CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2020-6438 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-6438
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions de Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante, que convenció a un usuario para instalar una extensión maliciosa, obtener información potencialmente confidencial desde la memoria del proceso por medio de una Extensión de Chrome diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/714617 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedora • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2020-6437 – chromium-browser: Inappropriate implementation in WebView
https://notcve.org/view.php?id=CVE-2020-6437
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. Una implementación inapropiada en WebView en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto falsificar la Interfaz de Usuario de seguridad por medio de una aplicación diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/639173 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedora •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6436 – chromium-browser: Use after free in window management
https://notcve.org/view.php?id=CVE-2020-6436
Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en window management en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/1034519 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedor • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6435 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-6435
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en extensions de Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto quien había comprometido el proceso de renderización omitir las restricciones de navegación por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/1032158 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedor •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6433 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-6433
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en extensions de Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/1043965 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedor •