CVE-2020-6437

CVE-2020-6437 affects the WebView component in Chromium/Google Chrome prior to 81.0.4044.92. An inappropriate implementation/implementation error in WebView allowed a remote attacker to spoof the security UI via a crafted application. The issue is fixed upstream in 81.0.4044.92 (Debian notes also...

CVE-2020-6437

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application...

Unspecified Vulnerability in Google Chrome WebView

Google Chrome is a Web browser from Google, and WebView is a Webkit-based control for displaying Web pages. An unspecified vulnerability exists in Google Chrome WebView. An attacker can exploit this vulnerability with a specially crafted application to bypass security restrictions...

[ASA-202004-9] chromium: multiple issues

Arch Linux Security Advisory ASA-202004-9 ========================================= Severity: High Date : 2020-04-08 CVE-ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: This updates includes 32 security fixes, including: 1019161 High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29 1043446 High CVE-2020-6423: Use after free in audio. Reported by Anonymous on...

CVE-2020-9443

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82...

Design/Logic Flaw

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82...

CVE-2020-9443

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82...

CVE-2020-9443

CVE-2020-9443 affects Zulip Desktop prior to 4.0.3. The issue arises from loading untrusted content in an Electron webview with web security disabled, enabling cross-site scripting (XSS) in multiple ways. The vulnerability notably impacts Zulip Desktop 2.3.82. The public documentation notes this ...

(Pwn2Own) Xiaomi Mi9 Browser Untrusted Site Redirection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Xiaom...

CVE-2020-9530

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...

CVE-2020-9530

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...

Design/Logic Flaw

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...

VulnCheck KEV: CVE-2018-1000136

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node...

CVE-2014-4968

The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636...

Design/Logic Flaw

The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636...

CVE-2014-4968

The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636...

CVE-2014-4968

The CVE-2014-4968 entry corresponds to a vulnerability in Boat Browser for Android (versions 8.0 and 8.0.1) where the WebView.addJavascriptInterface usage in the app’s WebView allows remote code execution via a crafted web site. This is related to CVE-2012-6636. Exploit details are publicly docum...

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

CVE-2019-0219

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...