Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6431): chromium -- multiple vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC (CVE-2020-6431): chromium -- multiple vulnerabilities

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
04/07/2020
Created
04/15/2020
Added
04/13/2020
Modified
10/20/2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-6E3B700A-7CA3-11EA-B594-3065EC8FD3EC:

Google Chrome Releases reports:

This updates includes 32 security fixes, including:

[1019161] High CVE-2020-6454: Use after free in extensions.

Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on

2019-10-29

[1043446] High CVE-2020-6423: Use after free in audio.

Reported by Anonymous on 2020-01-18

[1059669] High CVE-2020-6455: Out of bounds read in WebSQL.

Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab,

Qihoo 360 on 2020-03-09

[1031479] Medium CVE-2020-6430: Type Confusion in V8.

Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06

[1040755] Medium CVE-2020-6456: Insufficient validation of

untrusted input in clipboard. Reported by Michał Bentkowski of

Securitum on 2020-01-10

[852645] Medium CVE-2020-6431: Insufficient policy

enforcement in full screen. Reported by Luan Herrera (@lbherrera_)

on 2018-06-14

[965611] Medium CVE-2020-6432: Insufficient policy

enforcement in navigations. Reported by David Erceg on

2019-05-21

[1043965] Medium CVE-2020-6433: Insufficient policy

enforcement in extensions. Reported by David Erceg on

2020-01-21

[1048555] Medium CVE-2020-6434: Use after free in devtools.

Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04

[1032158] Medium CVE-2020-6435: Insufficient policy

enforcement in extensions. Reported by Sergei Glazunov of Google

Project Zero on 2019-12-09

[1034519] Medium CVE-2020-6436: Use after free in window

management. Reported by Igor Bukanov from Vivaldi on 2019-12-16

[639173] Low CVE-2020-6437: Inappropriate implementation in

WebView. Reported by Jann Horn on 2016-08-19

[714617] Low CVE-2020-6438: Insufficient policy enforcement in

extensions. Reported by Ng Yik Phang on 2017-04-24

[868145] Low CVE-2020-6439: Insufficient policy enforcement in

navigations. Reported by remkoboonstra on 2018-07-26

[894477] Low CVE-2020-6440: Inappropriate implementation in

extensions. Reported by David Erceg on 2018-10-11

[959571] Low CVE-2020-6441: Insufficient policy enforcement in

omnibox. Reported by David Erceg on 2019-05-04

[1013906] Low CVE-2020-6442: Inappropriate implementation in

cache. Reported by B@rMey on 2019-10-12

[1040080] Low CVE-2020-6443: Insufficient data validation in

developer tools. Reported by @lovasoa (Ophir LOJKINE) on

2020-01-08

[922882] Low CVE-2020-6444: Uninitialized Use in WebRTC.

Reported by mlfbrown on 2019-01-17

[933171] Low CVE-2020-6445: Insufficient policy enforcement in

trusted types. Reported by Jun Kokatsu, Microsoft Browser

Vulnerability Research on 2019-02-18

[933172] Low CVE-2020-6446: Insufficient policy enforcement in

trusted types. Reported by Jun Kokatsu, Microsoft Browser

Vulnerability Research on 2019-02-18

[991217] Low CVE-2020-6447: Inappropriate implementation in

developer tools. Reported by David Erceg on 2019-08-06

[1037872] Low CVE-2020-6448: Use after free in V8. Reported by

Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26

Solution(s)

  • freebsd-upgrade-package-chromium

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;