Rewterz Threat Alert – Large Scale Attack Campaign Targets WordPress Database Credentials
June 4, 2020Rewterz Threat Alert – URSNIF and GOZI Delivery via Excel Macro 4.0
June 4, 2020Rewterz Threat Alert – Large Scale Attack Campaign Targets WordPress Database Credentials
June 4, 2020Rewterz Threat Alert – URSNIF and GOZI Delivery via Excel Macro 4.0
June 4, 2020Severity
Medium
Analysis Summary
CVE-2020-6493
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebAuthentication. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2020-6494
Google Chrome could allow a remote attacker to bypass security restrictions, caused by incorrect security UI in payments. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2020-6495
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in developer tools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2020-6496
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in payments. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Impact
- Execution arbitrary code
- Security bypass
Affected Vendors
Affected Products
Google Chrome 83
Remediation
Upgrade to the latest version of Google Chrome (83.0.4103.97 or later).