CVE-2020-16012 – Mozilla: Variable time processing of cross-origin images during drawImage calls
https://notcve.org/view.php?id=CVE-2020-16012
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Un filtrado de información de canal lateral en graphics en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • https://github.com/aleksejspopovs/cve-2020-16012 https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/1088224 https://access.redhat.com/security/cve/CVE-2020-16012 https://bugzilla.redhat.com/show_bug.cgi?id=1898732 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2020-16013 – Google Chromium V8 Incorrect Implementation Vulnerabililty
https://notcve.org/view.php?id=CVE-2020-16013
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en V8 en Google Chrome versiones anteriores a 86.0.4240.198, permitió a un atacante remoto explotar potencialmente una corrupción de la memoria por medio de una página HTML diseñada Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html https://crbug.com/1147206 https://access.redhat.com/security/cve/CVE-2020-16013 https://bugzilla.redhat.com/show_bug.cgi?id=1897206 • CWE-358: Improperly Implemented Security Check for Standard CWE-787: Out-of-bounds Write •
CVE-2020-16017 – Google Chrome Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-16017
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en site isolation en Google Chrome versiones anteriores a 86.0.4240.198, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html https://crbug.com/1146709 https://access.redhat.com/security/cve/CVE-2020-16017 https://bugzilla.redhat.com/show_bug.cgi?id=1897207 • CWE-416: Use After Free •
CVE-2020-16016 – chromium-browser: Inappropriate implementation in base
https://notcve.org/view.php?id=CVE-2020-16016
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Una implementación inapropiada en base de Google Chrome versiones anteriores a 86.0.4240.193, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html https://crbug.com/1146679 https://access.redhat.com/security/cve/CVE-2020-16016 https://bugzilla.redhat.com/show_bug.cgi?id=1896641 •
CVE-2020-6557 – chromium-browser: Inappropriate implementation in networking
https://notcve.org/view.php?id=CVE-2020-6557
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Una implementación inapropiada en networking en Google Chrome anterior a versión 86.0.4240.75, permitió a un atacante remoto llevar a cabo una suplantación de dominio por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html https://crbug.com/1083278 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5P •