DEBIAN-CVE-2020-6506

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page...

CVE-2020-6506

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page...

UBUNTU-CVE-2020-6506

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page...

Design/Logic Flaw

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page...

CVE-2020-6506

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page...

CVE-2020-6506

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page...

CVE-2020-6506

CVE-2020-6506 affects Android WebView used by Google Chrome on Android, due to insufficient policy enforcement in WebView that allows bypassing site isolation via a crafted HTML page. The issue is categorized as a policy enforcement error in WebView, impacting the ability to enforce cross-origin/...

CVE-2020-6506

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page...

CVE-2020-5604

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

CVE-2020-5604

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

Design/Logic Flaw

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

CVE-2020-5604

CVE-2020-5604 affects the Android App “Mercari” (Japan version) prior to version 3.52.0. The vulnerability arises from inadequate restrictions on addJavascriptInterface in WebView, enabling a remote attacker to trigger arbitrary Java method execution via Java Reflection API from JavaScript code o...

CVE-2020-5604

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of the Java object

Overview Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability that an arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Taichi Kotake of Akatsuki Inc. reported this vulnerability to IPA. JPCERT/CC...

JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...

Debian: Security Advisory (DSA-4714-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

X (Formerly Twitter): Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506

Summary: CVSS score: 8.1 / High / CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Embargo notice: Do Not Disclose publicly until https://crbug.com/1083819 is disclosed. Twitter for Android is affected by a UXSS vulnerability due to its configuration of Android WebView and CVE-2020-6506. Vendor...

chromium-browser: Insufficient policy enforcement in WebView

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:0845-1 Rating: important References: 1173029 1173063 Cross-References: CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is now...

Google Chrome WebView Security Bypass Vulnerability

Google Chrome is a Web browser from Google, and WebView is a Webkit-based control for displaying Web pages. A security vulnerability exists in WebView in Google Chrome versions prior to 83.0.4103.106. The vulnerability can be exploited by an attacker to bypass security restrictions with the help ...