Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6433

Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

About Monorail User Guide Release Notes Feedback on Monorail Terms Privacy

CVE-2020-6454: 1019161 - chromium - An open-source project to help move the web forward.

Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

**Chrome Releases**

Release updates from the Chrome team

CVE-2020-6448: Stable Channel Update for Desktop

An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.

Permalink

Browse files

slcan: Don't transmit uninitialized stack data in padding

struct can\_frame contains some padding which is not explicitly zeroed in
slc\_bump. This uninitialized data will then be transmitted if the stack
initialization hardening feature is not enabled (CONFIG\_INIT\_STACK\_ALL).

This commit just zeroes the whole struct including the padding.

Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
Fixes: a1044e3 ("can: add slcan driver for serial/USB-serial CAN adapters")
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: linux-can@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: security@kernel.org
Cc: wg@grandegger.com
Cc: mkl@pengutronix.de
Cc: davem@davemloft.net
Acked-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

*   Loading branch information

Showing with **1 addition** and **3 deletions**.

1.  +1 −3 drivers/net/can/slcan.c

CVE-2020-11494: slcan: Don't transmit uninitialized stack data in padding · torvalds/linux@b9258a2

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

Sec Bug #79282

Use-of-uninitialized-value in exif

Submitted:

2020-02-19 09:31 UTC

Modified:

2020-03-17 05:39 UTC

From:

nikic@php.net

Assigned:

stas (profile)

Status:

Closed

Package:

EXIF related

PHP Version:

master-Git-2020-02-19 (Git)

OS:

Private report:

No

CVE-ID:

2020-7064

 **\[2020-02-19 09:31 UTC\] nikic@php.net**

Description:
------------
From https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19581.

<?php
var\_dump(exif\_read\_data('data://image/jpeg;base64,/9jhAAlFeGlmAAAg'));

Results in:

 	Uninitialized bytes in MemcmpInterceptorCommon at offset 1 inside \[0x7010000006e8, 2)
	==1==WARNING: MemorySanitizer: use-of-uninitialized-value
	    #0 0x5004dc in \_\_interceptor\_bcmp /src/llvm-project/compiler-rt/lib/sanitizer\_common/sanitizer\_common\_interceptors.inc:885:10
	    #1 0x86693b in exif\_process\_TIFF\_in\_JPEG php-src/ext/exif/exif.c:3596:6
	    #2 0x861b7e in exif\_scan\_JPEG\_header php-src/ext/exif/exif.c:3793:6
	    #3 0x8609eb in exif\_scan\_FILE\_header php-src/ext/exif/exif.c:4186:8
	    #4 0x8602bb in exif\_read\_from\_impl php-src/ext/exif/exif.c:4327:8
	    #5 0x858b52 in exif\_read\_from\_stream php-src/ext/exif/exif.c:4344:8
	    #6 0x856001 in zif\_exif\_read\_data php-src/ext/exif/exif.c:4434:9
	    #7 0x112596d in zend\_call\_function php-src/Zend/zend\_execute\_API.c:817:4
	    #8 0x11236e2 in \_call\_user\_function\_ex php-src/Zend/zend\_execute\_API.c:638:9
	    #9 0x1696c7a in fuzzer\_call\_php\_func\_zval php-src/sapi/fuzzer/fuzzer-sapi.c:247:2
	    #10 0x169596f in LLVMFuzzerTestOneInput php-src/sapi/fuzzer/fuzzer-exif.c:52:2
	    #11 0x481101 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const\*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
	    #12 0x46bc21 in fuzzer::RunOneTest(fuzzer::Fuzzer\*, char const\*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:292:6
	    #13 0x4718de in fuzzer::FuzzerDriver(int\*, char\*\*\*, int (\*)(unsigned char const\*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:774:9
	    #14 0x49b802 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
	    #15 0x7f3e6199882f in \_\_libc\_start\_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291
	    #16 0x445098 in \_start
	
	  Uninitialized value was created by a heap allocation
	    #0 0x4fc67d in malloc /src/llvm-project/compiler-rt/lib/msan/msan\_interceptors.cpp:925:3
	    #1 0x1088155 in \_\_zend\_malloc php-src/Zend/zend\_alloc.c:2975:14
	    #2 0x1082159 in \_emalloc php-src/Zend/zend\_alloc.c:2535:10
	    #3 0x865d76 in exif\_file\_sections\_add php-src/ext/exif/exif.c:2042:10
	    #4 0x8618c0 in exif\_scan\_JPEG\_header php-src/ext/exif/exif.c:3747:8
	    #5 0x8609eb in exif\_scan\_FILE\_header php-src/ext/exif/exif.c:4186:8
	    #6 0x8602bb in exif\_read\_from\_impl php-src/ext/exif/exif.c:4327:8
	    #7 0x858b52 in exif\_read\_from\_stream php-src/ext/exif/exif.c:4344:8
	    #8 0x856001 in zif\_exif\_read\_data php-src/ext/exif/exif.c:4434:9
	    #9 0x112596d in zend\_call\_function php-src/Zend/zend\_execute\_API.c:817:4
	    #10 0x11236e2 in \_call\_user\_function\_ex php-src/Zend/zend\_execute\_API.c:638:9
	    #11 0x1696c7a in fuzzer\_call\_php\_func\_zval php-src/sapi/fuzzer/fuzzer-sapi.c:247:2
	    #12 0x169596f in LLVMFuzzerTestOneInput php-src/sapi/fuzzer/fuzzer-exif.c:52:2
	    #13 0x481101 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const\*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
	    #14 0x46bc21 in fuzzer::RunOneTest(fuzzer::Fuzzer\*, char const\*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:292:6
	    #15 0x4718de in fuzzer::FuzzerDriver(int\*, char\*\*\*, int (\*)(unsigned char const\*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:774:9
	    #16 0x49b802 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
	    #17 0x7f3e6199882f in \_\_libc\_start\_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291

I can't reproduce under valgrind, so also can't tell which versions are affected.

**Patches**

Add a Patch

**Pull Requests**

Add a Pull Request

**History**

AllCommentsChangesGit/SVN commitsRelated reports

 **\[2020-02-19 10:08 UTC\] nikic@php.net**

\-Assigned To: +Assigned To: stas

 **\[2020-02-24 18:12 UTC\] stas@php.net**

\-CVE-ID: +CVE-ID: 2020-7064

 **\[2020-03-16 03:30 UTC\] stas@php.net**

I've verified that the fix fixes the issue on oss-fuzz setup.

 **\[2020-03-17 05:39 UTC\] stas@php.net**

\-Status: Assigned +Status: Closed

CVE-2020-7064: PHP :: Sec Bug #79282 :: Use-of-uninitialized-value in exif

Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.

CVE-2019-19034: AssetExplorer ITAM Solution ServicePacks Readme

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.

**Debian Security Advisory**

Date Reported:

22 Mar 2020

Affected Packages:

chromium

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2019-20503, CVE-2020-6422, CVE-2020-6424, CVE-2020-6425, CVE-2020-6426, CVE-2020-6427, CVE-2020-6428, CVE-2020-6429, CVE-2020-6449.  

More information:

Several vulnerabilities have been discovered in the chromium web browser.

*   CVE-2019-20503
    
    Natalie Silvanovich discovered an out-of-bounds read issue in the usrsctp library.
    
*   CVE-2020-6422
    
    David Manouchehri discovered a use-after-free issue in the WebGL implementation.
    
*   CVE-2020-6424
    
    Sergei Glazunov discovered a use-after-free issue.
    
*   CVE-2020-6425
    
    Sergei Glazunov discovered a policy enforcement error related to extensions.
    
*   CVE-2020-6426
    
    Avihay Cohen discovered an implementation error in the v8 javascript library.
    
*   CVE-2020-6427
    
    Man Yue Mo discovered a use-after-free issue in the audio implementation.
    
*   CVE-2020-6428
    
    Man Yue Mo discovered a use-after-free issue in the audio implementation.
    
*   CVE-2020-6429
    
    Man Yue Mo discovered a use-after-free issue in the audio implementation.
    
*   CVE-2020-6449
    
    Man Yue Mo discovered a use-after-free issue in the audio implementation.
    

For the oldstable distribution (stretch), security support for chromium has been discontinued.

For the stable distribution (buster), these problems have been fixed in version 80.0.3987.149-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium

CVE-2020-6425: Debian -- Security Information -- DSA-4645-1 chromium

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

**CKEditor 4 - Smart WYSIWYG HTML editor **

  

 

A highly configurable WYSIWYG HTML editor with hundreds of features, from creating rich text content with captioned images, videos, tables, media embeds, emoji or mentions to pasting from Word and Google Docs and drag&drop image upload.

Supports a broad range of browsers, including legacy ones.

**Getting started****Using npm package**

npm install --save ckeditor

Use it on your website:

<div id\="editor"\>
    <p\>This is the editor content.</p\>
</div\>
<script src\="./node\_modules/ckeditor/ckeditor.js"\></script\>
<script\>
    CKEDITOR.replace( 'editor' );
</script\>

**Using CDN**

Load the CKEditor 4 script from CDN:

<div id\="editor"\>
    <p\>This is the editor content.</p\>
</div\>
<script src\="https://cdn.ckeditor.com/4.13.0/standard/ckeditor.js"\></script\>
<script\>
    CKEDITOR.replace( 'editor' );
</script\>

**Integrating with Angular, React and Vue.js**

Refer to official usage guides for the ckeditor4-angular, ckeditor4-react and ckeditor4-vue packages.

**Manual download**

Visit the CKEditor 4 download section on the CKEditor website to download ready-to-use CKEditor 4 packages or to create a customized CKEditor 4 build.

**Features**

*   Over 500 plugins in the Add-ons Repository.
*   Pasting from Microsoft Word, Excel and Google Docs.
*   Drag&drop image uploads.
*   Media embeds to insert videos, tweets, maps, slideshows.
*   Powerful clipboard integration.
*   Content quality control with Advanced Content Filter.
*   Extensible widget system.
*   Custom table selection.
*   Accessibility conforming to WCAG and Section 508.
*   Over 70 localizations available with full RTL support.

**Browser support**

  
IE / Edge

  
Firefox

  
Chrome

  
Chrome (Android)

  
Safari

  
iOS Safari

  
Opera

IE8, IE9, IE10, IE11, Edge

latest version

latest version

latest version

latest version

latest version

latest version

Find out more in the Browser Compatibility guide.

**Working with the ckeditor4 repository**

**Attention**: The code in this repository should be used locally and for development purposes only. We do not recommend using it in a production environment because the user experience will be very limited.

**Code installation**

There is no special installation procedure to install the development code. Simply clone it to any local directory and you are set.

**Available branches**

This repository contains the following branches:

*   **master** – Development of the upcoming minor release.
*   **stable** – Latest stable release tag point (non-beta).
*   **latest** – Latest release tag point (including betas).
*   **release/A.B.x** (e.g. 4.0.x, 4.1.x) – Release freeze, tests and tagging. Hotfixing.

Note that the master branch is under heavy development. Its code did not pass the release testing phase, though, so it may be unstable.

Additionally, all releases have their respective tags in the following form: 4.4.0, 4.4.1, etc.

**Samples**

The samples/ folder contains some examples that can be used to test your installation. Visit CKEditor 4 Examples for plenty of samples showcasing numerous editor features, with source code readily available to view, copy and use in your own solution.

**Code structure**

The development code contains the following main elements:

*   Main coding folders:
    *   core/ – The core API of CKEditor 4. Alone, it does nothing, but it provides the entire JavaScript API that makes the magic happen.
    *   plugins/ – Contains most of the plugins maintained by the CKEditor 4 core team.
    *   skin/ – Contains the official default skin of CKEditor 4.
    *   dev/ – Contains some developer tools.
    *   tests/ – Contains the CKEditor 4 tests suite.

**Building a release**

A release-optimized version of the development code can be easily created locally. The dev/builder/build.sh script can be used for that purpose:

A "release-ready" working copy of your development code will be built in the new dev/builder/release/ folder. An Internet connection is necessary to run the builder, for the first time at least.

**Testing environment**

Read more on how to set up the environment and execute tests in the CKEditor 4 Testing Environment guide.

**Reporting issues**

Use the CKEditor 4 GitHub issue page to report bugs and feature requests.

**License**

Copyright (c) 2003-2022, CKSource Holding sp. z o.o. All rights reserved.

For licensing, see LICENSE.md or https://ckeditor.com/legal/ckeditor-oss-license

CVE-2020-9281: GitHub - ckeditor/ckeditor4: The best enterprise-grade WYSIWYG editor. Fully customizable with countless features and plugins.

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Processors Data Leakage Advisory**

**Summary: **

Potential security vulnerabilities in some Intel® Processors may allow information disclosure.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2020-0548

Description: Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 2.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CVEID: CVE-2020-0549

Description: Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

**Affected Products:**

A list of impacted products can be found here.

**Recommendations:**

Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues. 

Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode:   

GitHub\*: Public Github: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files

Additional technical details about these vulnerabilities can be found at:  

https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling

https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling

Additional Advisory Guidance on CVE-2020-0548, CVE 2020-0549 available here.

**Acknowledgements:**

Intel would like to thank the following individuals for finding, reporting and coordinating these vulnerabilities to us.

Intel thanks TU Graz and KU Leuven for disclosure of CVE-2020-0549.

Graz University of Technology: Moritz Lipp, Michael Schwarz, Daniel Gruss. 

KU Leuven: Jo Van Bulck.

Intel thanks VU Amsterdam, for disclosure of CVE-2020-0548 and CVE-2020-0549. VUSec group at VU Amsterdam: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. 

Researchers from TU Graz and Ku Leuven provided Intel with a Proof of Concept (POC) in May 2019 and researchers from VU Amsterdam provided Proof of Concept (POC) in October 2019. Intel subsequently confirmed each submission demonstrates CVE-2020-0549 individually.

**Revision History**

Revision

Date

Description

1.0

01/27/2020

Initial Release

1.1

06/09/2020

Updated Recomendations

1.2

05/11/2021

Added CVE Additional Guidance Link

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#chrome