Multiple vulnerabilities in Google Chrome
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2020-6563 CVE-2020-6571 CVE-2020-6570 CVE-2020-6569 CVE-2020-6568 CVE-2020-6567 CVE-2020-6566 CVE-2020-6565 CVE-2020-6564 CVE-2020-6562 CVE-2020-6561 CVE-2020-6560 CVE-2020-6559 CVE-2020-6558 |
| CWE-ID | CWE-264 CWE-451 CWE-310 CWE-190 CWE-20 CWE-358 CWE-416 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #14 is available. |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU46051
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-6563
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in intent handling in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1104628
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
2) Spoofing attack
EUVDB-ID: #VU46057
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-6571
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Omnibox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1085315
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
3) Cryptographic issues
EUVDB-ID: #VU46056
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-6570
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to side-channel information leak in WebRTC. Chrome Low. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1084699
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
4) Integer overflow
EUVDB-ID: #VU46065
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-6569
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a integer overflow in WebUSB in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/995732
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU46055
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-6568
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in intent handling in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1092451
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
6) Input validation error
EUVDB-ID: #VU46064
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-6567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a improper input validation in command line handling in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/937179
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU46054
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-6566
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in media in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1065264
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
8) Spoofing attack
EUVDB-ID: #VU46053
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-6565
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Omnibox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1029907
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
9) Spoofing attack
EUVDB-ID: #VU46052
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-6564
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in permissions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/841622
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU46050
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-6562
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Blink in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1086845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
11) Improperly implemented security check for standard
EUVDB-ID: #VU46049
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-6561
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Content Security Policy in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/932892
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
12) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU46048
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-6560
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in autofill in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1108181
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
13) Use-after-free
EUVDB-ID: #VU46047
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-6559
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the presentation API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1116706
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
14) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU46046
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-6558
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in iOS in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
MitigationUpdate to version 85.0.4183.83.
Vulnerable software versionsGoogle Chrome: 81.0.4044.129 - 84.0.4147.135
CPE2.3 External linkshttp://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
http://crbug.com/1109120
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
