Google Chrome Web browser
@googlechrome Tweets
Thu Jul 09 20:04:48 +0000 2020
By the Year
In 2020 there have been 127 vulnerabilities in Google Chrome with an average score of 7.4 out of ten. Last year Chrome had 303 security vulnerabilities published. Right now, Chrome is on track to have less security vulerabilities in 2020 than it did last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 0.30.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 127 | 7.38 |
| 2019 | 303 | 7.07 |
| 2018 | 113 | 7.06 |
It may take a day or so for new Chrome vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Google Chrome Security Vulnerabilities
Bad cast in CSS in Google Chrome prior to 11.0.0.0
CVE-2011-1805
8.8 - High
- June 03, 2020
Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2011-1805 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Incorrect Type Conversion or Cast
Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0
CVE-2011-2863
6.5 - Medium
- June 03, 2020
Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2011-2863 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92
CVE-2020-6419
8.8 - High
- June 03, 2020
Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6419 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162
CVE-2020-6453
8.8 - High
- June 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6453 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Memory Corruption
Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87
CVE-2020-6499
6.5 - Medium
- June 03, 2020
Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page.
CVE-2020-6499 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87
CVE-2020-6500
6.5 - Medium
- June 03, 2020
Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6500 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87
CVE-2020-6501
6.5 - Medium
- June 03, 2020
Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6501 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87
CVE-2020-6502
6.5 - Medium
- June 03, 2020
Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-6502 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108
CVE-2020-6504
4.3 - Medium
- June 03, 2020
Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page.
CVE-2020-6504 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Incorrect Default Permissions
Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108
CVE-2020-6503
6.5 - Medium
- June 03, 2020
Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2020-6503 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97
CVE-2020-6493
9.6 - Critical
- June 03, 2020
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6493 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Dangling pointer
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97
CVE-2020-6495
6.5 - Medium
- June 03, 2020
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-6495 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113
CVE-2020-6457
9.6 - Critical
- May 21, 2020
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6457 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Dangling pointer
Use after free in payments in Google Chrome prior to 81.0.4044.122
CVE-2020-6459
8.8 - High
- May 21, 2020
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6459 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122
CVE-2020-6460
6.5 - Medium
- May 21, 2020
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.
CVE-2020-6460 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Use after free in storage in Google Chrome prior to 81.0.4044.129
CVE-2020-6461
9.6 - Critical
- May 21, 2020
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6461 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Dangling pointer
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129
CVE-2020-6462
9.6 - Critical
- May 21, 2020
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6462 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Dangling pointer
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122
CVE-2020-6458
8.8 - High
- May 21, 2020
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2020-6458 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
Type confusion in Blink in Google Chrome prior to 81.0.4044.138
CVE-2020-6464
8.8 - High
- May 21, 2020
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6464 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Object Type Confusion
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122
CVE-2020-6463
8.8 - High
- May 21, 2020
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6463 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61
CVE-2020-6465
9.6 - Critical
- May 21, 2020
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6465 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Dangling pointer
Use after free in media in Google Chrome prior to 83.0.4103.61
CVE-2020-6466
9.6 - Critical
- May 21, 2020
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6466 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Dangling pointer
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61
CVE-2020-6467
8.8 - High
- May 21, 2020
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6467 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Type confusion in V8 in Google Chrome prior to 83.0.4103.61
CVE-2020-6468
8.8 - High
- May 21, 2020
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6468 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Object Type Confusion
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61
CVE-2020-6469
9.6 - Critical
- May 21, 2020
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-6469 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Incorrect Default Permissions
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61
CVE-2020-6470
6.1 - Medium
- May 21, 2020
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.
CVE-2020-6470 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61
CVE-2020-6471
9.6 - Critical
- May 21, 2020
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-6471 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Incorrect Default Permissions
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61
CVE-2020-6472
6.5 - Medium
- May 21, 2020
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.
CVE-2020-6472 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61
CVE-2020-6473
6.5 - Medium
- May 21, 2020
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2020-6473 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Use after free in Blink in Google Chrome prior to 83.0.4103.61
CVE-2020-6474
8.8 - High
- May 21, 2020
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6474 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61
CVE-2020-6475
6.5 - Medium
- May 21, 2020
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-6475 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61
CVE-2020-6476
6.5 - Medium
- May 21, 2020
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
CVE-2020-6476 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61
CVE-2020-6478
6.5 - Medium
- May 21, 2020
Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-6478 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61
CVE-2020-6479
6.5 - Medium
- May 21, 2020
Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-6479 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61
CVE-2020-6480
5 - Medium
- May 21, 2020
Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.
CVE-2020-6480 is exploitable with local system access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.3 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61
CVE-2020-6481
6.5 - Medium
- May 21, 2020
Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name.
CVE-2020-6481 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61
CVE-2020-6482
6.5 - Medium
- May 21, 2020
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
CVE-2020-6482 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61
CVE-2020-6483
6.5 - Medium
- May 21, 2020
Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6483 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61
CVE-2020-6484
6.5 - Medium
- May 21, 2020
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.
CVE-2020-6484 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61
CVE-2020-6486
6.5 - Medium
- May 21, 2020
Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6486 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61
CVE-2020-6487
6.5 - Medium
- May 21, 2020
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6487 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61
CVE-2020-6488
4.3 - Medium
- May 21, 2020
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6488 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Incorrect Default Permissions
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61
CVE-2020-6489
4.3 - Medium
- May 21, 2020
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.
CVE-2020-6489 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Information Leak
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61
CVE-2020-6490
4.3 - Medium
- May 21, 2020
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.
CVE-2020-6490 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Exposure of Resource to Wrong Sphere
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61
CVE-2020-6491
6.5 - Medium
- May 21, 2020
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name.
CVE-2020-6491 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162
CVE-2020-6450
8.8 - High
- April 13, 2020
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6450 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162
CVE-2020-6451
8.8 - High
- April 13, 2020
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6451 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162
CVE-2020-6452
8.8 - High
- April 13, 2020
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6452 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
Use after free in audio in Google Chrome prior to 81.0.4044.92
CVE-2020-6423
8.8 - High
- April 13, 2020
Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6423 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Type Confusion in V8 in Google Chrome prior to 81.0.4044.92
CVE-2020-6430
8.8 - High
- April 13, 2020
Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6430 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Object Type Confusion
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92
CVE-2020-6431
4.3 - Medium
- April 13, 2020
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-6431 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Incorrect Default Permissions
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92
CVE-2020-6432
4.3 - Medium
- April 13, 2020
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6432 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92
CVE-2020-6433
4.3 - Medium
- April 13, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6433 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Use after free in devtools in Google Chrome prior to 81.0.4044.92
CVE-2020-6434
8.8 - High
- April 13, 2020
Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6434 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92
CVE-2020-6435
4.3 - Medium
- April 13, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6435 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Use after free in window management in Google Chrome prior to 81.0.4044.92
CVE-2020-6436
8.8 - High
- April 13, 2020
Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6436 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92
CVE-2020-6437
4.3 - Medium
- April 13, 2020
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
CVE-2020-6437 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92
CVE-2020-6438
4.3 - Medium
- April 13, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
CVE-2020-6438 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Information Leak
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92
CVE-2020-6439
8.8 - High
- April 13, 2020
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
CVE-2020-6439 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Incorrect Default Permissions
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92
CVE-2020-6440
4.3 - Medium
- April 13, 2020
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
CVE-2020-6440 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92
CVE-2020-6441
4.3 - Medium
- April 13, 2020
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
CVE-2020-6441 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Incorrect Default Permissions
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92
CVE-2020-6442
4.3 - Medium
- April 13, 2020
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6442 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Exposure of Resource to Wrong Sphere
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92
CVE-2020-6443
8.8 - High
- April 13, 2020
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
CVE-2020-6443 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Insufficient Verification of Data Authenticity
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92
CVE-2020-6444
6.3 - Medium
- April 13, 2020
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6444 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Out-of-bounds Write
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92
CVE-2020-6445
6.5 - Medium
- April 13, 2020
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6445 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92
CVE-2020-6446
6.5 - Medium
- April 13, 2020
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6446 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Incorrect Default Permissions
Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92
CVE-2020-6447
8.8 - High
- April 13, 2020
Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6447 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Memory Corruption
Use after free in V8 in Google Chrome prior to 81.0.4044.92
CVE-2020-6448
8.8 - High
- April 13, 2020
Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6448 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Use after free in extensions in Google Chrome prior to 81.0.4044.92
CVE-2020-6454
8.8 - High
- April 13, 2020
Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2020-6454 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92
CVE-2020-6455
8.8 - High
- April 13, 2020
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6455 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Read
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92
CVE-2020-6456
6.5 - Medium
- April 13, 2020
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.
CVE-2020-6456 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Incorrect Default Permissions
Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132
CVE-2020-6420
8.8 - High
- March 23, 2020
Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2020-6420 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Input Validation
Use after free in WebGL in Google Chrome prior to 80.0.3987.149
CVE-2020-6422
8.8 - High
- March 23, 2020
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6422 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Use after free in media in Google Chrome prior to 80.0.3987.149
CVE-2020-6424
8.8 - High
- March 23, 2020
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6424 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149
CVE-2020-6425
5.4 - Medium
- March 23, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
CVE-2020-6425 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149
CVE-2020-6426
6.5 - Medium
- March 23, 2020
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6426 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Memory Corruption
Use after free in audio in Google Chrome prior to 80.0.3987.149
CVE-2020-6427
8.8 - High
- March 23, 2020
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6427 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Use after free in audio in Google Chrome prior to 80.0.3987.149
CVE-2020-6428
8.8 - High
- March 23, 2020
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6428 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Use after free in audio in Google Chrome prior to 80.0.3987.149
CVE-2020-6429
8.8 - High
- March 23, 2020
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6429 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Use after free in audio in Google Chrome prior to 80.0.3987.149
CVE-2020-6449
8.8 - High
- March 23, 2020
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6449 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1
CVE-2020-10531
8.8 - High
- March 12, 2020
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
CVE-2020-10531 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Integer Overflow or Wraparound
Type confusion in V8 in Google Chrome prior to 80.0.3987.116
CVE-2020-6383
8.8 - High
- February 27, 2020
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6383 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Object Type Confusion
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116
CVE-2020-6384
8.8 - High
- February 27, 2020
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6384 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Use after free in speech in Google Chrome prior to 80.0.3987.116
CVE-2020-6386
8.8 - High
- February 27, 2020
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6386 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122
CVE-2020-6407
8.8 - High
- February 27, 2020
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6407 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
Type confusion in V8 in Google Chrome prior to 80.0.3987.122
CVE-2020-6418
6.5 - Medium
- February 27, 2020
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6418 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Object Type Confusion
Use after free in speech in Google Chrome prior to 79.0.3945.130
CVE-2020-6378
8.8 - High
- February 11, 2020
Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6378 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Use after free in V8 in Google Chrome prior to 79.0.3945.130
CVE-2020-6379
8.8 - High
- February 11, 2020
Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6379 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130
CVE-2020-6380
8.8 - High
- February 11, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.
CVE-2020-6380 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Input Validation
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87
CVE-2020-6381
8.8 - High
- February 11, 2020
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6381 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Integer Overflow or Wraparound
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87
CVE-2020-6382
8.8 - High
- February 11, 2020
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6382 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Object Type Confusion
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87
CVE-2020-6385
8.8 - High
- February 11, 2020
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVE-2020-6385 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Input Validation
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87
CVE-2020-6387
8.8 - High
- February 11, 2020
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
CVE-2020-6387 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87
CVE-2020-6388
8.8 - High
- February 11, 2020
Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6388 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Memory Corruption
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87
CVE-2020-6389
8.8 - High
- February 11, 2020
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
CVE-2020-6389 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87
CVE-2020-6390
8.8 - High
- February 11, 2020
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6390 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Memory Corruption
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6391
4.3 - Medium
- February 11, 2020
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6391 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Improper Input Validation
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87
CVE-2020-6392
4.3 - Medium
- February 11, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
CVE-2020-6392 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Improper Input Validation
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6393
6.5 - Medium
- February 11, 2020
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6393 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Improper Input Validation
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87
CVE-2020-6394
5.4 - Medium
- February 11, 2020
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6394 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation