Detections
Analytics
Fedora 33 : chromium (2020-4e8e48da22)
high Nessus Plugin ID 142955
Language:
Synopsis
The remote Fedora host is missing a security update.Description
Update to 86.0.4240.183.Fixes the following security issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009
Also disables the very verbose output going to stdout.
----
Update to Chromium 86. A few big things here :
1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium :
chrome://flags/#enable-accelerated-video-decode
Be sure it is turned on. Note that not all GPUs are supported.
2. All the security fixes you expect with a major release:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003
3. Without bats acting as pollinators, agave and cacao plants would struggle. That means that bats are responsible for tequila and chocolate.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected chromium package.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e8e48da22
Plugin Details
Severity: High
ID: 142955
File Name: fedora_2020-4e8e48da22.nasl
Version: 1.8
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 11/17/2020
Updated: 12/6/2022
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2020-16009
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:chromium, cpe:/o:fedoraproject:fedora:33
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/14/2020
Vulnerability Publication Date: 11/3/2020
CISA Known Exploited Vulnerability Due Dates: 5/3/2022
Reference Information
CVE: CVE-2020-15967, CVE-2020-15968, CVE-2020-15969, CVE-2020-15970, CVE-2020-15971, CVE-2020-15972, CVE-2020-15973, CVE-2020-15974, CVE-2020-15975, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15980, CVE-2020-15981, CVE-2020-15982, CVE-2020-15983, CVE-2020-15984, CVE-2020-15985, CVE-2020-15986, CVE-2020-15987, CVE-2020-15988, CVE-2020-15989, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992, CVE-2020-16000, CVE-2020-16001, CVE-2020-16002, CVE-2020-16003, CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16008, CVE-2020-16009, CVE-2020-6557
FEDORA: 2020-4e8e48da22