CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-6443 – chromium-browser: Insufficient data validation in developer tools
https://notcve.org/view.php?id=CVE-2020-6443
13 Apr 2020 — Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. Una comprobación insuficiente de datos en developer tools en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto que había convencido al usuario de utilizar devtools ejecutar código arbitrario por medio de una página HTML diseñada. Multiple vulnerabilities have been found in ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 1CVE-2020-6444 – chromium-browser: Uninitialized use in WebRTC
https://notcve.org/view.php?id=CVE-2020-6444
13 Apr 2020 — Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso no inicializado en WebRTC en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary c... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6441 – chromium-browser: Insufficient policy enforcement in omnibox
https://notcve.org/view.php?id=CVE-2020-6441
13 Apr 2020 — Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. Una aplicación insuficiente de la política en omnibox en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir la Interfaz de Usuario de seguridad por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitr... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-6442 – chromium-browser: Inappropriate implementation in cache
https://notcve.org/view.php?id=CVE-2020-6442
13 Apr 2020 — Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada en cache en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. Versions less th... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6439 – chromium-browser: Insufficient policy enforcement in navigations
https://notcve.org/view.php?id=CVE-2020-6439
13 Apr 2020 — Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. Una aplicación insuficiente de la política en navigations en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir la Interfaz de Usuario de seguridad por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execut... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6440 – chromium-browser: Inappropriate implementation in extensions
https://notcve.org/view.php?id=CVE-2020-6440
13 Apr 2020 — Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. Una implementación inapropiada en extensions en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante que convenció a un usuario a instalar una extensión maliciosa para obtener información potencialmente confidencial por medio de una Extensión de Chrome diseña... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 1CVE-2020-6437 – chromium-browser: Inappropriate implementation in WebView
https://notcve.org/view.php?id=CVE-2020-6437
13 Apr 2020 — Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. Una implementación inapropiada en WebView en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto falsificar la Interfaz de Usuario de seguridad por medio de una aplicación diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. V... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2020-6438 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-6438
13 Apr 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions de Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante, que convenció a un usuario para instalar una extensión maliciosa, obtener información potencialmente confidencial desde la... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6435 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-6435
13 Apr 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en extensions de Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto quien había comprometido el proceso de renderización omitir las restricciones de navegación por medio de una página HTML diseñada. Multiple vulnerabilities have... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6436 – chromium-browser: Use after free in window management
https://notcve.org/view.php?id=CVE-2020-6436
13 Apr 2020 — Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en window management en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow r... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-416: Use After Free •