Vulnerabilities > Google > Chrome > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-21 CVE-2020-6562 Cross-site Scripting vulnerability in multiple products
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-79
6.5
6.5
2020-09-21 CVE-2020-6561 Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject
6.5
6.5
2020-09-21 CVE-2020-6560 Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject
6.5
6.5
2020-09-21 CVE-2020-6558 Cross-site Scripting vulnerability in multiple products
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google opensuse debian CWE-79
6.5
6.5
2020-09-21 CVE-2020-6547 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-1021
6.5
6.5
2020-09-21 CVE-2020-6538 Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian fedoraproject
6.5
6.5
2020-09-21 CVE-2020-15966 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
network
low complexity
google debian opensuse fedoraproject
4.3
4.3
2020-09-21 CVE-2020-15959 Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
network
low complexity
google opensuse fedoraproject debian
4.3
4.3
2020-07-22 CVE-2020-6536 Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.
network
low complexity
google debian opensuse fedoraproject
4.3
4.3
2020-07-22 CVE-2020-6535 Cross-site Scripting vulnerability in multiple products
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.
network
low complexity
google opensuse debian fedoraproject CWE-79
6.1
6.1