-aea86f913e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
        },
        {
          "name": "openSUSE-SU-2020:1713",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
        },
        {
          "name": "DSA-4824",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4824"
        },
        {
          "name": "GLSA-202101-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2020-6573",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "85.0.4183.102"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/1116304",
              "refsource": "MISC",
              "url": "https://crbug.com/1116304"
            },
            {
              "name": "openSUSE-SU-2020:1499",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
            },
            {
              "name": "openSUSE-SU-2020:1510",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2020:1514",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
            },
            {
              "name": "FEDORA-2020-2d994b986d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
            },
            {
              "name": "FEDORA-2020-aea86f913e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
            },
            {
              "name": "openSUSE-SU-2020:1713",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
            },
            {
              "name": "DSA-4824",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4824"
            },
            {
              "name": "GLSA-202101-30",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2020-6573",
    "datePublished": "2020-09-21T19:06:54",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T09:11:04.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15959 (GCVE-0-2020-15959)

Vulnerability from cvelistv5 – Published: 2020-09-21 19:06 – Updated: 2024-08-04 13:30

Summary

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

URL

Tags

	https://crbug.com/1122684	x_refsource_MISC
	https://chromereleases.googleblog.com/2020/09/sta…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.debian.org/security/2021/dsa-4824	vendor-advisoryx_refsource_DEBIAN
	https://security.gentoo.org/glsa/202101-30	vendor-advisoryx_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 85.0.4183.102 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:30:23.418Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1122684"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
          },
          {
            "name": "openSUSE-SU-2020:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
          },
          {
            "name": "openSUSE-SU-2020:1510",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
          },
          {
            "name": "openSUSE-SU-2020:1514",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
          },
          {
            "name": "FEDORA-2020-2d994b986d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
          },
          {
            "name": "FEDORA-2020-aea86f913e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
          },
          {
            "name": "openSUSE-SU-2020:1713",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
          },
          {
            "name": "DSA-4824",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4824"
          },
          {
            "name": "GLSA-202101-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-30"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "85.0.4183.102",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-26T02:06:41",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1122684"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
        },
        {
          "name": "openSUSE-SU-2020:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
        },
        {
          "name": "openSUSE-SU-2020:1510",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
        },
        {
          "name": "openSUSE-SU-2020:1514",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
        },
        {
          "name": "FEDORA-2020-2d994b986d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
        },
        {
          "name": "FEDORA-2020-aea86f913e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
        },
        {
          "name": "openSUSE-SU-2020:1713",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
        },
        {
          "name": "DSA-4824",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4824"
        },
        {
          "name": "GLSA-202101-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2020-15959",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "85.0.4183.102"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/1122684",
              "refsource": "MISC",
              "url": "https://crbug.com/1122684"
            },
            {
              "name": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
            },
            {
              "name": "openSUSE-SU-2020:1499",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
            },
            {
              "name": "openSUSE-SU-2020:1510",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2020:1514",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
            },
            {
              "name": "FEDORA-2020-2d994b986d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
            },
            {
              "name": "FEDORA-2020-aea86f913e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
            },
            {
              "name": "openSUSE-SU-2020:1713",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
            },
            {
              "name": "DSA-4824",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4824"
            },
            {
              "name": "GLSA-202101-30",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2020-15959",
    "datePublished": "2020-09-21T19:06:34",
    "dateReserved": "2020-07-27T00:00:00",
    "dateUpdated": "2024-08-04T13:30:23.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-6574 (GCVE-0-2020-6574)

Vulnerability from cvelistv5 – Published: 2020-09-21 19:06 – Updated: 2024-08-04 09:11

Summary

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2020/09/sta…	x_refsource_MISC
	https://crbug.com/1102196	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.debian.org/security/2021/dsa-4824	vendor-advisoryx_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 85.0.4183.102 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:11:04.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1102196"
          },
          {
            "name": "openSUSE-SU-2020:1499",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
          },
          {
            "name": "openSUSE-SU-2020:1510",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
          },
          {
            "name": "openSUSE-SU-2020:1514",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
          },
          {
            "name": "FEDORA-2020-2d994b986d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
          },
          {
            "name": "FEDORA-2020-aea86f913e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
          },
          {
            "name": "openSUSE-SU-2020:1713",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
          },
          {
            "name": "DSA-4824",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "85.0.4183.102",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-02T15:07:09",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1102196"
        },
        {
          "name": "openSUSE-SU-2020:1499",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
        },
        {
          "name": "openSUSE-SU-2020:1510",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
        },
        {
          "name": "openSUSE-SU-2020:1514",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
        },
        {
          "name": "FEDORA-2020-2d994b986d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
        },
        {
          "name": "FEDORA-2020-aea86f913e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
        },
        {
          "name": "openSUSE-SU-2020:1713",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
        },
        {
          "name": "DSA-4824",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4824"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2020-6574",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "85.0.4183.102"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/1102196",
              "refsource": "MISC",
              "url": "https://crbug.com/1102196"
            },
            {
              "name": "openSUSE-SU-2020:1499",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
            },
            {
              "name": "openSUSE-SU-2020:1510",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2020:1514",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
            },
            {
              "name": "FEDORA-2020-2d994b986d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"
            },
            {
              "name": "FEDORA-2020-aea86f913e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"
            },
            {
              "name": "openSUSE-SU-2020:1713",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
            },
            {
              "name": "DSA-4824",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4824"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2020-6574",
    "datePublished": "2020-09-21T19:06:55",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T09:11:04.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2020-AVI-556

Solution

CVE-2020-6576 (GCVE-0-2020-6576)

CVE-2020-6575 (GCVE-0-2020-6575)

CVE-2020-6573 (GCVE-0-2020-6573)

CVE-2020-15959 (GCVE-0-2020-15959)

CVE-2020-6574 (GCVE-0-2020-6574)

Tags

Sightings

Nomenclature