Accessibility Options |  Sitemap |  Contact Us
   
 
 
 
HOME space ABOUTCERTIn space KNOWLEDGEBASE space TRAINING space ADVISORIES space VULNOTES space space Facebook space Twitter
WLine
DigitalIndia
WLine
csk
WLine
Full Member FIRST
Line
Full Member APCERT
Line
Global Research Partner APWG
Line
About CERT-in
Line
point point Client's /Citizen's Charter
Line
point point Roles & Functions
Line
point point Advisory Committee
Line
point point Act/Rules/Regulations
Line
point point Press  
Line
point point Recruitment NEW
Line
point point Tender  NEW
Line
point point Download Brochure
Line
point Subscribe Mailing List
Line
point Contact Us
Line
Reporting
point
 Incident Reporting
Line
Vulnerability Reporting
Line
Feedback
Line
KnowledgeBase
Line
Point Guidelines
Line
Point Presentations
Line
Point White Papers 
Line
Point Monthly Security Bulletin 
Line
point Point Annual Report 
Line
Line
Line
line
Line
Advisories
Line
VulnerabilityNotes
Line
RelatedLinks
Line
point Point World CERTs
Line
point Antivirus Resources
line
FAQ
line
Archive
line
line
line
line
line
Line
Line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
spacer
Home - Vulnerability NotesPrint
point
CERT-In Vulnerability Note CIVN-2020-0027
Multiple Vulnerabilities in Google Chrome

Original Issue Date:February 14, 2020

Severity Rating: HIGH

Software Affected

  • Google Chrome versions prior to 80.0.3987.87

Overview

Multiple vulnerabilities have been reported in Google Chrome which could be exploited by a remote attacker to bypass security restrictions, execute arbitrary code, corrupt memory, obtain sensitive information or spoof content on a targeted system.

Description

These vulnerabilities exist in Google Chrome due to integer overflow, type confusion, insufficient policy enforcement, out of bounds memory access, out of bounds memory write, insufficient validation of input, use of uninitialized data, use after free and other logical errors in JavaScript, XML, SQLite, storage, WebRTC,WebAudio,streams, Blink, extensions, Skia, sharing, PDFium, AppCache, CORS, Omnibox, downloads, audio, navigation, Safe Browsing and installer components.

Successful exploitation of these vulnerabilities could allow the attacker bypass security restrictions, execute arbitrary code, corrupt memory, obtain sensitive information or spoof content on the targeted system.

Solution

Upgrade to Google Chrome versions 80.0.3987.87:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html

Vendor Information

Google
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html

References

Debian Security Bug Tracker
https://security-tracker.debian.org/tracker/CVE-2020-6381
https://security-tracker.debian.org/tracker/CVE-2020-6382
https://security-tracker.debian.org/tracker/CVE-2019-18197
https://security-tracker.debian.org/tracker/CVE-2019-19926
https://security-tracker.debian.org/tracker/CVE-2020-6385
https://security-tracker.debian.org/tracker/CVE-2019-19880
https://security-tracker.debian.org/tracker/CVE-2019-19925
https://security-tracker.debian.org/tracker/CVE-2020-6387
https://security-tracker.debian.org/tracker/CVE-2020-6388
https://security-tracker.debian.org/tracker/CVE-2020-6389
https://security-tracker.debian.org/tracker/CVE-2020-6390
https://security-tracker.debian.org/tracker/CVE-2020-6391
https://security-tracker.debian.org/tracker/CVE-2020-6392
https://security-tracker.debian.org/tracker/CVE-2020-6393
https://security-tracker.debian.org/tracker/CVE-2020-6394
https://security-tracker.debian.org/tracker/CVE-2020-6395
https://security-tracker.debian.org/tracker/CVE-2020-6396
https://security-tracker.debian.org/tracker/CVE-2020-6397
https://security-tracker.debian.org/tracker/CVE-2020-6398
https://security-tracker.debian.org/tracker/CVE-2020-6399
https://security-tracker.debian.org/tracker/CVE-2020-6400
https://security-tracker.debian.org/tracker/CVE-2020-6401
https://security-tracker.debian.org/tracker/CVE-2020-6402
https://security-tracker.debian.org/tracker/CVE-2020-6403
https://security-tracker.debian.org/tracker/CVE-2020-6404
https://security-tracker.debian.org/tracker/CVE-2020-6405
https://security-tracker.debian.org/tracker/CVE-2020-6406
https://security-tracker.debian.org/tracker/CVE-2019-19923
https://security-tracker.debian.org/tracker/CVE-2020-6408
https://security-tracker.debian.org/tracker/CVE-2020-6409
https://security-tracker.debian.org/tracker/CVE-2020-6410
https://security-tracker.debian.org/tracker/CVE-2020-6411
https://security-tracker.debian.org/tracker/CVE-2020-6412
https://security-tracker.debian.org/tracker/CVE-2020-6413
https://security-tracker.debian.org/tracker/CVE-2020-6414
https://security-tracker.debian.org/tracker/CVE-2020-6415
https://security-tracker.debian.org/tracker/CVE-2020-6416
https://security-tracker.debian.org/tracker/CVE-2020-6417

Google
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html

CVE Name
CVE-2020-6381
CVE-2020-6382
CVE-2019-18197
CVE-2019-19926
CVE-2020-6385
CVE-2019-19880
CVE-2019-19925
CVE-2020-6387
CVE-2020-6388
CVE-2020-6389
CVE-2020-6390
CVE-2020-6391
CVE-2020-6392
CVE-2020-6393
CVE-2020-6394
CVE-2020-6395
CVE-2020-6396
CVE-2020-6397
CVE-2020-6398
CVE-2020-6399
CVE-2020-6400
CVE-2020-6401
CVE-2020-6402
CVE-2020-6403
CVE-2020-6404
CVE-2020-6405
CVE-2020-6406
CVE-2019-19923
CVE-2020-6408
CVE-2020-6409
CVE-2020-6410
CVE-2020-6411
CVE-2020-6412
CVE-2020-6413
CVE-2020-6414
CVE-2020-6415
CVE-2020-6416
CVE-2020-6417

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India

 
Indian Computer Emergency Response Team - CERT-In, Ministry of Electronics and Information Technology, Government of India.
Website Policies |  Terms of Use |  Help Last Updated On September 23, 2020