vulnerability

FreeBSD: VID-D73BC4E6-E7C4-11EA-A878-E09467587C17 (CVE-2020-6558): chromium -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Aug 25, 2020	Aug 27, 2020	Oct 20, 2020

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Aug 25, 2020

Added

Aug 27, 2020

Modified

Oct 20, 2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-D73BC4E6-E7C4-11EA-A878-E09467587C17:

Chrome Releases reports:

This update includes 20 security fixes, including:

[1109120] High CVE-2020-6558: Insufficient policy

enforcement in iOS. Reported by Alison Huffman, Microsoft Browser

Vulnerability Research on 2020-07-24

[1116706] High CVE-2020-6559: Use after free in presentation

API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu

Lab on 2020-08-15

[1108181] Medium CVE-2020-6560: Insufficient policy

enforcement in autofill. Reported by Nadja Ungethuem from

www.unnex.de on 2020-07-22

[932892] Medium CVE-2020-6561: Inappropriate implementation

in Content Security Policy. Reported by Rob Wu on 2019-02-16

[1086845] Medium CVE-2020-6562: Insufficient policy

enforcement in Blink. Reported by Masato Kinugawa on

2020-05-27

[1104628] Medium CVE-2020-6563: Insufficient policy

enforcement in intent handling. Reported by Pedro Oliveira on

2020-07-12

[841622] Medium CVE-2020-6564: Incorrect security UI in

permissions. Reported by Khalil Zhani on 2018-05-10

[1029907] Medium CVE-2020-6565: Incorrect security UI in

Omnibox. Reported by Khalil Zhani on 2019-12-02

[1065264] Medium CVE-2020-6566: Insufficient policy

enforcement in media. Reported by Jun Kokatsu, Microsoft Browser

Vulnerability Research on 2020-03-27

[937179] Low CVE-2020-6567: Insufficient validation of

untrusted input in command line handling. Reported by Joshua

Graham of TSS on 2019-03-01

[1092451] Low CVE-2020-6568: Insufficient policy enforcement

in intent handling. Reported by Yongke Wang(@Rudykewang) and

Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08

[995732] Low CVE-2020-6569: Integer overflow in WebUSB.

Reported by guaixiaomei on 2019-08-20

[1084699] Low CVE-2020-6570: Side-channel information leakage

in WebRTC. Reported by Signal/Tenable on 2020-05-19

[1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox.

Reported by Rayyan Bijoora on 2020-05-21

Solution

freebsd-upgrade-package-chromium

References

NVD-CVE-2020-6558

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today