CVE-2020-6527 – chromium-browser: Insufficient policy enforcement in CSP
https://notcve.org/view.php?id=CVE-2020-6527
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación insuficiente de la política en CSP en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante remoto omitir la política de seguridad de contenido por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/992698 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH2 • CWE-276: Incorrect Default Permissions •
CVE-2020-6528 – chromium-browser: Incorrect security UI in basic auth
https://notcve.org/view.php?id=CVE-2020-6528
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una Interfaz de Usuario de seguridad incorrecta en basic auth en Google Chrome en iOS versiones anteriores a 84.0.4147.89, permitió a un atacante remoto falsificar el contenido del Omnibox (barra URL) por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1063690 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH •
CVE-2020-6526 – chromium-browser: Inappropriate implementation in iframe sandbox
https://notcve.org/view.php?id=CVE-2020-6526
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una implementación inapropiada en iframe sandbox en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1074340 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH •
CVE-2020-6525 – chromium-browser: Heap buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2020-6525
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en Skia en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1091670 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH • CWE-787: Out-of-bounds Write •
CVE-2020-6524 – chromium-browser: Heap buffer overflow in WebAudio
https://notcve.org/view.php?id=CVE-2020-6524
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en WebAudio en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1081722 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH • CWE-787: Out-of-bounds Write •