Vulnerabilities > CVE-2020-6494

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
google
debian
opensuse
nessus

Summary

Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Vulnerable Configurations

Part Description Count
Application
Google
5620
Application
Opensuse
1
OS
Google
1
OS
Debian
1
OS
Opensuse
1

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A2CAF7BDA71911EAA857E09467587C17.NASL
    descriptionChrome Releases reports : This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. - [1082105] High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13 - [1083972] High CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen on 2020-05-18 - [1072116] High CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-18 - [1085990] High CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani on 2020-05-24
    last seen2020-06-11
    modified2020-06-08
    plugin id137216
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137216
    titleFreeBSD : chromium -- multiple vulnerabilities (a2caf7bd-a719-11ea-a857-e09467587c17)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_83_0_4103_97.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 83.0.4103.97. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_06_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-03
    plugin id137081
    published2020-06-03
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137081
    titleGoogle Chrome < 83.0.4103.97 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_83_0_4103_97.NASL
    descriptionThe version of Google Chrome installed on the remote macOS host is prior to 83.0.4103.97. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_06_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-03
    plugin id137080
    published2020-06-03
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137080
    titleGoogle Chrome < 83.0.4103.97 Multiple Vulnerabilities