CVSS: 9.6EPSS: 0%CPEs: 9EXPL: 1CVE-2020-15961 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-15961
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Una comprobación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa llevar a cabo potencialmente un escape del sandbox por medio de una Chrome Extension diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1114636 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6574 – chromium-browser: Insufficient policy enforcement in installer
https://notcve.org/view.php?id=CVE-2020-6574
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Una aplicación insuficiente de la política en installer en Google Chrome en OS X versiones anteriores a 85.0.4183.102, permitía a un atacante local alcanzar potencialmente una escalada de privilegios por medio de un binario diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html https://crbug.com/1102196 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKB •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16873 – Xamarin.Forms Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2020-16873
<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p> Una vulnerabilidad de suplantación de identidad se manifiesta en Microsoft Xamarin.Forms debido a la configuración predeterminada en Android WebView versiones anteriores a 83.0.4103.106, también se conoce como "Xamarin.Forms Spoofing Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16873 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-15959 – chromium-browser: Insufficient policy enforcement in networking
https://notcve.org/view.php?id=CVE-2020-15959
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. Una aplicación insuficiente de la política en networking en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante que convenció al usuario de habilitar el registro para obtener información potencialmente confidencial de la memoria del proceso por medio de ingeniería social • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html https://crbug.com/1122684 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKB •
CVSS: 9.6EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6573 – chromium-browser: Use after free in video
https://notcve.org/view.php?id=CVE-2020-6573
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en video en Google Chrome en Android versiones anteriores a 85.0.4183.102, permitía a un atacante remoto que había comprometido el proceso del renderizador potencialmente llevar a cabo un escape del sandbox por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html https://crbug.com/1116304 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKB • CWE-416: Use After Free •