CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
62.2%
Severity: High
Date : 2020-11-17
CVE-ID : CVE-2020-16012 CVE-2020-16014 CVE-2020-16015 CVE-2020-16018
CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022
CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026
CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030
CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
CVE-2020-16035 CVE-2020-16036
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1277
The package chromium before version 87.0.4280.66-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution, insufficient validation, content spoofing and information
disclosure.
Upgrade to 87.0.4280.66-1.
The problems have been fixed upstream in version 87.0.4280.66.
None.
An information disclosure issue has been found in Firefox before 83.0
and chromium before 87.0.4280.66. When drawing a transparent image on
top of an unknown cross-origin image, the Skia library drawImage
function took a variable amount of time depending on the content of the
underlying image. This resulted in potential cross-origin information
exposure of image content through timing side-channel attacks.
A use after free security issue has been found in the PPAPI component
of the chromium browser before 87.0.4280.66.
An insufficient data validation security issue has been found in the
WASM component of the chromium browser before 87.0.4280.66.
A use after free security issue has been found in the payments
component of the chromium browser before 87.0.4280.66.
An inappropriate implementation security issue has been found in the
filesystem component of the chromium browser before 87.0.4280.66.
An inappropriate implementation security issue has been found in the
cryptohome component of the chromium browser before 87.0.4280.66.
A race condition has been found in the ImageBurner component of the
chromium browser before 87.0.4280.66, leading to possible memory
corruption.
An insufficient policy enforcement security issue has been found in the
networking component of the chromium browser before 87.0.4280.66.
A use after free security issue has been found in the WebCodecs
component of the chromium browser before 87.0.4280.66.
A heap-based buffer overflow has been found in the UI component of the
chromium browser before 87.0.4280.66.
A heap-based buffer overflow has been found in the clipboard component
of the chromium browser before 87.0.4280.66.
A use after free security issue has been found in the WebRTC component
of the chromium browser before 87.0.4280.66.
An insufficient policy enforcement security issue has been found in the
developer tools component of the chromium browser before 87.0.4280.66.
A heap-based buffer overflow has been found in the WebRTC component of
the chromium browser before 87.0.4280.66.
An inappropriate implementation security issue has been found in the
PDFium component of the chromium browser before 87.0.4280.66.
An insufficient data validation security issue has been found in the
Blink component of the chromium browser before 87.0.4280.66.
An incorrect security UI issue has been found in the tab preview
component of the chromium browser before 87.0.4280.66.
An incorrect security UI issue has been found in the sharing component
of the chromium browser before 87.0.4280.66.
A incorrect security UI issue has been found in the WebUSB component of
the chromium browser before 87.0.4280.66.
An inappropriate implementation security issue has been found in the
WebRTC component of the chromium browser before 87.0.4280.66.
An insufficient data validation security issue has been found in the
cros-disks component of the chromium browser before 87.0.4280.66.
An inappropriate implementation security issue has been found in the
cookies component of the chromium browser before 87.0.4280.66.
A remote attacker might be able to trick a user into wrongly assessing
the security of a website, WebUSB connection or a tab preview via UI
spoofing. Further, a remote attacker may be able to bypass security
restrictions, access sensitive information and execute arbitrary code
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012
https://bugzilla.mozilla.org/show_bug.cgi?id=1642028
https://crbug.com/1146675
https://crbug.com/1146673
https://crbug.com/1136078
https://crbug.com/1139408
https://crbug.com/1139411
https://crbug.com/1139414
https://crbug.com/1145680
https://crbug.com/1146761
https://crbug.com/1147430
https://crbug.com/1147431
https://crbug.com/1139153
https://crbug.com/1116444
https://crbug.com/1138446
https://crbug.com/1134338
https://crbug.com/1141350
https://crbug.com/1133183
https://crbug.com/1136714
https://crbug.com/1143057
https://crbug.com/1137362
https://crbug.com/1139409
https://crbug.com/830808
https://security.archlinux.org/CVE-2020-16012
https://security.archlinux.org/CVE-2020-16014
https://security.archlinux.org/CVE-2020-16015
https://security.archlinux.org/CVE-2020-16018
https://security.archlinux.org/CVE-2020-16019
https://security.archlinux.org/CVE-2020-16020
https://security.archlinux.org/CVE-2020-16021
https://security.archlinux.org/CVE-2020-16022
https://security.archlinux.org/CVE-2020-16023
https://security.archlinux.org/CVE-2020-16024
https://security.archlinux.org/CVE-2020-16025
https://security.archlinux.org/CVE-2020-16026
https://security.archlinux.org/CVE-2020-16027
https://security.archlinux.org/CVE-2020-16028
https://security.archlinux.org/CVE-2020-16029
https://security.archlinux.org/CVE-2020-16030
https://security.archlinux.org/CVE-2020-16031
https://security.archlinux.org/CVE-2020-16032
https://security.archlinux.org/CVE-2020-16033
https://security.archlinux.org/CVE-2020-16034
https://security.archlinux.org/CVE-2020-16035
https://security.archlinux.org/CVE-2020-16036
bugzilla.mozilla.org/show_bug.cgi?id=1642028
chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
crbug.com/1116444
crbug.com/1133183
crbug.com/1134338
crbug.com/1136078
crbug.com/1136714
crbug.com/1137362
crbug.com/1138446
crbug.com/1139153
crbug.com/1139408
crbug.com/1139409
crbug.com/1139411
crbug.com/1139414
crbug.com/1141350
crbug.com/1143057
crbug.com/1145680
crbug.com/1146673
crbug.com/1146675
crbug.com/1146761
crbug.com/1147430
crbug.com/1147431
crbug.com/830808
security.archlinux.org/AVG-1277
security.archlinux.org/CVE-2020-16012
security.archlinux.org/CVE-2020-16014
security.archlinux.org/CVE-2020-16015
security.archlinux.org/CVE-2020-16018
security.archlinux.org/CVE-2020-16019
security.archlinux.org/CVE-2020-16020
security.archlinux.org/CVE-2020-16021
security.archlinux.org/CVE-2020-16022
security.archlinux.org/CVE-2020-16023
security.archlinux.org/CVE-2020-16024
security.archlinux.org/CVE-2020-16025
security.archlinux.org/CVE-2020-16026
security.archlinux.org/CVE-2020-16027
security.archlinux.org/CVE-2020-16028
security.archlinux.org/CVE-2020-16029
security.archlinux.org/CVE-2020-16030
security.archlinux.org/CVE-2020-16031
security.archlinux.org/CVE-2020-16032
security.archlinux.org/CVE-2020-16033
security.archlinux.org/CVE-2020-16034
security.archlinux.org/CVE-2020-16035
security.archlinux.org/CVE-2020-16036
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
62.2%