CVE-2020-16012 log

Severity Medium
Remote Yes
Type Information disclosure
An information disclosure issue has been found in Firefox before 83.0 and chromium before 87.0.4280.66. When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks.
Group Package Affected Fixed Severity Status Ticket
AVG-1279 firefox 82.0.3-1 83.0-1 Critical Fixed
AVG-1277 chromium 86.0.4240.193-1 87.0.4280.66-1 High Fixed
Date Advisory Group Package Severity Type
17 Nov 2020 ASA-202011-12 AVG-1279 firefox Critical multiple issues
17 Nov 2020 ASA-202011-11 AVG-1277 chromium High multiple issues