Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-D73BC4E6-E7C4-11EA-A878-E09467587C17 (CVE-2020-6564): chromium -- multiple vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-D73BC4E6-E7C4-11EA-A878-E09467587C17 (CVE-2020-6564): chromium -- multiple vulnerabilities

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
08/25/2020
Created
08/29/2020
Added
08/27/2020
Modified
10/20/2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-D73BC4E6-E7C4-11EA-A878-E09467587C17:

Chrome Releases reports:

This update includes 20 security fixes, including:

[1109120] High CVE-2020-6558: Insufficient policy

enforcement in iOS. Reported by Alison Huffman, Microsoft Browser

Vulnerability Research on 2020-07-24

[1116706] High CVE-2020-6559: Use after free in presentation

API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu

Lab on 2020-08-15

[1108181] Medium CVE-2020-6560: Insufficient policy

enforcement in autofill. Reported by Nadja Ungethuem from

www.unnex.de on 2020-07-22

[932892] Medium CVE-2020-6561: Inappropriate implementation

in Content Security Policy. Reported by Rob Wu on 2019-02-16

[1086845] Medium CVE-2020-6562: Insufficient policy

enforcement in Blink. Reported by Masato Kinugawa on

2020-05-27

[1104628] Medium CVE-2020-6563: Insufficient policy

enforcement in intent handling. Reported by Pedro Oliveira on

2020-07-12

[841622] Medium CVE-2020-6564: Incorrect security UI in

permissions. Reported by Khalil Zhani on 2018-05-10

[1029907] Medium CVE-2020-6565: Incorrect security UI in

Omnibox. Reported by Khalil Zhani on 2019-12-02

[1065264] Medium CVE-2020-6566: Insufficient policy

enforcement in media. Reported by Jun Kokatsu, Microsoft Browser

Vulnerability Research on 2020-03-27

[937179] Low CVE-2020-6567: Insufficient validation of

untrusted input in command line handling. Reported by Joshua

Graham of TSS on 2019-03-01

[1092451] Low CVE-2020-6568: Insufficient policy enforcement

in intent handling. Reported by Yongke Wang(@Rudykewang) and

Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08

[995732] Low CVE-2020-6569: Integer overflow in WebUSB.

Reported by guaixiaomei on 2019-08-20

[1084699] Low CVE-2020-6570: Side-channel information leakage

in WebRTC. Reported by Signal/Tenable on 2020-05-19

[1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox.

Reported by Rayyan Bijoora on 2020-05-21

Solution(s)

  • freebsd-upgrade-package-chromium

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;