Kaspersky LabKLA11941KLA11941 Multiple vulnerabilities in Google Chrome
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.9%
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, gain privileges, spoof user interface, obtain sensitive information.
Below is a complete list of vulnerabilities:
- Implementation vulnerability in Content Security Policy can be exploited to bypass security restrictions.
- Use after free vulnerability in presentation API can be exploited to execute arbitrary code or cause denial of service.
- Policy enforcement in media component can be exploited to bypass security restrictions and gain privileges.
- Policy enforcement vulnerability in iOS can be exploited to bypass security restrictions.
- Policy enforcement vulnerability in Blink can be exploited to bypass security restrictions and gain privileges.
- Policy enforcement vulnerability in autofill component can be exploited to bypass security restrictions and gain privileges.
- Security UI vulnerability in Omnibox can be exploited to spoof user interface.
- Security UI vulnerability in permissions can be exploited to spoof user interface.
- Policy enforcement vulnerability in intent handling component can be exploited to bypass security restrictions and gain privileges.
- Side-channel information leakage vulnerability in WebRTC can be exploited to obtain sensitive information.
- Integer overflow vulnerability in WebUSB can be exploited to cause denial of service.
- Validation of untrusted input vulnerability in command line handling can be exploited to bypass security restrictions.
Original advisories
Stable Channel Update for Desktop
Related products
CVE list
CVE-2020-6561 high
CVE-2020-6559 critical
CVE-2020-6566 high
CVE-2020-6558 high
CVE-2020-6562 high
CVE-2020-6560 high
CVE-2020-6565 high
CVE-2020-6564 high
CVE-2020-6563 high
CVE-2020-6570 warning
CVE-2020-6571 warning
CVE-2020-6569 high
CVE-2020-6568 high
CVE-2020-6567 high
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Google Chrome earlier than 85.0.4183.83
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.9%