Back
Multiple Vulnerabilities in Google Chrome - CERT-In Vulnerability Note CIVN-2020-0140
- By Elite CIO
May 11, 2020
12
Multiple Vulnerabilities in Google Chrome - CERT-In Vulnerability Note CIVN-2020-0140
Source : www.cert-in.org.in
Original Issue Date: May08, 2020
Severity Rating : HIGH
Software Affected : Google Chrome versions prior to81.0.4044.138-1
Overview
Multiple vulnerabilities have been reported in Google Chromethat could allow a remote attacker to execute arbitrary code on the targetedsystem.
Description
1. Arbitrary CodeExecution Vulnerability ( CVE-2020-6464 )
This vulnerability exists due to a type confusion error inBlink component in Google Chrome. A remote attacker could exploit thisvulnerability by using a specially crafted file designed on the targetedsystem. Successful exploitation of this vulnerability could allow the attackerto execute arbitrary code on the targeted system.
2. Buffer overflowVulnerability ( CVE-2020-6831 )
This vulnerability exists due to a boundary error whenprocessing SCTP chunks in WebRTC. A remote attacker could exploit this vulnerabilityby using a specially crafted file designed on the targeted system. Successfulexploitation of this vulnerability could allow the attacker to execute arbitrarycode on the targeted system.
Solution
Upgrade to Google Chrome version 81.0.4044.138-1
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html
Vendor Information
Google Chrome
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html
References
Google Chrome
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html
ArchLinux
https://security.archlinux.org/ASA-202005-2/generate
CVE Name
CVE-2020-6464
CVE-2020-6831
Disclaimer
The information provided herein is on "as is"basis, without warranty of any kind.