CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6575 – chromium-browser: Race in Mojo
https://notcve.org/view.php?id=CVE-2020-6575
10 Sep 2020 — Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un carrera en Mojo en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape sandbox por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of wh... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-15959 – chromium-browser: Insufficient policy enforcement in networking
https://notcve.org/view.php?id=CVE-2020-15959
10 Sep 2020 — Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. Una aplicación insuficiente de la política en networking en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante que convenció al usuario de habilitar el registro para obtener información potencialmente confidencial de la memoria del proceso por medio de ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 9.6EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6573 – chromium-browser: Use after free in video
https://notcve.org/view.php?id=CVE-2020-6573
10 Sep 2020 — Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en video en Google Chrome en Android versiones anteriores a 85.0.4183.102, permitía a un atacante remoto que había comprometido el proceso del renderizador potencialmente llevar a cabo un escape del sandbox por medio de una página HTML diseñada Multiple vulnerabi... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6576 – chromium-browser: Use after free in offscreen canvas
https://notcve.org/view.php?id=CVE-2020-6576
10 Sep 2020 — Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en offscreen canvas en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the a... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6567 – chromium-browser: Insufficient validation of untrusted input in command line handling
https://notcve.org/view.php?id=CVE-2020-6567
27 Aug 2020 — Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una comprobación insuficiente de una entrada no confiable en el manejo de la línea de comandos en Google Chrome en Windows versiones anteriores a 85.0.4183.83, permitía a un atacante remoto omitir restricciones de navegación por medio de una página HTML diseñada Chromium is an open-source web browser, powere... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 1CVE-2020-6569 – chromium-browser: Integer overflow in WebUSB
https://notcve.org/view.php?id=CVE-2020-6569
27 Aug 2020 — Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en WebUSB en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto que había comprometido el proceso del renderizador potencialmente explotar una corrupción de la pila por medio de una página HTML diseñada Chromium is an open-source web browser, powered by We... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6563 – chromium-browser: Insufficient policy enforcement in intent handling
https://notcve.org/view.php?id=CVE-2020-6563
27 Aug 2020 — Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. Una aplicación insuficiente de la política en el manejo de intent en Google Chrome en Android versiones anteriores a 85.0.4183.83, permitía a un atacante remoto obtener información potencialmente confidencial del disco por medio de una página HTML diseñada Chromium is an open-source web browser, powered b... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6560 – chromium-browser: Insufficient policy enforcement in autofill
https://notcve.org/view.php?id=CVE-2020-6560
27 Aug 2020 — Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de la política en autofill en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.83. Issues addressed include info... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-6570 – chromium-browser: Side-channel information leakage in WebRTC
https://notcve.org/view.php?id=CVE-2020-6570
27 Aug 2020 — Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. Un filtrado de información en WebRTC en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto potencialmente obtener información confiable por medio de una interacción de WebRTC diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.83. Issues addr... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6562 – chromium-browser: Insufficient policy enforcement in Blink
https://notcve.org/view.php?id=CVE-2020-6562
27 Aug 2020 — Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de la política en Blink en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.83. Issues addressed include informatio... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •