CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6575 – chromium-browser: Race in Mojo
https://notcve.org/view.php?id=CVE-2020-6575
10 Sep 2020 — Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un carrera en Mojo en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape sandbox por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of wh... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-15959 – chromium-browser: Insufficient policy enforcement in networking
https://notcve.org/view.php?id=CVE-2020-15959
10 Sep 2020 — Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. Una aplicación insuficiente de la política en networking en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante que convenció al usuario de habilitar el registro para obtener información potencialmente confidencial de la memoria del proceso por medio de ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 9.6EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6573 – chromium-browser: Use after free in video
https://notcve.org/view.php?id=CVE-2020-6573
10 Sep 2020 — Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en video en Google Chrome en Android versiones anteriores a 85.0.4183.102, permitía a un atacante remoto que había comprometido el proceso del renderizador potencialmente llevar a cabo un escape del sandbox por medio de una página HTML diseñada Multiple vulnerabi... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6576 – chromium-browser: Use after free in offscreen canvas
https://notcve.org/view.php?id=CVE-2020-6576
10 Sep 2020 — Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en offscreen canvas en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the a... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6566 – chromium-browser: Insufficient policy enforcement in media
https://notcve.org/view.php?id=CVE-2020-6566
27 Aug 2020 — Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de la política en media en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.83. Issues addressed include informatio... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6560 – chromium-browser: Insufficient policy enforcement in autofill
https://notcve.org/view.php?id=CVE-2020-6560
27 Aug 2020 — Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de la política en autofill en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.83. Issues addressed include info... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-6570 – chromium-browser: Side-channel information leakage in WebRTC
https://notcve.org/view.php?id=CVE-2020-6570
27 Aug 2020 — Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. Un filtrado de información en WebRTC en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto potencialmente obtener información confiable por medio de una interacción de WebRTC diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.83. Issues addr... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6568 – chromium-browser: Insufficient policy enforcement in intent handling
https://notcve.org/view.php?id=CVE-2020-6568
27 Aug 2020 — Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en el manejo de intent en Google Chrome en Android versiones anteriores a 85.0.4183.83, permitía a un atacante remoto omitir restricciones de navegación por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 6.5EPSS: 2%CPEs: 7EXPL: 0CVE-2020-6564 – chromium-browser: Incorrect security UI in permissions
https://notcve.org/view.php?id=CVE-2020-6564
27 Aug 2020 — Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. Una implementación inapropiada en permissions en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto falsificar el contenido de un diálogo de permisos por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.83. I... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-281: Improper Preservation of Permissions •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 1CVE-2020-6569 – chromium-browser: Integer overflow in WebUSB
https://notcve.org/view.php?id=CVE-2020-6569
27 Aug 2020 — Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en WebUSB en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto que había comprometido el proceso del renderizador potencialmente explotar una corrupción de la pila por medio de una página HTML diseñada Chromium is an open-source web browser, powered by We... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •