PT-2020-6530 · Google+2 · Google Chrome+2

Published

2020-06-17

Updated

2024-06-15

CVE-2020-6506

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 83.0.4103.106

Description The issue is related to insufficient policy enforcement in the WebView component, allowing a remote attacker to bypass site isolation. This can be achieved via a crafted HTML page, potentially leading to security restrictions being bypassed. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For Google Chrome on Android versions prior to 83.0.4103.106, update to version 83.0.4103.106 or later to resolve the issue. As a temporary workaround, consider restricting the use of the WebView component until a patch is applied.

Fix

Incorrect Authorization

XSS

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-79CWE-358

Related Identifiers

BDU:2021-06063

CVE-2020-6506

DSA-4714-1

DSA-4714-2

DSA-4714-3

GHSA-36J3-XXF7-4PQG

OPENSUSE-SU-2020:0845-1

OPENSUSE-SU-2020:0856-1

OPENSUSE-SU-2020:0893-1

OPENSUSE-SU-2020_0845-1

OPENSUSE-SU-2020_0893-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2020:2643

RHSA-2020_2643

Affected Products

Google Chrome

Red Hat

Suse

PT-2020-6530 · Google+2 · Google Chrome+2

CVE-2020-6506

Weakness Enumeration

Related Identifiers

Affected Products

References · 2366