Vulnerability CVE-2020-15972

Vulnerability Name:

CVE-2020-15972 (CCN-189468)

Assigned:

2020-10-06

Published:

2020-10-06

Updated:

2023-06-12

Summary:

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in audio. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-15972

Source: chrome-cve-admin@google.com
Type: Mailing List, Third Party Advisory
chrome-cve-admin@google.com

Source: chrome-cve-admin@google.com
Type: UNKNOWN
chrome-cve-admin@google.com

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update for Desktop

Source: chrome-cve-admin@google.com
Type: Release Notes, Vendor Advisory
chrome-cve-admin@google.com

Source: chrome-cve-admin@google.com
Type: Permissions Required, Vendor Advisory
chrome-cve-admin@google.com

Source: XF
Type: UNKNOWN
google-chrome-cve202015972-code-exec(189468)

Source: chrome-cve-admin@google.com
Type: Mailing List, Third Party Advisory
chrome-cve-admin@google.com

Source: chrome-cve-admin@google.com
Type: Mailing List, Third Party Advisory
chrome-cve-admin@google.com

Source: chrome-cve-admin@google.com
Type: Mailing List, Third Party Advisory
chrome-cve-admin@google.com

Source: chrome-cve-admin@google.com
Type: Third Party Advisory
chrome-cve-admin@google.com

Source: chrome-cve-admin@google.com
Type: Third Party Advisory
chrome-cve-admin@google.com

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202015972	V	CVE-2020-15972	2022-06-30
oval:org.opensuse.security:def:112066	P	chromedriver-93.0.4577.82-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105615	P	chromedriver-93.0.4577.82-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:64771	P	Security update for gd (Moderate)	2021-09-27
oval:org.opensuse.security:def:64570	P	Security update for java-11-openjdk (Important)	2021-09-03
oval:org.opensuse.security:def:63521	P	taglib-1.11.1-4.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63383	P	virt-install-3.2.0-5.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63123	P	cloud-init-20.2-8.45.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63326	P	erlang-rabbitmq-client-3.8.11-1.26 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:64458	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:64664	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:64663	P	Security update for openldap2 (Important)	2021-03-08
oval:org.opensuse.security:def:64527	P	Security update for permissions (Moderate)	2021-01-22
oval:org.opensuse.security:def:74636	P	Security update for xstream (Important)	2021-01-20
oval:org.opensuse.security:def:63148	P	dovecot23-2.3.1-2.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63619	P	gnome-shell-calendar-3.34.4+4-1.58 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62702	P	libtag-devel-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62902	P	guile-2.0.14-5.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62701	P	libsrtp2-1-2.2.0-1.34 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63116	P	kernel-devel-azure-4.12.14-5.47.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62725	P	wavpack-5.1.0-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63181	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63120	P	terraform-0.12.19-3.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:74985	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:64416	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64074	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:63969	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:64873	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:65043	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:64314	P	libXxf86dga-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63747	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:75118	P	Security update for chromium (Critical)	2020-12-01
oval:org.opensuse.security:def:64208	P	apache-commons-httpclient on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63822	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:74510	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:64198	P	ruby2.5-rubygem-activejob-5_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64931	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:100249	P	(Important)	2020-11-30
oval:org.opensuse.security:def:109731	P	Security update for chromium, gn (Important)	2020-11-05
oval:org.opensuse.security:def:103074	P	Security update for chromium, gn (Important)	2020-11-05
oval:org.opensuse.security:def:96384	P	Security update for chromium, gn (Important)	2020-11-05
oval:org.opensuse.security:def:93536	P	Security update for chromium (Critical)	2020-10-23
oval:org.opensuse.security:def:110260	P	Security update for chromium (Critical)	2020-10-22
oval:org.opensuse.security:def:110813	P	Security update for chromium (Critical)	2020-10-22

BACK