CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-15959 – chromium-browser: Insufficient policy enforcement in networking
https://notcve.org/view.php?id=CVE-2020-15959
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. Una aplicación insuficiente de la política en networking en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante que convenció al usuario de habilitar el registro para obtener información potencialmente confidencial de la memoria del proceso por medio de ingeniería social • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html https://crbug.com/1122684 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKB •
CVSS: 6.5EPSS: 2%CPEs: 7EXPL: 0CVE-2020-6562 – chromium-browser: Insufficient policy enforcement in Blink
https://notcve.org/view.php?id=CVE-2020-6562
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de la política en Blink en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html https://crbug.com/1086845 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT https://security.gentoo.org/glsa/202101-30 https:/&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 1CVE-2020-6569 – chromium-browser: Integer overflow in WebUSB
https://notcve.org/view.php?id=CVE-2020-6569
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en WebUSB en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto que había comprometido el proceso del renderizador potencialmente explotar una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html https://crbug.com/995732 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT https://security.gentoo.org/glsa/202101-30 https:/&#x • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2020-6563 – chromium-browser: Insufficient policy enforcement in intent handling
https://notcve.org/view.php?id=CVE-2020-6563
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. Una aplicación insuficiente de la política en el manejo de intent en Google Chrome en Android versiones anteriores a 85.0.4183.83, permitía a un atacante remoto obtener información potencialmente confidencial del disco por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html https://crbug.com/1104628 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT https://www.debian.org/security/2021/dsa-4824 https: •
CVSS: 6.5EPSS: 2%CPEs: 7EXPL: 0CVE-2020-6561 – chromium-browser: Inappropriate implementation in Content Security Policy
https://notcve.org/view.php?id=CVE-2020-6561
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada en Content Security Policy en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html https://crbug.com/932892 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT https://security.gentoo.org/glsa/202101-30 https:/&#x • CWE-358: Improperly Implemented Security Check for Standard •