FreeBSD: VID-BED5D41A-F2B4-11EA-A878-E09467587C17 (CVE-2020-6576): chromium -- multiple vulnerabilities
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-BED5D41A-F2B4-11EA-A878-E09467587C17:
Chrome Releases reports:
This release contains 5 security fixes:
[1116304] High CVE-2020-6573: Use after free in video. Reported
by Leecraso and Guang Gong of 360 Alpha Lab working with 360
BugCloud on 2020-08-14
[1102196] High CVE-2020-6574: Insufficient policy
enforcement in installer. Reported by CodeColorist of
Ant-Financial LightYear Labs on 2020-07-05
[1081874] High CVE-2020-6575: Race in Mojo. Reported by
Microsoft on 2020-05-12
[1111737] High CVE-2020-6576: Use after free in offscreen
canvas. Reported by Looben Yang on 2020-07-31
[1122684] High CVE-2020-15959: Insufficient policy enforcement
in networking. Reported by Eric Lawrence of Microsoft on
2020-08-27
Solution(s)
- freebsd-upgrade-package-chromium
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center