CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.2%
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2020-6423 A use-after-free issue was found in the audio implementation.
CVE-2020-6430 Avihay Cohen discovered a type confusion issue in the v8 JavaScript library.
CVE-2020-6431 Luan Herrera discovered a policy enforcement error.
CVE-2020-6432 Luan Herrera discovered a policy enforcement error.
CVE-2020-6433 Luan Herrera discovered a policy enforcement error in extensions.
CVE-2020-6434 HyungSeok Han discovered a use-after-free issue in the developer tools.
CVE-2020-6435 Sergei Glazunov discovered a policy enforcement error in extensions.
CVE-2020-6436 Igor Bukanov discovered a use-after-free issue.
CVE-2020-6437 Jann Horn discovered an implementation error in WebView.
CVE-2020-6438 Ng Yik Phang discovered a policy enforcement error in extensions.
CVE-2020-6439 remkoboonstra discovered a policy enforcement error.
CVE-2020-6440 David Erceg discovered an implementation error in extensions.
CVE-2020-6441 David Erceg discovered a policy enforcement error.
CVE-2020-6442 B@rMey discovered an implementation error in the page cache.
CVE-2020-6443 @lovasoa discovered an implementation error in the developer tools.
CVE-2020-6444 mlfbrown discovered an uninitialized variable in the WebRTC implementation.
CVE-2020-6445 Jun Kokatsu discovered a policy enforcement error.
CVE-2020-6446 Jun Kokatsu discovered a policy enforcement error.
CVE-2020-6447 David Erceg discovered an implementation error in the developer tools.
CVE-2020-6448 Guang Gong discovered a use-after-free issue in the v8 JavaScript library.
CVE-2020-6454 Leecraso and Guang Gong discovered a use-after-free issue in extensions.
CVE-2020-6455 Nan Wang and Guang Gong discovered an out-of-bounds read issue in the WebSQL implementation.
CVE-2020-6456 Michal Bentkowski discovered insufficient validation of untrusted input.
CVE-2020-6457 Leecraso and Guang Gong discovered a use-after-free issue in the speech recognizer.
CVE-2020-6458 Aleksandar Nikolic discoved an out-of-bounds read and write issue in the pdfium library.
CVE-2020-6459 Zhe Jin discovered a use-after-free issue in the payments implementation.
CVE-2020-6460 It was discovered that URL formatting was insufficiently validated.
CVE-2020-6461 Zhe Jin discovered a use-after-free issue.
CVE-2020-6462 Zhe Jin discovered a use-after-free issue in task scheduling.
CVE-2020-6463 Pawel Wylecial discovered a use-after-free issue in the ANGLE library.
CVE-2020-6464 Looben Yang discovered a type confusion issue in Blink/Webkit.
CVE-2020-6465 Woojin Oh discovered a use-after-free issue.
CVE-2020-6466 Zhe Jin discovered a use-after-free issue.
CVE-2020-6467 ZhanJia Song discovered a use-after-free issue in the WebRTC implementation.
CVE-2020-6468 Chris Salls and Jake Corina discovered a type confusion issue in the v8 JavaScript library.
CVE-2020-6469 David Erceg discovered a policy enforcement error in the developer tools.
CVE-2020-6470 Michal Bentkowski discovered insufficient validation of untrusted input.
CVE-2020-6471 David Erceg discovered a policy enforcement error in the developer tools.
CVE-2020-6472 David Erceg discovered a policy enforcement error in the developer tools.
CVE-2020-6473 Soroush Karami and Panagiotis Ilia discovered a policy enforcement error in Blink/Webkit.
CVE-2020-6474 Zhe Jin discovered a use-after-free issue in Blink/Webkit.
CVE-2020-6475 Khalil Zhani discovered a user interface error.
CVE-2020-6476 Alexandre Le Borgne discovered a policy enforcement error.
CVE-2020-6478 Khalil Zhani discovered an implementation error in full screen mode.
CVE-2020-6479 Zhong Zhaochen discovered an implementation error.
CVE-2020-6480 Marvin Witt discovered a policy enforcement error.
CVE-2020-6481 Rayyan Bijoora discovered a policy enforcement error.
CVE-2020-6482 Abdulrahman Alqabandi discovered a policy enforcement error in the developer tools.
CVE-2020-6483 Jun Kokatsu discovered a policy enforcement error in payments.
CVE-2020-6484 Artem Zinenko discovered insufficient validation of user data in the ChromeDriver implementation.
CVE-2020-6485 Sergei Glazunov discovered a policy enforcement error.
CVE-2020-6486 David Erceg discovered a policy enforcement error.
CVE-2020-6487 Jun Kokatsu discovered a policy enforcement error.
CVE-2020-6488 David Erceg discovered a policy enforcement error.
CVE-2020-6489 @lovasoa discovered an implementation error in the developer tools.
CVE-2020-6490 Insufficient validation of untrusted data was discovered.
CVE-2020-6491 Sultan Haikal discovered a user interface error.
CVE-2020-6493 A use-after-free issue was discovered in the WebAuthentication implementation.
CVE-2020-6494 Juho Nurimen discovered a user interface error.
CVE-2020-6495 David Erceg discovered a policy enforcement error in the developer tools.
CVE-2020-6496 Khalil Zhani discovered a use-after-free issue in payments.
CVE-2020-6497 Rayyan Bijoora discovered a policy enforcement issue.
CVE-2020-6498 Rayyan Bijoora discovered a user interface error.
CVE-2020-6505 Khalil Zhani discovered a use-after-free issue.
CVE-2020-6506 Alesandro Ortiz discovered a policy enforcement error.
CVE-2020-6507 Sergei Glazunov discovered an out-of-bounds write issue in the v8 JavaScript library.
CVE-2020-6509 A use-after-free issue was discovered in extensions.
CVE-2020-6831 Natalie Silvanovich discovered a buffer overflow issue in the SCTP library.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-4714. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(138066);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id(
"CVE-2020-6423",
"CVE-2020-6430",
"CVE-2020-6431",
"CVE-2020-6432",
"CVE-2020-6433",
"CVE-2020-6434",
"CVE-2020-6435",
"CVE-2020-6436",
"CVE-2020-6437",
"CVE-2020-6438",
"CVE-2020-6439",
"CVE-2020-6440",
"CVE-2020-6441",
"CVE-2020-6442",
"CVE-2020-6443",
"CVE-2020-6444",
"CVE-2020-6445",
"CVE-2020-6446",
"CVE-2020-6447",
"CVE-2020-6448",
"CVE-2020-6454",
"CVE-2020-6455",
"CVE-2020-6456",
"CVE-2020-6457",
"CVE-2020-6458",
"CVE-2020-6459",
"CVE-2020-6460",
"CVE-2020-6461",
"CVE-2020-6462",
"CVE-2020-6463",
"CVE-2020-6464",
"CVE-2020-6465",
"CVE-2020-6466",
"CVE-2020-6467",
"CVE-2020-6468",
"CVE-2020-6469",
"CVE-2020-6470",
"CVE-2020-6471",
"CVE-2020-6472",
"CVE-2020-6473",
"CVE-2020-6474",
"CVE-2020-6475",
"CVE-2020-6476",
"CVE-2020-6478",
"CVE-2020-6479",
"CVE-2020-6480",
"CVE-2020-6481",
"CVE-2020-6482",
"CVE-2020-6483",
"CVE-2020-6484",
"CVE-2020-6485",
"CVE-2020-6486",
"CVE-2020-6487",
"CVE-2020-6488",
"CVE-2020-6489",
"CVE-2020-6490",
"CVE-2020-6491",
"CVE-2020-6493",
"CVE-2020-6494",
"CVE-2020-6495",
"CVE-2020-6496",
"CVE-2020-6497",
"CVE-2020-6498",
"CVE-2020-6505",
"CVE-2020-6506",
"CVE-2020-6507",
"CVE-2020-6509",
"CVE-2020-6831"
);
script_xref(name:"DSA", value:"4714");
script_name(english:"Debian DSA-4714-1 : chromium - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
script_set_attribute(attribute:"description", value:
"Several vulnerabilities have been discovered in the chromium web
browser.
- CVE-2020-6423
A use-after-free issue was found in the audio
implementation.
- CVE-2020-6430
Avihay Cohen discovered a type confusion issue in the v8
JavaScript library.
- CVE-2020-6431
Luan Herrera discovered a policy enforcement error.
- CVE-2020-6432
Luan Herrera discovered a policy enforcement error.
- CVE-2020-6433
Luan Herrera discovered a policy enforcement error in
extensions.
- CVE-2020-6434
HyungSeok Han discovered a use-after-free issue in the
developer tools.
- CVE-2020-6435
Sergei Glazunov discovered a policy enforcement error in
extensions.
- CVE-2020-6436
Igor Bukanov discovered a use-after-free issue.
- CVE-2020-6437
Jann Horn discovered an implementation error in WebView.
- CVE-2020-6438
Ng Yik Phang discovered a policy enforcement error in
extensions.
- CVE-2020-6439
remkoboonstra discovered a policy enforcement error.
- CVE-2020-6440
David Erceg discovered an implementation error in
extensions.
- CVE-2020-6441
David Erceg discovered a policy enforcement error.
- CVE-2020-6442
B@rMey discovered an implementation error in the page
cache.
- CVE-2020-6443
@lovasoa discovered an implementation error in the
developer tools.
- CVE-2020-6444
mlfbrown discovered an uninitialized variable in the
WebRTC implementation.
- CVE-2020-6445
Jun Kokatsu discovered a policy enforcement error.
- CVE-2020-6446
Jun Kokatsu discovered a policy enforcement error.
- CVE-2020-6447
David Erceg discovered an implementation error in the
developer tools.
- CVE-2020-6448
Guang Gong discovered a use-after-free issue in the v8
JavaScript library.
- CVE-2020-6454
Leecraso and Guang Gong discovered a use-after-free
issue in extensions.
- CVE-2020-6455
Nan Wang and Guang Gong discovered an out-of-bounds read
issue in the WebSQL implementation.
- CVE-2020-6456
Michal Bentkowski discovered insufficient validation of
untrusted input.
- CVE-2020-6457
Leecraso and Guang Gong discovered a use-after-free
issue in the speech recognizer.
- CVE-2020-6458
Aleksandar Nikolic discoved an out-of-bounds read and
write issue in the pdfium library.
- CVE-2020-6459
Zhe Jin discovered a use-after-free issue in the
payments implementation.
- CVE-2020-6460
It was discovered that URL formatting was insufficiently
validated.
- CVE-2020-6461
Zhe Jin discovered a use-after-free issue.
- CVE-2020-6462
Zhe Jin discovered a use-after-free issue in task
scheduling.
- CVE-2020-6463
Pawel Wylecial discovered a use-after-free issue in the
ANGLE library.
- CVE-2020-6464
Looben Yang discovered a type confusion issue in
Blink/Webkit.
- CVE-2020-6465
Woojin Oh discovered a use-after-free issue.
- CVE-2020-6466
Zhe Jin discovered a use-after-free issue.
- CVE-2020-6467
ZhanJia Song discovered a use-after-free issue in the
WebRTC implementation.
- CVE-2020-6468
Chris Salls and Jake Corina discovered a type confusion
issue in the v8 JavaScript library.
- CVE-2020-6469
David Erceg discovered a policy enforcement error in the
developer tools.
- CVE-2020-6470
Michal Bentkowski discovered insufficient validation of
untrusted input.
- CVE-2020-6471
David Erceg discovered a policy enforcement error in the
developer tools.
- CVE-2020-6472
David Erceg discovered a policy enforcement error in the
developer tools.
- CVE-2020-6473
Soroush Karami and Panagiotis Ilia discovered a policy
enforcement error in Blink/Webkit.
- CVE-2020-6474
Zhe Jin discovered a use-after-free issue in
Blink/Webkit.
- CVE-2020-6475
Khalil Zhani discovered a user interface error.
- CVE-2020-6476
Alexandre Le Borgne discovered a policy enforcement
error.
- CVE-2020-6478
Khalil Zhani discovered an implementation error in full
screen mode.
- CVE-2020-6479
Zhong Zhaochen discovered an implementation error.
- CVE-2020-6480
Marvin Witt discovered a policy enforcement error.
- CVE-2020-6481
Rayyan Bijoora discovered a policy enforcement error.
- CVE-2020-6482
Abdulrahman Alqabandi discovered a policy enforcement
error in the developer tools.
- CVE-2020-6483
Jun Kokatsu discovered a policy enforcement error in
payments.
- CVE-2020-6484
Artem Zinenko discovered insufficient validation of user
data in the ChromeDriver implementation.
- CVE-2020-6485
Sergei Glazunov discovered a policy enforcement error.
- CVE-2020-6486
David Erceg discovered a policy enforcement error.
- CVE-2020-6487
Jun Kokatsu discovered a policy enforcement error.
- CVE-2020-6488
David Erceg discovered a policy enforcement error.
- CVE-2020-6489
@lovasoa discovered an implementation error in the
developer tools.
- CVE-2020-6490
Insufficient validation of untrusted data was
discovered.
- CVE-2020-6491
Sultan Haikal discovered a user interface error.
- CVE-2020-6493
A use-after-free issue was discovered in the
WebAuthentication implementation.
- CVE-2020-6494
Juho Nurimen discovered a user interface error.
- CVE-2020-6495
David Erceg discovered a policy enforcement error in the
developer tools.
- CVE-2020-6496
Khalil Zhani discovered a use-after-free issue in
payments.
- CVE-2020-6497
Rayyan Bijoora discovered a policy enforcement issue.
- CVE-2020-6498
Rayyan Bijoora discovered a user interface error.
- CVE-2020-6505
Khalil Zhani discovered a use-after-free issue.
- CVE-2020-6506
Alesandro Ortiz discovered a policy enforcement error.
- CVE-2020-6507
Sergei Glazunov discovered an out-of-bounds write issue
in the v8 JavaScript library.
- CVE-2020-6509
A use-after-free issue was discovered in extensions.
- CVE-2020-6831
Natalie Silvanovich discovered a buffer overflow issue
in the SCTP library.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6423");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6430");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6431");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6432");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6433");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6434");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6435");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6436");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6437");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6438");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6439");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6440");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6441");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6442");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6443");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6444");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6445");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6446");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6447");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6448");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6454");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6455");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6456");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6457");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6458");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6459");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6460");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6461");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6462");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6463");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6464");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6465");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6466");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6467");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6468");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6469");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6470");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6471");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6472");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6473");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6474");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6475");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6476");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6478");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6479");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6480");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6481");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6482");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6483");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6484");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6485");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6486");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6487");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6488");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6489");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6490");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6491");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6493");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6494");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6495");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6496");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6497");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6498");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6505");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6506");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6507");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6509");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6831");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/chromium");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/chromium");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4714");
script_set_attribute(attribute:"solution", value:
"Upgrade the chromium packages.
For the oldstable distribution (stretch), security support for
chromium has been discontinued.
For the stable distribution (buster), these problems have been fixed
in version 83.0.4103.116-1~deb10u1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6831");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/13");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"10.0", prefix:"chromium", reference:"83.0.4103.116-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-common", reference:"83.0.4103.116-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-driver", reference:"83.0.4103.116-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-l10n", reference:"83.0.4103.116-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-sandbox", reference:"83.0.4103.116-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-shell", reference:"83.0.4103.116-1~deb10u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | chromium | p-cpe:/a:debian:debian_linux:chromium |
debian | debian_linux | 10.0 | cpe:/o:debian:debian_linux:10.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6461
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6465
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6466
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6468
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6472
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6474
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6475
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6476
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6482
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6486
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6488
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6489
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6491
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6493
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6494
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6495
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6496
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831
packages.debian.org/source/buster/chromium
security-tracker.debian.org/tracker/CVE-2020-6423
security-tracker.debian.org/tracker/CVE-2020-6430
security-tracker.debian.org/tracker/CVE-2020-6431
security-tracker.debian.org/tracker/CVE-2020-6432
security-tracker.debian.org/tracker/CVE-2020-6433
security-tracker.debian.org/tracker/CVE-2020-6434
security-tracker.debian.org/tracker/CVE-2020-6435
security-tracker.debian.org/tracker/CVE-2020-6436
security-tracker.debian.org/tracker/CVE-2020-6437
security-tracker.debian.org/tracker/CVE-2020-6438
security-tracker.debian.org/tracker/CVE-2020-6439
security-tracker.debian.org/tracker/CVE-2020-6440
security-tracker.debian.org/tracker/CVE-2020-6441
security-tracker.debian.org/tracker/CVE-2020-6442
security-tracker.debian.org/tracker/CVE-2020-6443
security-tracker.debian.org/tracker/CVE-2020-6444
security-tracker.debian.org/tracker/CVE-2020-6445
security-tracker.debian.org/tracker/CVE-2020-6446
security-tracker.debian.org/tracker/CVE-2020-6447
security-tracker.debian.org/tracker/CVE-2020-6448
security-tracker.debian.org/tracker/CVE-2020-6454
security-tracker.debian.org/tracker/CVE-2020-6455
security-tracker.debian.org/tracker/CVE-2020-6456
security-tracker.debian.org/tracker/CVE-2020-6457
security-tracker.debian.org/tracker/CVE-2020-6458
security-tracker.debian.org/tracker/CVE-2020-6459
security-tracker.debian.org/tracker/CVE-2020-6460
security-tracker.debian.org/tracker/CVE-2020-6461
security-tracker.debian.org/tracker/CVE-2020-6462
security-tracker.debian.org/tracker/CVE-2020-6463
security-tracker.debian.org/tracker/CVE-2020-6464
security-tracker.debian.org/tracker/CVE-2020-6465
security-tracker.debian.org/tracker/CVE-2020-6466
security-tracker.debian.org/tracker/CVE-2020-6467
security-tracker.debian.org/tracker/CVE-2020-6468
security-tracker.debian.org/tracker/CVE-2020-6469
security-tracker.debian.org/tracker/CVE-2020-6470
security-tracker.debian.org/tracker/CVE-2020-6471
security-tracker.debian.org/tracker/CVE-2020-6472
security-tracker.debian.org/tracker/CVE-2020-6473
security-tracker.debian.org/tracker/CVE-2020-6474
security-tracker.debian.org/tracker/CVE-2020-6475
security-tracker.debian.org/tracker/CVE-2020-6476
security-tracker.debian.org/tracker/CVE-2020-6478
security-tracker.debian.org/tracker/CVE-2020-6479
security-tracker.debian.org/tracker/CVE-2020-6480
security-tracker.debian.org/tracker/CVE-2020-6481
security-tracker.debian.org/tracker/CVE-2020-6482
security-tracker.debian.org/tracker/CVE-2020-6483
security-tracker.debian.org/tracker/CVE-2020-6484
security-tracker.debian.org/tracker/CVE-2020-6485
security-tracker.debian.org/tracker/CVE-2020-6486
security-tracker.debian.org/tracker/CVE-2020-6487
security-tracker.debian.org/tracker/CVE-2020-6488
security-tracker.debian.org/tracker/CVE-2020-6489
security-tracker.debian.org/tracker/CVE-2020-6490
security-tracker.debian.org/tracker/CVE-2020-6491
security-tracker.debian.org/tracker/CVE-2020-6493
security-tracker.debian.org/tracker/CVE-2020-6494
security-tracker.debian.org/tracker/CVE-2020-6495
security-tracker.debian.org/tracker/CVE-2020-6496
security-tracker.debian.org/tracker/CVE-2020-6497
security-tracker.debian.org/tracker/CVE-2020-6498
security-tracker.debian.org/tracker/CVE-2020-6505
security-tracker.debian.org/tracker/CVE-2020-6506
security-tracker.debian.org/tracker/CVE-2020-6507
security-tracker.debian.org/tracker/CVE-2020-6509
security-tracker.debian.org/tracker/CVE-2020-6831
security-tracker.debian.org/tracker/source-package/chromium
www.debian.org/security/2020/dsa-4714
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.2%