Vulnerability Name:

CVE-2020-6464 (CCN-181479)

Assigned:2020-04-15
Published:2020-04-15
Updated:2022-04-26
Summary:Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
CWE-843
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-6464

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0709

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0917

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update for Desktop

Source: MISC
Type: Release Notes, Vendor Advisory
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html

Source: MISC
Type: Exploit, Issue Tracking, Vendor Advisory
https://crbug.com/1071059

Source: XF
Type: UNKNOWN
google-cve20206464-code-exec(181479)

Source: GENTOO
Type: Third Party Advisory
GLSA-202005-13

Source: DEBIAN
Type: Third Party Advisory
DSA-4714

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-6464

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version < 81.0.4044.138)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:google:chrome:81:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20206464
    V
    		CVE-2020-6464
    2022-06-30
    oval:org.opensuse.security:def:93604
    P
    		 (Important)
    2022-05-03
    oval:org.opensuse.security:def:112066
    P
    		chromedriver-93.0.4577.82-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64839
    P
    		Security update for libmspack (Low)
    2022-01-13
    oval:org.opensuse.security:def:74756
    P
    		Security update for go1.16 (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:64814
    P
    		Security update for glib-networking (Important)
    2021-12-06
    oval:org.opensuse.security:def:64590
    P
    		Security update for rpm (Important)
    2021-10-15
    oval:org.opensuse.security:def:64776
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-12
    oval:org.opensuse.security:def:105615
    P
    		chromedriver-93.0.4577.82-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:100317
    P
    		 (Important)
    2021-08-16
    oval:org.opensuse.security:def:63097
    P
    		ntp-4.2.8p15-4.13.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63362
    P
    		ovmf-202008-8.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63352
    P
    		libtpms-devel-0.8.2-1.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63059
    P
    		python2-numpy-gnu-hpc-1.16.5-1.164 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:64732
    P
    		Security update for systemd (Important)
    2021-07-20
    oval:org.opensuse.security:def:64731
    P
    		Security update for the Linux Kernel (Important)
    2021-07-15
    oval:org.opensuse.security:def:74718
    P
    		Security update for go1.15 (Important)
    2021-06-30
    oval:org.opensuse.security:def:64726
    P
    		Security update for lua53 (Moderate)
    2021-06-29
    oval:org.opensuse.security:def:62856
    P
    		jython-2.2.1-4.36 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:62853
    P
    		git-2.16.3-1.30 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:62849
    P
    		ctags-5.8-1.27 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:63555
    P
    		libvncclient0-0.9.10-2.21 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:62881
    P
    		zlib-devel-32bit-1.2.11-1.422 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64702
    P
    		Security update for dhcp (Important)
    2021-06-02
    oval:org.opensuse.security:def:64504
    P
    		Security update for fribidi (Important)
    2021-05-19
    oval:org.opensuse.security:def:64664
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:64644
    P
    		Security update for subversion (Important)
    2021-02-10
    oval:org.opensuse.security:def:64606
    P
    		Security update for python (Important)
    2021-02-09
    oval:org.opensuse.security:def:64542
    P
    		Security update for sudo (Important)
    2021-01-26
    oval:org.opensuse.security:def:64397
    P
    		Security update for gcc10, nvptx-tools (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:62919
    P
    		perl-Net-Libproxy-0.4.15-2.42 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62894
    P
    		crash-7.2.1-7.15 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63184
    P
    		spice-gtk-devel-0.34-1.64 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62891
    P
    		build-20190128-3.3.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63156
    P
    		libapr-util1-dbd-mysql-1.6.1-2.41 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62887
    P
    		binutils-devel-32bit-2.31-5.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63593
    P
    		libreoffice-6.1.3.2-6.28 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63148
    P
    		dovecot23-2.3.1-2.20 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63390
    P
    		jakarta-commons-fileupload-1.1.1-2.82 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63143
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63871
    P
    		Security update for openssl-1_0_0 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74851
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:65007
    P
    		Security update for libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:64434
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63931
    P
    		Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:63665
    P
    		Security update for wpa_supplicant (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64941
    P
    		Security update for git (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64298
    P
    		libXcursor-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63702
    P
    		Security update for apache2-mod_jk (Important)
    2020-12-01
    oval:org.opensuse.security:def:74889
    P
    		Security update for opera (Important)
    2020-12-01
    oval:org.opensuse.security:def:63969
    P
    		Security update for mutt (Important)
    2020-12-01
    oval:org.opensuse.security:def:63740
    P
    		Security update for ucode-intel (Important)
    2020-12-01
    oval:org.opensuse.security:def:75211
    P
    		Security update for opera (Important)
    2020-12-01
    oval:org.opensuse.security:def:64257
    P
    		gdk-pixbuf-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75074
    P
    		Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:64396
    P
    		libunbound2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64026
    P
    		Security update for python3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65129
    P
    		Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (Important)
    2020-12-01
    oval:org.opensuse.security:def:64435
    P
    		perl-LWP-Protocol-https on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64260
    P
    		giflib-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:110948
    P
    		Security update for opera (Important)
    2020-07-02
    oval:org.opensuse.security:def:110551
    P
    		Security update for opera (Important)
    2020-05-24
    oval:org.opensuse.security:def:110513
    P
    		Security update for chromium (Important)
    2020-05-08
    BACK
    google chrome *
    debian debian linux 9.0
    debian debian linux 10.0
    opensuse leap 15.1
    opensuse leap 15.2
    google chrome 81