7440 matches found
chromium-browser: Insufficient policy enforcement in developer tools
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...
chromium-browser: Insufficient policy enforcement in developer tools
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
chromium-browser: Insufficient policy enforcement in developer tools
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
chromium-browser: Inappropriate implementation in developer tools
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page...
CVE-2020-0202
In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2020-0202
In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
PT-2020-11560 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-11 Description: In the onHandleIntent method of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux - January 2020
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by Rational Developer for i and Version 7 that is used by Rational Developer for AIX and Linux. These issues were disclosed as part of the IBM Java SDK updates in October 2019 CVE-2019-2949,...
KLA11812 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Diagnostic Hub...
FreeBSD : chromium -- multiple vulnerabilities (a2caf7bd-a719-11ea-a857-e09467587c17)
Chrome Releases reports : This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. - 1082105 High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13 - 1083972 High CVE-2020-6494: Incorrect security UI in...
[ASA-202006-3] chromium: multiple issues
Arch Linux Security Advisory ASA-202006-3 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1178 Summary =====...
CVE-2020-6495
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
Google Chrome Security Update (stable-channel-update-for-desktop-2020-06) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Google Chrome Developer Tools Sandbox Bypass Vulnerability
Google Chrome is a web browser from Google, and Developer Tools is one of the developer tools components. A security vulnerability exists in Developer Tools in versions of Google Chrome prior to 83.0.4103.97, which stems from the program's failure to fully enforce policies. The vulnerability can ...
Design/Logic Flaw
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
UBUNTU-CVE-2020-6495
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
CVE-2020-6495
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
CVE-2020-6495
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. 1082105 High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13 1083972 High CVE-2020-6494: Incorrect security UI in...
CVE-2020-12406
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird 68.9.0, Firefox 77, and Firefox ESR 68.9...