Test ID:	1.3.6.1.4.1.25623.1.0.704645
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4645-1)
Summary:	The remote host is missing an update for the Debian 'chromium' package(s) announced via the DSA-4645-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'chromium' package(s) announced via the DSA-4645-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-20503 Natalie Silvanovich discovered an out-of-bounds read issue in the usrsctp library. CVE-2020-6422 David Manouchehri discovered a use-after-free issue in the WebGL implementation. CVE-2020-6424 Sergei Glazunov discovered a use-after-free issue. CVE-2020-6425 Sergei Glazunov discovered a policy enforcement error related to extensions. CVE-2020-6426 Avihay Cohen discovered an implementation error in the v8 javascript library. CVE-2020-6427 Man Yue Mo discovered a use-after-free issue in the audio implementation. CVE-2020-6428 Man Yue Mo discovered a use-after-free issue in the audio implementation. CVE-2020-6429 Man Yue Mo discovered a use-after-free issue in the audio implementation. CVE-2020-6449 Man Yue Mo discovered a use-after-free issue in the audio implementation. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 80.0.3987.149-1~ deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'chromium' package(s) on Debian 10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20503 Debian Security Information: DSA-4639 (Google Search) https://www.debian.org/security/2020/dsa-4639 Debian Security Information: DSA-4642 (Google Search) https://www.debian.org/security/2020/dsa-4642 Debian Security Information: DSA-4645 (Google Search) https://www.debian.org/security/2020/dsa-4645 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/ http://seclists.org/fulldisclosure/2020/May/49 http://seclists.org/fulldisclosure/2020/May/59 http://seclists.org/fulldisclosure/2020/May/55 http://seclists.org/fulldisclosure/2020/May/52 https://security.gentoo.org/glsa/202003-02 https://security.gentoo.org/glsa/202003-10 https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html https://crbug.com/1059349 https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 https://support.apple.com/HT211168 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211177 https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html RedHat Security Advisories: RHSA-2020:0815 https://access.redhat.com/errata/RHSA-2020:0815 RedHat Security Advisories: RHSA-2020:0816 https://access.redhat.com/errata/RHSA-2020:0816 RedHat Security Advisories: RHSA-2020:0819 https://access.redhat.com/errata/RHSA-2020:0819 RedHat Security Advisories: RHSA-2020:0820 https://access.redhat.com/errata/RHSA-2020:0820 SuSE Security Announcement: openSUSE-SU-2020:0340 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:0365 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html SuSE Security Announcement: openSUSE-SU-2020:0366 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html SuSE Security Announcement: openSUSE-SU-2020:0389 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html https://usn.ubuntu.com/4299-1/ https://usn.ubuntu.com/4328-1/ https://usn.ubuntu.com/4335-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6422 https://security.gentoo.org/glsa/202003-53 https://crbug.com/1051748 Common Vulnerability Exposure (CVE) ID: CVE-2020-6424 https://crbug.com/1031142 Common Vulnerability Exposure (CVE) ID: CVE-2020-6425 https://crbug.com/1031670 Common Vulnerability Exposure (CVE) ID: CVE-2020-6426 https://crbug.com/1052647 Common Vulnerability Exposure (CVE) ID: CVE-2020-6427 https://crbug.com/1055788 Common Vulnerability Exposure (CVE) ID: CVE-2020-6428 https://crbug.com/1057593 Common Vulnerability Exposure (CVE) ID: CVE-2020-6429 https://crbug.com/1057627 Common Vulnerability Exposure (CVE) ID: CVE-2020-6449 http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html https://crbug.com/1059686
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.