CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
92.9%
Chrome Releases reports:
This update includes 20 security fixes, including:
[1109120] High CVE-2020-6558: Insufficient policy
enforcement in iOS. Reported by Alison Huffman, Microsoft Browser
Vulnerability Research on 2020-07-24
[1116706] High CVE-2020-6559: Use after free in presentation
API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu
Lab on 2020-08-15
[1108181] Medium CVE-2020-6560: Insufficient policy
enforcement in autofill. Reported by Nadja Ungethuem from
www.unnex.de on 2020-07-22
[932892] Medium CVE-2020-6561: Inappropriate implementation
in Content Security Policy. Reported by Rob Wu on 2019-02-16
[1086845] Medium CVE-2020-6562: Insufficient policy
enforcement in Blink. Reported by Masato Kinugawa on
2020-05-27
[1104628] Medium CVE-2020-6563: Insufficient policy
enforcement in intent handling. Reported by Pedro Oliveira on
2020-07-12
[841622] Medium CVE-2020-6564: Incorrect security UI in
permissions. Reported by Khalil Zhani on 2018-05-10
[1029907] Medium CVE-2020-6565: Incorrect security UI in
Omnibox. Reported by Khalil Zhani on 2019-12-02
[1065264] Medium CVE-2020-6566: Insufficient policy
enforcement in media. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2020-03-27
[937179] Low CVE-2020-6567: Insufficient validation of
untrusted input in command line handling. Reported by Joshua
Graham of TSS on 2019-03-01
[1092451] Low CVE-2020-6568: Insufficient policy enforcement
in intent handling. Reported by Yongke Wang(@Rudykewang) and
Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08
[995732] Low CVE-2020-6569: Integer overflow in WebUSB.
Reported by guaixiaomei on 2019-08-20
[1084699] Low CVE-2020-6570: Side-channel information leakage
in WebRTC. Reported by Signal/Tenable on 2020-05-19
[1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox.
Reported by Rayyan Bijoora on 2020-05-21
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
92.9%