CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6446 – chromium-browser: Insufficient policy enforcement in trusted types
https://notcve.org/view.php?id=CVE-2020-6446
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación insuficiente de la política en trusted types en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir una política de seguridad de contenido por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/933172 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedora • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6445 – chromium-browser: Insufficient policy enforcement in trusted types
https://notcve.org/view.php?id=CVE-2020-6445
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación insuficiente de la política en trusted types en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir una política de seguridad de contenido por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/933171 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedora • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 1CVE-2020-6444 – chromium-browser: Uninitialized use in WebRTC
https://notcve.org/view.php?id=CVE-2020-6444
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso no inicializado en WebRTC en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/922882 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedora • CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2020-6443 – chromium-browser: Insufficient data validation in developer tools
https://notcve.org/view.php?id=CVE-2020-6443
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. Una comprobación insuficiente de datos en developer tools en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto que había convencido al usuario de utilizar devtools ejecutar código arbitrario por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/1040080 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedor • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.3EPSS: 4%CPEs: 7EXPL: 1CVE-2020-6442 – chromium-browser: Inappropriate implementation in cache
https://notcve.org/view.php?id=CVE-2020-6442
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada en cache en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/1013906 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedor • CWE-668: Exposure of Resource to Wrong Sphere •