SB2020082525 - Multiple vulnerabilities in Google Chrome
Published: August 25, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6563)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in intent handling in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
2) Spoofing attack (CVE-ID: CVE-2020-6571)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Omnibox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
3) Cryptographic issues (CVE-ID: CVE-2020-6570)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to side-channel information leak in WebRTC. Chrome Low. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.
4) Integer overflow (CVE-ID: CVE-2020-6569)
The vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a integer overflow in WebUSB in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6568)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in intent handling in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
6) Input validation error (CVE-ID: CVE-2020-6567)
The vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a improper input validation in command line handling in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6566)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in media in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
8) Spoofing attack (CVE-ID: CVE-2020-6565)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Omnibox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
9) Spoofing attack (CVE-ID: CVE-2020-6564)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in permissions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6562)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Blink in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
11) Improperly implemented security check for standard (CVE-ID: CVE-2020-6561)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Content Security Policy in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6560)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in autofill in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
13) Use-after-free (CVE-ID: CVE-2020-6559)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the presentation API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-6558)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in iOS in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
Remediation
Install update from vendor's website.
References
- https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
- https://crbug.com/1104628
- https://crbug.com/1085315
- https://crbug.com/1084699
- https://crbug.com/995732
- https://crbug.com/1092451
- https://crbug.com/937179
- https://crbug.com/1065264
- https://crbug.com/1029907
- https://crbug.com/841622
- https://crbug.com/1086845
- https://crbug.com/932892
- https://crbug.com/1108181
- https://crbug.com/1116706
- https://crbug.com/1109120