rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-6446 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2020-6445 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2020-6444 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6443 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. | ||
| CVE-2020-6442 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2020-6441 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | ||
| CVE-2020-6440 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. | ||
| CVE-2020-6439 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | ||
| CVE-2020-6438 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. | ||
| CVE-2020-6437 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. | ||
| CVE-2020-6436 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6435 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2020-6434 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6433 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2020-6432 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2020-6431 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2020-6430 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6423 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 13, 2020 | Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6425 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Mar 23, 2020 | Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. | ||
| CVE-2020-6429 | — | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Mar 20, 2020 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
- CVE-2020-6446Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- CVE-2020-6445Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- CVE-2020-6444Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6443Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
- CVE-2020-6442Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- CVE-2020-6441Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
- CVE-2020-6440Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
- CVE-2020-6439Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
- CVE-2020-6438Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
- CVE-2020-6437Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
- CVE-2020-6436Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6435Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
- CVE-2020-6434Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6433Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- CVE-2020-6432Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- CVE-2020-6431Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
- CVE-2020-6430Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6423Apr 13, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6425Mar 23, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
- CVE-2020-6429Mar 20, 2020affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Page 136 of 203