Google Chrome prima 86.0.4240.111 Freetype buffer overflow

voceeditHistoryDiffjsonxmlCTI

In Google Chrome (Web Browser) stata rilevata una vulnerabilità di livello critico. Riguarda una funzione sconosciuta del componente Freetype. L'aggiornamento alla versione 86.0.4240.111 elimina questa vulnerabilità. Una possibile soluzione è stata pubblicata immediatamente dopo la pubblicazione della vulnerabilità.

Field26/10/2020 07:44 AM27/11/2020 07:18 AM27/11/2020 07:22 AM
vendorGoogleGoogleGoogle
nameChromeChromeChrome
typeWeb BrowserWeb BrowserWeb Browser
componentFreetypeFreetypeFreetype
cwe122 (buffer overflow)122 (buffer overflow)122 (buffer overflow)
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
date1603144800 (20/10/2020)1603144800 (20/10/2020)1603144800 (20/10/2020)
identifierStable Channel Update for Desktop - October 2020Stable Channel Update for Desktop - October 2020Stable Channel Update for Desktop - October 2020
urlhttps://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.htmlhttps://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.htmlhttps://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
nameUpgradeUpgradeUpgrade
date1603144800 (20/10/2020)1603144800 (20/10/2020)1603144800 (20/10/2020)
upgrade_version86.0.4240.11186.0.4240.11186.0.4240.111
cveCVE-2020-15999CVE-2020-15999CVE-2020-15999
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.56.56.5
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.07.07.0
cvss3_meta_basescore7.37.36.9
cvss3_meta_tempscore7.07.06.6
price_0day$25k-$100k$25k-$100k$25k-$100k
price_trend+++
cve_assigned15958008001595800800
cve_nvd_summaryHeap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiN
cvss2_nvd_aiP
cvss2_nvd_basescore4.3
cvss3_nvd_basescore6.5

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!