Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
chromeHttps://chromereleases.googleblog.comGCSA-2509954079155194578
HistoryOct 13, 2020 - 12:00 a.m.

Chrome for Android Update

2020-10-1300:00:00
https://chromereleases.googleblog.com
chromereleases.googleblog.com
26
chrome
android
update
security fixes
stability
performance
google play
git log
bug
chromium
bug restriction
bug detail
bug security
cve
printing
sqlite
v8
out of bounds write
mojo
usb
addresssanitizer
memorysanitizer
undefinedbehaviorsanitizer
control flow integrity
libfuzzer
afl

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.039

Percentile

92.1%

JSON

Hi, everyone! We’ve just released Chrome 86 (86.0.4240.99) for Android: it’ll become available on Google Play over the next few weeks.

This release includes Security, stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.

This update includes 8 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$5000][1133983] High CVE-2020-15993: Use after free in printing. Reported by Khalil Zhani on 2020-10-01

[$500][1117367] High CVE-2020-13871, CVE-2020-15358: Use after free in SQLite. Reported by Richard Lorenz, SAP on 2020-08-18

[$N/A][1117258] High CVE-2020-15994: Use after free in V8. Reported by Johnathan Norman Microsoft Browser Vulnerability Research on 2020-08-17

[$TBD][1132111] High CVE-2020-15995: Out of bounds write in V8. Reported by Anonymous on 2020-09-24

[$TBD][1133635] High CVE-2020-15996: Use after free in passwords. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2020-09-30

[$N/A][1133668] High CVE-2020-15997: Use after free in Mojo. Reported by Piotr Tworek on 2020-09-30

[$TBD][1135857] High CVE-2020-15998: Use after free in USB. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-07

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [1137972] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Krishna Govind
Google Chrome

Affected configurations

Vulners
Node
googlechromeRange<86.0.4240.99
VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Related

openvas 22
nessus 44
debiancve 8
cve 8
prion 8
cvelist 8
nvd 8
osv 10
sqlite 2
redhatcve 2
veracode 3
archlinux 3
ubuntucve 2
ibm 7
fedora 3
photon 8
ubuntu 1
cbl_mariner 1
alpinelinux 1
threatpost 3
oraclelinux 1
rocky 1
redhat 12
almalinux 1
mageia 1
apple 10
gentoo 2
kaspersky 3
freebsd 1
chrome 1
debian 3
suse 8
rosalinux 1
ics 1
tenable 1
openvas
openvas
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2021-1626)
2021-03-12 00:00:00
Fedora: Security Advisory for sqlite (FEDORA-2020-d0f892b069)
2020-08-20 00:00:00
Ubuntu: Security Advisory (USN-4438-1)
2020-07-28 00:00:00
nessus
nessus
EulerOS Virtualization 2.9.1 : sqlite (EulerOS-SA-2021-1626)
2021-03-10 00:00:00
Fedora 32 : sqlite (2020-d0f892b069)
2020-08-20 00:00:00
Ubuntu 20.04 LTS : SQLite vulnerability (USN-4438-1)
2020-07-28 00:00:00
debiancve
debiancve
CVE-2020-13871
2020-06-06 16:15:10
CVE-2020-15998
2020-11-03 03:15:14
CVE-2020-15997
2020-11-03 03:15:14
cve
cve
CVE-2020-15998
2020-11-03 03:15:14
CVE-2020-15997
2020-11-03 03:15:14
CVE-2020-15994
2020-11-03 03:15:14
prion
prion
Double free
2020-11-03 03:15:00
Double free
2020-11-03 03:15:00
Design/Logic Flaw
2020-11-03 03:15:00
cvelist
cvelist
CVE-2020-15993
2020-11-03 02:21:39
CVE-2020-15997
2020-11-03 02:21:41
CVE-2020-15998
2020-11-03 02:21:42
nvd
nvd
CVE-2020-15993
2020-11-03 03:15:14
CVE-2020-15998
2020-11-03 03:15:14
CVE-2020-15997
2020-11-03 03:15:14
osv
osv
Malicious SQL statement causes a read-only use-after-free memory error.
2021-11-01 00:00:00
BIT-sqlite-2020-13871
2024-03-06 11:07:31
CVE-2020-15358
2020-06-27 12:15:11
sqlite
sqlite
SQLite report about CVE-2020-13871
2020-01-01 00:00:00
SQLite report about CVE-2020-15358
2020-01-01 00:00:00
redhatcve
redhatcve
CVE-2020-13871
2020-06-09 14:55:56
CVE-2020-15358
2020-06-29 14:20:54
veracode
veracode
Use-After-Free
2020-12-06 04:19:53
Arbitrary Code Execution
2021-01-11 22:47:17
Denial Of Service (DoS)
2021-05-20 15:25:52
archlinux
archlinux
[ASA-202006-11] sqlite: arbitrary code execution
2020-06-28 00:00:00
[ASA-202101-6] chromium: multiple issues
2021-01-08 00:00:00
[ASA-202101-20] vivaldi: multiple issues
2021-01-12 00:00:00
ubuntucve
ubuntucve
CVE-2020-13871
2020-06-06 00:00:00
CVE-2020-15358
2020-06-27 00:00:00
ibm
ibm
Security Bulletin: WML CE: SQLite through 3.32.2 has has a use-after-free problem.
2020-07-17 23:00:57
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-15358)
2020-09-22 02:34:28
Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-15358)
2021-01-13 18:05:54
fedora
fedora
[SECURITY] Fedora 32 Update: sqlite-3.33.0-1.fc32
2020-08-20 01:13:16
[SECURITY] Fedora 33 Update: chromium-87.0.4280.141-1.fc33
2021-01-17 01:51:52
[SECURITY] Fedora 32 Update: chromium-87.0.4280.141-1.fc32
2021-01-23 01:30:25
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0261
2020-07-10 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0113
2020-07-15 00:00:00
Moderate Photon OS Security Update - PHSA-2020-3.0-0113
2020-07-15 00:00:00
ubuntu
ubuntu
SQLite vulnerability
2020-07-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-15358 affecting package mysql 8.0.22-2
2021-08-25 19:57:27
alpinelinux
alpinelinux
CVE-2020-15358
2020-06-27 12:15:11
threatpost
threatpost
Google Chrome Zero-Day Afflicts Windows, Mac Users
2021-02-05 15:47:55
Google Patches Actively Exploited Flaw in Chrome Browser
2021-03-03 21:17:14
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
2021-01-08 06:00:28
oraclelinux
oraclelinux
sqlite security update
2021-05-25 00:00:00
rocky
rocky
sqlite security update
2021-05-18 05:34:24
redhat
redhat
(RHSA-2021:1581) Moderate: sqlite security update
2021-05-18 05:34:24
(RHSA-2021:2705) Moderate: Release of OpenShift Serverless 1.16.0
2021-07-13 16:31:04
(RHSA-2021:2130) Moderate: Windows Container Support for Red Hat OpenShift 2.0.1 security and bug fix update
2021-06-23 05:30:08
almalinux
almalinux
Moderate: sqlite security update
2021-05-18 05:34:24
mageia
mageia
Updated sqlite3 packages fix security vulnerabilities
2021-07-01 02:58:41
apple
apple
About the security content of iCloud for Windows 7.21 - Apple Support
2020-11-12 10:19:34
About the security content of iCloud for Windows 7.21
2020-09-24 00:00:00
About the security content of tvOS 14.0 - Apple Support
2020-12-15 05:52:05
gentoo
gentoo
SQLite: Multiple vulnerabilities
2020-07-27 00:00:00
Chromium, Google Chrome: Multiple vulnerabilities
2021-01-10 00:00:00
kaspersky
kaspersky
KLA12006 Multiple vulnerabilities in Apple iCloud
2020-11-12 00:00:00
KLA12046 Multiple vulnerabilities in Opera
2021-01-14 00:00:00
KLA12035 Multiple vulnerabilities in Google Chrome
2021-01-06 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-01-06 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-01-06 00:00:00
debian
debian
[SECURITY] [DSA 4832-1] chromium security update
2021-01-16 14:06:35
[SECURITY] [DLA 2340-1] sqlite3 security update
2020-08-22 22:34:41
[SECURITY] [DSA 4832-1] chromium security update
2021-01-16 14:06:35
suse
suse
Security update for opera (moderate)
2021-01-22 00:00:00
Security update for chromium (important)
2021-01-10 00:00:00
Security update for chromium (important)
2021-01-11 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1975
2021-07-02 18:09:04
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.039

Percentile

92.1%

JSON
Related for GCSA-2509954079155194578
openvas22nessus44debiancve8cve8prion8cvelist8nvd8osv10sqlite2redhatcve2veracode3archlinux3ubuntucve2ibm7fedora3photon8ubuntu1cbl_mariner1alpinelinux1threatpost3oraclelinux1rocky1redhat12almalinux1mageia1apple10gentoo2kaspersky3freebsd1chrome1debian3suse8rosalinux1ics1tenable1