High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2020-6449
High
Low
Medium
High
Critical
8.8
CVSS Score
Vulnerability Description
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
8 configuration(s) from 4 vendor(s)
debian_linux
Version:
10.0
CPE:
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian_linux
Version:
9.0
CPE:
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
fedora
Version:
30
CPE:
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedora
Version:
31
CPE:
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fedora
Version:
32
CPE:
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
backports_sle
Version:
15.0
CPE:
cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*
suse_linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
suse_linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*
This vulnerability affects 8 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.htmlchrome-cve-admin@google.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.htmlchrome-cve-admin@google.com Mailing List Third Party Advisory
-
http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.htmlchrome-cve-admin@google.com
-
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.htmlchrome-cve-admin@google.com Vendor Advisory
-
https://crbug.com/1059686chrome-cve-admin@google.com Exploit Issue Tracking Patch Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/chrome-cve-admin@google.com
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/chrome-cve-admin@google.com
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/chrome-cve-admin@google.com
-
https://security.gentoo.org/glsa/202003-53chrome-cve-admin@google.com Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4645chrome-cve-admin@google.com Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.htmlaf854a3a-2127-422b-91ae-364da2661108
-
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.htmlaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://crbug.com/1059686af854a3a-2127-422b-91ae-364da2661108 Exploit Issue Tracking Patch Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/af854a3a-2127-422b-91ae-364da2661108
-
https://security.gentoo.org/glsa/202003-53af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4645af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
8.8
out of 10.0
High
Weakness Type (CWE)
CWE-416
Top 25 #12
Use After Free
- Description
- The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations…
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Variant
Key Information
- Published Date
- March 23, 2020
