FreeBSD: VID-D73BC4E6-E7C4-11EA-A878-E09467587C17 (CVE-2020-6558): chromium -- multiple vulnerabilities

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-D73BC4E6-E7C4-11EA-A878-E09467587C17:

Chrome Releases reports:

This update includes 20 security fixes, including:

[1109120] High CVE-2020-6558: Insufficient policy

enforcement in iOS. Reported by Alison Huffman, Microsoft Browser

Vulnerability Research on 2020-07-24

[1116706] High CVE-2020-6559: Use after free in presentation

API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu

Lab on 2020-08-15

[1108181] Medium CVE-2020-6560: Insufficient policy

enforcement in autofill. Reported by Nadja Ungethuem from

www.unnex.de on 2020-07-22

[932892] Medium CVE-2020-6561: Inappropriate implementation

in Content Security Policy. Reported by Rob Wu on 2019-02-16

[1086845] Medium CVE-2020-6562: Insufficient policy

enforcement in Blink. Reported by Masato Kinugawa on


[1104628] Medium CVE-2020-6563: Insufficient policy

enforcement in intent handling. Reported by Pedro Oliveira on


[841622] Medium CVE-2020-6564: Incorrect security UI in

permissions. Reported by Khalil Zhani on 2018-05-10

[1029907] Medium CVE-2020-6565: Incorrect security UI in

Omnibox. Reported by Khalil Zhani on 2019-12-02

[1065264] Medium CVE-2020-6566: Insufficient policy

enforcement in media. Reported by Jun Kokatsu, Microsoft Browser

Vulnerability Research on 2020-03-27

[937179] Low CVE-2020-6567: Insufficient validation of

untrusted input in command line handling. Reported by Joshua

Graham of TSS on 2019-03-01

[1092451] Low CVE-2020-6568: Insufficient policy enforcement

in intent handling. Reported by Yongke Wang(@Rudykewang) and

Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08

[995732] Low CVE-2020-6569: Integer overflow in WebUSB.

Reported by guaixiaomei on 2019-08-20

[1084699] Low CVE-2020-6570: Side-channel information leakage

in WebRTC. Reported by Signal/Tenable on 2020-05-19

[1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox.

Reported by Rayyan Bijoora on 2020-05-21


