High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2020-6416
High
Low
Medium
High
Critical
8.8
CVSS Score
Vulnerability Description
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
9 configuration(s) from 5 vendor(s)
debian_linux
Version:
10.0
CPE:
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian_linux
Version:
9.0
CPE:
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
fedora
Version:
30
CPE:
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedora
Version:
31
CPE:
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
backports_sle
Version:
15.0
CPE:
cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*
enterprise_linux_server
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*
enterprise_linux_desktop
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*
enterprise_linux_workstation
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*
package_hub
Version:
-
CPE:
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
This vulnerability affects 9 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.htmlchrome-cve-admin@google.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.htmlchrome-cve-admin@google.com Mailing List Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0514chrome-cve-admin@google.com Third Party Advisory
-
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.htmlchrome-cve-admin@google.com Vendor Advisory
-
https://crbug.com/1031895chrome-cve-admin@google.com Exploit Issue Tracking Patch Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/chrome-cve-admin@google.com
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/chrome-cve-admin@google.com
-
https://security.gentoo.org/glsa/202003-08chrome-cve-admin@google.com Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4638chrome-cve-admin@google.com Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0514af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.htmlaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://crbug.com/1031895af854a3a-2127-422b-91ae-364da2661108 Exploit Issue Tracking Patch Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/af854a3a-2127-422b-91ae-364da2661108
-
https://security.gentoo.org/glsa/202003-08af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4638af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
8.8
out of 10.0
High
Weakness Type (CWE)
CWE-20
Top 25 #14
Improper Input Validation
- Description
- The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- February 11, 2020
