ByteOS Network

NVD Vulnerability Details :

CVE-2020-16007

Analyzed

Source-chrome-cve-admin@google.com

Published At-03 Nov, 2020 | 03:15

Updated At-21 Jul, 2021 | 11:39

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Google LLC

>>chrome>>Versions before 86.0.4240.183(exclusive)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

openSUSE

>>backports_sle>>15.0

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

openSUSE

>>backports_sle>>15.0

cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>10.0

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

openSUSE

>>leap>>15.1

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

openSUSE

>>leap>>15.2

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-59	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html	chrome-cve-admin@google.com	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html	chrome-cve-admin@google.com	Mailing List Third Party Advisory
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html	chrome-cve-admin@google.com	Release Notes Third Party Advisory
https://crbug.com/1125018	chrome-cve-admin@google.com	Third Party Advisory
https://www.debian.org/security/2021/dsa-4824	chrome-cve-admin@google.com	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History