CentOS 6 : chromium-browser (RHSA-2020:3740)

critical Nessus Plugin ID 208576

Synopsis

The remote CentOS Linux host is missing one or more security updates.

Description

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3740 advisory.

- Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. (CVE-2020-15959)

- Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
(CVE-2020-6573)

- Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. (CVE-2020-6574)

- Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2020-6575)

- Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-6576)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromium-browser package.

See Also

https://access.redhat.com/errata/RHSA-2020:3740

Plugin Details

Severity: Critical

ID: 208576

File Name: centos_RHSA-2020-3740.nasl

Version: 1.1

Type: local

Agent: unix

Published: 10/9/2024

Updated: 10/9/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-6576

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-6573

Vulnerability Information

CPE: p-cpe:/a:centos:centos:chromium-browser, cpe:/o:centos:centos:6

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 9/14/2020

Vulnerability Publication Date: 9/8/2020

Reference Information

CVE: CVE-2020-15959, CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576

RHSA: 2020:3740