CERT-In Vulnerability Note
CIVN-2020-0027
Multiple Vulnerabilities in Google Chrome
Original Issue Date:February 14, 2020
Severity Rating: HIGH
Software Affected
- Google Chrome versions prior to 80.0.3987.87
Overview
Multiple vulnerabilities have been reported in Google Chrome which could be exploited by a remote attacker to bypass security restrictions, execute arbitrary code, corrupt memory, obtain sensitive information or spoof content on a targeted system.
Description
These vulnerabilities exist in Google Chrome due to integer overflow, type confusion, insufficient policy enforcement, out of bounds memory access, out of bounds memory write, insufficient validation of input, use of uninitialized data, use after free and other logical errors in JavaScript, XML, SQLite, storage, WebRTC,WebAudio,streams, Blink, extensions, Skia, sharing, PDFium, AppCache, CORS, Omnibox, downloads, audio, navigation, Safe Browsing and installer components.
Successful exploitation of these vulnerabilities could allow the attacker bypass security restrictions, execute arbitrary code, corrupt memory, obtain sensitive information or spoof content on the targeted system.
Solution
Upgrade to Google Chrome versions 80.0.3987.87:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
Vendor Information
Google
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
References
Debian Security Bug Tracker
https://security-tracker.debian.org/tracker/CVE-2020-6381
https://security-tracker.debian.org/tracker/CVE-2020-6382
https://security-tracker.debian.org/tracker/CVE-2019-18197
https://security-tracker.debian.org/tracker/CVE-2019-19926
https://security-tracker.debian.org/tracker/CVE-2020-6385
https://security-tracker.debian.org/tracker/CVE-2019-19880
https://security-tracker.debian.org/tracker/CVE-2019-19925
https://security-tracker.debian.org/tracker/CVE-2020-6387
https://security-tracker.debian.org/tracker/CVE-2020-6388
https://security-tracker.debian.org/tracker/CVE-2020-6389
https://security-tracker.debian.org/tracker/CVE-2020-6390
https://security-tracker.debian.org/tracker/CVE-2020-6391
https://security-tracker.debian.org/tracker/CVE-2020-6392
https://security-tracker.debian.org/tracker/CVE-2020-6393
https://security-tracker.debian.org/tracker/CVE-2020-6394
https://security-tracker.debian.org/tracker/CVE-2020-6395
https://security-tracker.debian.org/tracker/CVE-2020-6396
https://security-tracker.debian.org/tracker/CVE-2020-6397
https://security-tracker.debian.org/tracker/CVE-2020-6398
https://security-tracker.debian.org/tracker/CVE-2020-6399
https://security-tracker.debian.org/tracker/CVE-2020-6400
https://security-tracker.debian.org/tracker/CVE-2020-6401
https://security-tracker.debian.org/tracker/CVE-2020-6402
https://security-tracker.debian.org/tracker/CVE-2020-6403
https://security-tracker.debian.org/tracker/CVE-2020-6404
https://security-tracker.debian.org/tracker/CVE-2020-6405
https://security-tracker.debian.org/tracker/CVE-2020-6406
https://security-tracker.debian.org/tracker/CVE-2019-19923
https://security-tracker.debian.org/tracker/CVE-2020-6408
https://security-tracker.debian.org/tracker/CVE-2020-6409
https://security-tracker.debian.org/tracker/CVE-2020-6410
https://security-tracker.debian.org/tracker/CVE-2020-6411
https://security-tracker.debian.org/tracker/CVE-2020-6412
https://security-tracker.debian.org/tracker/CVE-2020-6413
https://security-tracker.debian.org/tracker/CVE-2020-6414
https://security-tracker.debian.org/tracker/CVE-2020-6415
https://security-tracker.debian.org/tracker/CVE-2020-6416
https://security-tracker.debian.org/tracker/CVE-2020-6417
Google
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
CVE Name
CVE-2020-6381
CVE-2020-6382
CVE-2019-18197
CVE-2019-19926
CVE-2020-6385
CVE-2019-19880
CVE-2019-19925
CVE-2020-6387
CVE-2020-6388
CVE-2020-6389
CVE-2020-6390
CVE-2020-6391
CVE-2020-6392
CVE-2020-6393
CVE-2020-6394
CVE-2020-6395
CVE-2020-6396
CVE-2020-6397
CVE-2020-6398
CVE-2020-6399
CVE-2020-6400
CVE-2020-6401
CVE-2020-6402
CVE-2020-6403
CVE-2020-6404
CVE-2020-6405
CVE-2020-6406
CVE-2019-19923
CVE-2020-6408
CVE-2020-6409
CVE-2020-6410
CVE-2020-6411
CVE-2020-6412
CVE-2020-6413
CVE-2020-6414
CVE-2020-6415
CVE-2020-6416
CVE-2020-6417
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|