Google Chrome vulnerabilities

CVE-2020-6558 [MEDIUM] CWE-79 CVE-2020-6558: Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a re Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6538 [MEDIUM] CVE-2020-6538: Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6563 [MEDIUM] CVE-2020-6563: Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

CVE-2020-15959 [MEDIUM] CVE-2020-15959: Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an att Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

CVE-2020-6562 [MEDIUM] CWE-79 CVE-2020-6562: Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote att Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6568 [MEDIUM] CVE-2020-6568: Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6571 [MEDIUM] CWE-20 CVE-2020-6571: Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote atta Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2020-6564 [MEDIUM] CWE-281 CVE-2020-6564: Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

CVE-2020-15966 [MEDIUM] CVE-2020-15966: Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an att Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

CVE-2020-6561 [MEDIUM] CVE-2020-6561: Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allow Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6560 [MEDIUM] CVE-2020-6560: Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6565 [MEDIUM] CVE-2020-6565: Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remo Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2020-6569 [MEDIUM] CWE-190 CVE-2020-6569: Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6567 [MEDIUM] CWE-20 CVE-2020-6567: Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prio Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6522 [CRITICAL] CVE-2020-6522: Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 al Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-6505 [CRITICAL] CWE-416 CVE-2020-6505: Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potent Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-6509 [CRITICAL] CWE-416 CVE-2020-6509: Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinc Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2020-6515 [HIGH] CWE-416 CVE-2020-6515: Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to pote Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6507 [HIGH] CWE-20 CVE-2020-6507: Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to poten Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6520 [HIGH] CWE-787 CVE-2020-6520: Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentia Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.