The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1487 advisory.

    Chromium is an open-source web browser, powered by WebKit (Blink).

    This update upgrades Chromium to version 81.0.4044.92.

    Security Fix(es):

    * chromium-browser: Use after free in audio (CVE-2020-6423)

    * chromium-browser: Use after free in extensions (CVE-2020-6454)

    * chromium-browser: Out of bounds read in WebSQL (CVE-2020-6455)

    * chromium-browser: Type Confusion in V8 (CVE-2020-6430)

    * chromium-browser: Insufficient policy enforcement in full screen (CVE-2020-6431)

    * chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6432)

    * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6433)

    * chromium-browser: Use after free in devtools (CVE-2020-6434)

    * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6435)

    * chromium-browser: Use after free in window management (CVE-2020-6436)

    * chromium-browser: Insufficient validation of untrusted input in clipboard (CVE-2020-6456)

    * chromium-browser: Inappropriate implementation in WebView (CVE-2020-6437)

    * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6438)

    * chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6439)

    * chromium-browser: Inappropriate implementation in extensions (CVE-2020-6440)

    * chromium-browser: Insufficient policy enforcement in omnibox (CVE-2020-6441)

    * chromium-browser: Inappropriate implementation in cache (CVE-2020-6442)

    * chromium-browser: Insufficient data validation in developer tools (CVE-2020-6443)

    * chromium-browser: Uninitialized use in WebRTC (CVE-2020-6444)

    * chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6445)

    * chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6446)

    * chromium-browser: Inappropriate implementation in developer tools (CVE-2020-6447)

    * chromium-browser: Use after free in V8 (CVE-2020-6448)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : chromium-browser (RHSA-2020:1487)

high Nessus Plugin ID 135688

Version 1.10