Google Chrome vulnerabilities

CVE-2020-6521 [MEDIUM] CVE-2020-6521: Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2020-6506 [MEDIUM] CVE-2020-6506: Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowe Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page.

CVE-2020-6528 [MEDIUM] CVE-2020-6528: Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote a Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2020-6514 [MEDIUM] CWE-200 CVE-2020-6514: Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

CVE-2020-6493 [CRITICAL] CWE-416 CVE-2020-6493: Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2011-1805 [HIGH] CWE-704 CVE-2011-1805: Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6419 [HIGH] CWE-787 CVE-2020-6419: Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potent Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6496 [HIGH] CWE-416 CVE-2020-6496: Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-6453 [HIGH] CWE-787 CVE-2020-6453: Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6495 [MEDIUM] CWE-276 CVE-2020-6495: Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2020-6500 [MEDIUM] CVE-2020-6500: Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remot Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2020-6497 [MEDIUM] CWE-276 CVE-2020-6497: Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a r Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI.

CVE-2020-6502 [MEDIUM] CWE-276 CVE-2020-6502: Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote atta Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVE-2011-2863 [MEDIUM] CWE-200 CVE-2011-2863: Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker t Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2020-6501 [MEDIUM] CWE-276 CVE-2020-6501: Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attac Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2020-6504 [MEDIUM] CWE-276 CVE-2020-6504: Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a r Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page.

CVE-2020-6503 [MEDIUM] CWE-209 CVE-2020-6503: Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remo Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2020-6499 [MEDIUM] CVE-2020-6499: Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote att Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page.

CVE-2020-6498 [MEDIUM] CWE-276 CVE-2020-6498: Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a r Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2020-6494 [MEDIUM] CVE-2020-6494: Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.