CVE-2020-6558 – Debian Security Advisory 4824-1

https://notcve.org/view.php?id=CVE-2020-6558

21 Sep 2020 — Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en iOSWeb en Google Chrome en iOS versiones anteriores a 85.0.4183.83, permitía a un atacante remoto omitir restricciones de navegación por medio de una página HTML diseñada Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary cod... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2020-15966 – chromium-browser: Insufficient policy enforcement in extensions

https://notcve.org/view.php?id=CVE-2020-15966

21 Sep 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa obtener información potencialmente confidencial por medio de una Chrome Extens... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html •

CVE-2020-15965 – chromium-browser: Out of bounds write in V8

https://notcve.org/view.php?id=CVE-2020-15965

21 Sep 2020 — Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.121. Issues address... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2020-15964 – chromium-browser: Insufficient data validation in media

https://notcve.org/view.php?id=CVE-2020-15964

21 Sep 2020 — Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación insuficiente de datos en media en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.121. Issues a... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •

CVE-2020-15963 – chromium-browser: Insufficient policy enforcement in extensions

https://notcve.org/view.php?id=CVE-2020-15963

21 Sep 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa llevar a cabo potencialmente un escape del sandbox por medio de una Chrome Extensi... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html •

CVE-2020-15962 – chromium-browser: Insufficient policy enforcement in serial

https://notcve.org/view.php?id=CVE-2020-15962

21 Sep 2020 — Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una comprobación insuficiente de la política en serial in Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Ch... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html •

CVE-2020-15961 – chromium-browser: Insufficient policy enforcement in extensions

https://notcve.org/view.php?id=CVE-2020-15961

21 Sep 2020 — Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Una comprobación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa llevar a cabo potencialmente un escape del sandbox por medio de una Chrome Extens... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html •

CVE-2020-15960 – chromium-browser: Out of bounds read in storage

https://notcve.org/view.php?id=CVE-2020-15960

21 Sep 2020 — Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Un desbordamiento del búfer de la pila en storage en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to vers... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html • CWE-787: Out-of-bounds Write •

CVE-2020-6574 – chromium-browser: Insufficient policy enforcement in installer

https://notcve.org/view.php?id=CVE-2020-6574

14 Sep 2020 — Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Una aplicación insuficiente de la política en installer en Google Chrome en OS X versiones anteriores a 85.0.4183.102, permitía a un atacante local alcanzar potencialmente una escalada de privilegios por medio de un binario diseñado Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to ver... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •

CVE-2020-16873 – Xamarin.Forms Spoofing Vulnerability

https://notcve.org/view.php?id=CVE-2020-16873

11 Sep 2020 —

A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.

For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.

The security update addresses this vulnerability by preventing the malicious Javascript from run... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16873 • CWE-1188: Initialization of a Resource with an Insecure Default •