6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.013 Low
EPSS
Percentile
85.6%
Severity: High
Date : 2020-05-20
CVE-ID : CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468
CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472
CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476
CVE-2020-6477 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480
CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484
CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488
CVE-2020-6489 CVE-2020-6490 CVE-2020-6491
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1167
The package chromium before version 83.0.4103.61-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution, content spoofing and insufficient validation.
Upgrade to 83.0.4103.61-1.
The problems have been fixed upstream in version 83.0.4103.61.
None.
A use-after-free security issue has been found in the reader mode of
the chromium browser before 83.0.4103.61
A use-after-free security issue has been found in the media component
of the chromium browser before 83.0.4103.61.
A use-after-free security issue has been found in the WebRTC component
of the chromium browser before 83.0.4103.61
A type confusion security issue has been found in the V8 component of
the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
developer tools component of the chromium browser before 83.0.4103.61.
An insufficient validation of untrusted input security issue has been
found in the clipboard component of the chromium browser before
83.0.4103.61
An insufficient policy enforcement security issue has been found in the
developer tools component of the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
developer tools component of the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
Blink component of the chromium browser before 83.0.4103.61.
A use-after-free security issue has been found in the Blink component
of the chromium browser before 83.0.4103.61.
An incorrect security UI security issue has been found in the full
screen component of the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
tab strip component of the chromium browser before 83.0.4103.61.
An inappropriate implementation security issue has been found in the
installer component of the chromium browser before 83.0.4103.61.
An inappropriate implementation security issue has been found in the
full screen component of the chromium browser before 83.0.4103.61.
An inappropriate implementation security issue has been found in the
sharing component of the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
enterprise component of the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
URL formatting component of the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
developer tools component of the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
payments component of the chromium browser before 83.0.4103.61.
An insufficient data validation security issue has been found in the
ChromeDriver component of the chromium browser before 83.0.4103.61.
An insufficient data validation security issue has been found in the
media router component of the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
navigations component of the chromium browser before 83.0.4103.61.
A insufficient policy enforcement security issue has been found in the
downloads component of the chromium browser before 83.0.4103.61.
An insufficient policy enforcement security issue has been found in the
downloads component of the chromium browser before 83.0.4103.61.
An inappropriate implementation security issue has been found in the
developer tools component of the chromium browser before 83.0.4103.61.
An insufficient data validation security issue has been found in the
loader component of the chromium browser before 83.0.4103.61.
A incorrect security UI security issue has been found in the site
information component of the chromium browser before 83.0.4103.61.
A remote attacker might be able to spoof content, bypass security
restrictions or validations checks, or execute arbitrary code on the
affected host.
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html
https://crbug.com/1073015
https://crbug.com/1074706
https://crbug.com/1068084
https://crbug.com/1076708
https://crbug.com/1067382
https://crbug.com/1065761
https://crbug.com/1059577
https://crbug.com/1064519
https://crbug.com/1049510
https://crbug.com/1059533
https://crbug.com/1020026
https://crbug.com/1035315
https://crbug.com/946156
https://crbug.com/1037730
https://crbug.com/1041749
https://crbug.com/1054966
https://crbug.com/1068531
https://crbug.com/795595
https://crbug.com/966507
https://crbug.com/1045787
https://crbug.com/1047285
https://crbug.com/1055524
https://crbug.com/539938
https://crbug.com/1044277
https://crbug.com/1050756
https://crbug.com/1035887
https://crbug.com/1050011
https://security.archlinux.org/CVE-2020-6465
https://security.archlinux.org/CVE-2020-6466
https://security.archlinux.org/CVE-2020-6467
https://security.archlinux.org/CVE-2020-6468
https://security.archlinux.org/CVE-2020-6469
https://security.archlinux.org/CVE-2020-6470
https://security.archlinux.org/CVE-2020-6471
https://security.archlinux.org/CVE-2020-6472
https://security.archlinux.org/CVE-2020-6473
https://security.archlinux.org/CVE-2020-6474
https://security.archlinux.org/CVE-2020-6475
https://security.archlinux.org/CVE-2020-6476
https://security.archlinux.org/CVE-2020-6477
https://security.archlinux.org/CVE-2020-6478
https://security.archlinux.org/CVE-2020-6479
https://security.archlinux.org/CVE-2020-6480
https://security.archlinux.org/CVE-2020-6481
https://security.archlinux.org/CVE-2020-6482
https://security.archlinux.org/CVE-2020-6483
https://security.archlinux.org/CVE-2020-6484
https://security.archlinux.org/CVE-2020-6485
https://security.archlinux.org/CVE-2020-6486
https://security.archlinux.org/CVE-2020-6487
https://security.archlinux.org/CVE-2020-6488
https://security.archlinux.org/CVE-2020-6489
https://security.archlinux.org/CVE-2020-6490
https://security.archlinux.org/CVE-2020-6491
chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html
crbug.com/1020026
crbug.com/1035315
crbug.com/1035887
crbug.com/1037730
crbug.com/1041749
crbug.com/1044277
crbug.com/1045787
crbug.com/1047285
crbug.com/1049510
crbug.com/1050011
crbug.com/1050756
crbug.com/1054966
crbug.com/1055524
crbug.com/1059533
crbug.com/1059577
crbug.com/1064519
crbug.com/1065761
crbug.com/1067382
crbug.com/1068084
crbug.com/1068531
crbug.com/1073015
crbug.com/1074706
crbug.com/1076708
crbug.com/539938
crbug.com/795595
crbug.com/946156
crbug.com/966507
security.archlinux.org/AVG-1167
security.archlinux.org/CVE-2020-6465
security.archlinux.org/CVE-2020-6466
security.archlinux.org/CVE-2020-6467
security.archlinux.org/CVE-2020-6468
security.archlinux.org/CVE-2020-6469
security.archlinux.org/CVE-2020-6470
security.archlinux.org/CVE-2020-6471
security.archlinux.org/CVE-2020-6472
security.archlinux.org/CVE-2020-6473
security.archlinux.org/CVE-2020-6474
security.archlinux.org/CVE-2020-6475
security.archlinux.org/CVE-2020-6476
security.archlinux.org/CVE-2020-6477
security.archlinux.org/CVE-2020-6478
security.archlinux.org/CVE-2020-6479
security.archlinux.org/CVE-2020-6480
security.archlinux.org/CVE-2020-6481
security.archlinux.org/CVE-2020-6482
security.archlinux.org/CVE-2020-6483
security.archlinux.org/CVE-2020-6484
security.archlinux.org/CVE-2020-6485
security.archlinux.org/CVE-2020-6486
security.archlinux.org/CVE-2020-6487
security.archlinux.org/CVE-2020-6488
security.archlinux.org/CVE-2020-6489
security.archlinux.org/CVE-2020-6490
security.archlinux.org/CVE-2020-6491
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.013 Low
EPSS
Percentile
85.6%