Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-21	CVE-2020-6478	Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google debian opensuse fedoraproject	6.5
2020-05-21	CVE-2020-6476	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. network low complexity google opensuse fedoraproject debian CWE-276	6.5
2020-05-21	CVE-2020-6475	Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google opensuse fedoraproject debian	6.5
2020-05-21	CVE-2020-6473	Information Exposure Through Discrepancy vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. network low complexity google fedoraproject opensuse debian CWE-203	6.5
2020-05-21	CVE-2020-6472	Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. network low complexity google fedoraproject opensuse debian	6.5
2020-05-21	CVE-2020-6470	Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. network low complexity google fedoraproject opensuse debian CWE-79	6.1
2020-05-21	CVE-2020-6464	Type Confusion vulnerability in multiple products Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network google debian opensuse CWE-843	6.8
2020-05-21	CVE-2020-6460	Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. network low complexity google debian	6.5
2020-05-21	CVE-2020-6459	Use After Free vulnerability in multiple products Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network google debian CWE-416	6.8
2020-05-20	CVE-2020-11078	CRLF Injection vulnerability in multiple products In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. network high complexity httplib2-project fedoraproject debian CWE-93	6.8