Vulnerability Name:

CVE-2020-6515 (CCN-185233)

Assigned:2020-07-14
Published:2020-07-14
Updated:2021-07-21
Summary:Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-416
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-6515

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1061

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1148

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1172

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1048

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update for Desktop

Source: MISC
Type: Release Notes, Vendor Advisory
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

Source: MISC
Type: Permissions Required, Vendor Advisory
https://crbug.com/1082755

Source: XF
Type: UNKNOWN
google-chrome-cve20206515-code-exec(185233)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-bf684961d9

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-84d87cbd50

Source: GENTOO
Type: Third Party Advisory
GLSA-202007-08

Source: DEBIAN
Type: Third Party Advisory
DSA-4824

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version < 84.0.4147.89)

    • Configuration 2:
  • cpe:/a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:google:chrome:84:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20206515
    V
    		CVE-2020-6515
    2022-06-30
    oval:org.opensuse.security:def:112066
    P
    		chromedriver-93.0.4577.82-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64831
    P
    		Security update for libvirt (Important)
    2022-01-04
    oval:org.opensuse.security:def:64773
    P
    		Security update for glibc (Moderate)
    2021-12-08
    oval:org.opensuse.security:def:64805
    P
    		Security update for python-Pygments (Important)
    2021-12-01
    oval:org.opensuse.security:def:74379
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:105615
    P
    		chromedriver-93.0.4577.82-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:63226
    P
    		nginx-1.14.0-4.24 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:63200
    P
    		davfs2-1.5.4-1.4 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:64564
    P
    		Security update for openssl-1_1 (Important)
    2021-08-24
    oval:org.opensuse.security:def:64563
    P
    		Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:64747
    P
    		Security update for krb5 (Important)
    2021-08-20
    oval:org.opensuse.security:def:63493
    P
    		libsndfile1-32bit-1.0.28-5.5.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63519
    P
    		sane-backends-32bit-1.0.32-6.6.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63415
    P
    		jakarta-taglibs-standard-1.1.1-2.42 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63048
    P
    		zlib-devel-32bit-1.2.11-3.21.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63016
    P
    		jcl-over-slf4j-1.7.30-1.34 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62771
    P
    		libXp6-32bit-1.0.3-1.24 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62994
    P
    		bsdtar-3.4.2-2.24 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62796
    P
    		libmad-devel-0.15.1b-3.16 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62997
    P
    		cargo-1.43.1-12.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63022
    P
    		libtdsodbc0-1.1.36-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63020
    P
    		libgit2-28-0.28.4-1.28 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63023
    P
    		libtidy-devel-5.4.0-3.2.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62990
    P
    		apache-pdfbox-1.8.16-1.68 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:64538
    P
    		Security update for libgcrypt (Important)
    2021-06-24
    oval:org.opensuse.security:def:64537
    P
    		Security update for libnettle (Important)
    2021-06-23
    oval:org.opensuse.security:def:63075
    P
    		ntp-4.2.8p13-4.6.1 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:64464
    P
    		Security update for ceph (Moderate)
    2021-04-08
    oval:org.opensuse.security:def:64671
    P
    		Security update for ruby2.5 (Important)
    2021-03-24
    oval:org.opensuse.security:def:64645
    P
    		Security update for wpa_supplicant (Important)
    2021-02-11
    oval:org.opensuse.security:def:62571
    P
    		libopenjpeg1-1.5.2-2.28 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63641
    P
    		openconnect-7.08-6.6.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62594
    P
    		perl-File-Path-2.150000-1.22 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62596
    P
    		perl-Tk-804.034-1.44 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62570
    P
    		libnm-gtk-devel-1.8.10-3.39 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63050
    P
    		python2-numpy-gnu-hpc-1.14.0-2.105 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62619
    P
    		conky-1.11.5-1.20 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63252
    P
    		apache2-mod_jk-1.2.43-6.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62595
    P
    		perl-MIME-Charset-1.012.2-1.24 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63390
    P
    		jakarta-commons-fileupload-1.1.1-2.82 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63616
    P
    		gegl-0_3-0.3.34-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63277
    P
    		libmariadbd-devel-10.4.13-1.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:64439
    P
    		Security update for python3 (Important)
    2020-12-02
    oval:org.opensuse.security:def:64327
    P
    		libgd3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64208
    P
    		apache-commons-httpclient on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64077
    P
    		Security update for libqt5-qtbase (Important)
    2020-12-01
    oval:org.opensuse.security:def:74885
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63696
    P
    		Security update for libtasn1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64310
    P
    		libXtst-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63968
    P
    		Security update for python3-requests (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75018
    P
    		Security update for opera (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63843
    P
    		Security update for LibVNCServer (Critical)
    2020-12-01
    oval:org.opensuse.security:def:64352
    P
    		libncurses6-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64102
    P
    		Security update for raptor (Important)
    2020-12-01
    oval:org.opensuse.security:def:64072
    P
    		Security update for libsolv (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74505
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:63722
    P
    		Security update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64401
    P
    		libvpx4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63869
    P
    		Security update for audit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74404
    P
    		Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:64098
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:74530
    P
    		Security update for opera (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64917
    P
    		Security update for bluez (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64183
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64427
    P
    		pam_krb5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74859
    P
    		Security update for rpmlint (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64285
    P
    		kdump on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63943
    P
    		Security update for libexif (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74992
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:64943
    P
    		Security update for tigervnc (Important)
    2020-12-01
    oval:org.opensuse.security:def:110713
    P
    		Security update for opera (Moderate)
    2020-08-09
    oval:org.opensuse.security:def:110154
    P
    		Security update for opera (Moderate)
    2020-08-05
    oval:org.opensuse.security:def:100209
    P
    		Security update for chromium (Important)
    2020-07-26
    oval:org.opensuse.security:def:93496
    P
    		Security update for chromium (Important)
    2020-07-26
    oval:org.opensuse.security:def:109689
    P
    		Security update for chromium (Important)
    2020-07-23
    oval:org.opensuse.security:def:103032
    P
    		Security update for chromium (Important)
    2020-07-23
    oval:org.opensuse.security:def:96342
    P
    		Security update for chromium (Important)
    2020-07-23
    oval:org.opensuse.security:def:110687
    P
    		Security update for chromium (Important)
    2020-07-20
    oval:org.opensuse.security:def:110129
    P
    		Security update for chromium (Important)
    2020-07-20
    BACK
    google chrome *
    opensuse backports sle 15.0 sp1
    opensuse backports sle 15.0 sp2
    debian debian linux 10.0
    fedoraproject fedora 31
    fedoraproject fedora 32
    opensuse leap 15.1
    opensuse leap 15.2
    google chrome 84