CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
81.6%
Severity: High
Date : 2020-09-23
CVE-ID : CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963
CVE-2020-15964 CVE-2020-15965 CVE-2020-15966
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1234
The package chromium before version 85.0.4183.121-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution, information disclosure and insufficient validation.
Upgrade to 85.0.4183.121-1.
The problems have been fixed upstream in version 85.0.4183.121.
None.
An out of bounds read security issue has been found in the storage
component of the chromium browser before 85.0.4183.121.
An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 85.0.4183.121
An insufficient policy enforcement security issue has been found in the
serial component of the chromium browser before 85.0.4183.121.
An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 85.0.4183.121.
An out of bounds write security issue has been found in the V8
component of the chromium browser before 85.0.4183.121.
An insufficient policy enforcement security issue has been found in the
extensions component of the chromium browser before 85.0.4183.121.
An insufficient data validation security issue has been found in the
media component of the chromium browser before 85.0.4183.121.
A remote attacker might be able to bypass security restrictions, access
sensitive information or execute arbitrary code on the affected host.
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
https://crbug.com/1100136
https://crbug.com/1114636
https://crbug.com/1121836
https://crbug.com/1113558
https://crbug.com/1126249
https://crbug.com/1113565
https://crbug.com/1121414
https://security.archlinux.org/CVE-2020-15960
https://security.archlinux.org/CVE-2020-15961
https://security.archlinux.org/CVE-2020-15962
https://security.archlinux.org/CVE-2020-15963
https://security.archlinux.org/CVE-2020-15964
https://security.archlinux.org/CVE-2020-15965
https://security.archlinux.org/CVE-2020-15966
chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
crbug.com/1100136
crbug.com/1113558
crbug.com/1113565
crbug.com/1114636
crbug.com/1121414
crbug.com/1121836
crbug.com/1126249
security.archlinux.org/AVG-1234
security.archlinux.org/CVE-2020-15960
security.archlinux.org/CVE-2020-15961
security.archlinux.org/CVE-2020-15962
security.archlinux.org/CVE-2020-15963
security.archlinux.org/CVE-2020-15964
security.archlinux.org/CVE-2020-15965
security.archlinux.org/CVE-2020-15966
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
81.6%