CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6405 – sqlite: Out-of-bounds read in SELECT with ON/USING clause
https://notcve.org/view.php?id=CVE-2020-6405
11 Feb 2020 — Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Una lectura fuera de límites en SQLite en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto obtener información potencialmente confidencial desde la memoria del proceso por medio de una página HTML diseñada. An out-of-bounds read vulnerability was found in the SQLite component of the Chromium brow... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-6406 – chromium-browser: Use after free in audio
https://notcve.org/view.php?id=CVE-2020-6406
11 Feb 2020 — Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso la memoria previamente liberada en audio en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues addressed include... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2020-6408 – chromium-browser: Insufficient policy enforcement in CORS
https://notcve.org/view.php?id=CVE-2020-6408
11 Feb 2020 — Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. Una aplicación insuficiente de la política en CORS en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante local obtener información potencialmente confidencial por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issu... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6409 – chromium-browser: Inappropriate implementation in Omnibox
https://notcve.org/view.php?id=CVE-2020-6409
11 Feb 2020 — Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name. Una implementación inapropiada en Omnibox en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto convencer al usuario de ingresar un URI para omitir las restricciones de navegación por medio de un nombre de dominio diseñado. Chromium is an open-source web browser, powered by Web... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6410 – chromium-browser: Insufficient policy enforcement in navigation
https://notcve.org/view.php?id=CVE-2020-6410
11 Feb 2020 — Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. Una aplicación insuficiente de la política en navigation en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto confundir al usuario por medio de un nombre de dominio diseñado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues addressed include informati... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6411 – chromium-browser: Insufficient validation of untrusted input in Omnibox
https://notcve.org/view.php?id=CVE-2020-6411
11 Feb 2020 — Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Una comprobación insuficiente de una entrada no confiable en Omnibox en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto realizar suplantación de dominios por medio de homógrafos IDN mediante de un nombre de dominio diseñado. Chromium is an open-source web browser, powered by WebKit. Thi... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3917
https://notcve.org/view.php?id=CVE-2010-3917
06 Feb 2020 — Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. Google Chrome versiones anteriores a 3.0 no maneja apropiadamente los documentos XML, lo que permite a atacantes remotos obtener información confidencial por medio de un sitio web diseñado. • http://jvn.jp/en/jp/JVN36765384/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-6378 – chromium-browser: use-after-free in speech recognizer
https://notcve.org/view.php?id=CVE-2020-6378
20 Jan 2020 — Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en speech en Google Chrome versiones anteriores a 79.0.3945.130, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute ... • https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6379 – chromium-browser: use-after-free in speech recognizer
https://notcve.org/view.php?id=CVE-2020-6379
20 Jan 2020 — Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en V8 en Google Chrome versiones anteriores a 79.0.3945.130, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrar... • https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6380 – chromium-browser: extension message verification error
https://notcve.org/view.php?id=CVE-2020-6380
20 Jan 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions en Google Chrome versiones anteriores a 79.0.3945.130, permitió a un atacante remoto que había comprometido el proceso del renderizador omitir el aislamiento del sitio por medio de una Extensión de Chrome diseñada. Multiple vulnerabilities have ... • https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •