Vulnerability CVE-2020-6558

Vulnerability Name:

CVE-2020-6558 (CCN-187213)

Assigned:

2020-08-25

Published:

2020-08-25

Updated:

2022-04-28

Summary:

Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2020-6558

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1499

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1510

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1514

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update for Desktop

Source: MISC
Type: Vendor Advisory
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html

Source: MISC
Type: Third Party Advisory
https://crbug.com/1109120

Source: XF
Type: UNKNOWN
google-chrome-cve20206558-sec-bypass(187213)

Source: DEBIAN
Type: Third Party Advisory
DSA-4824

Vulnerable Configuration:

Configuration 1:

cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version < 85.0.4183.83)

AND

cpe:/o:apple:iphone_os:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

OR cpe:/a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*

OR cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20206558	V	CVE-2020-6558	2022-06-30
oval:org.opensuse.security:def:112066	P	chromedriver-93.0.4577.82-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:64833	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:64624	P	Security update for webkit2gtk3 (Important)	2021-12-02
oval:org.opensuse.security:def:64623	P	Security update for speex (Moderate)	2021-12-01
oval:org.opensuse.security:def:64803	P	Security update for postgresql13 (Important)	2021-11-22
oval:org.opensuse.security:def:64594	P	Security update for python-Pygments (Important)	2021-10-20
oval:org.opensuse.security:def:64593	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:105615	P	chromedriver-93.0.4577.82-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:63313	P	389-ds-1.4.4.14~git0.37dc95673-1.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63451	P	python2-Werkzeug-0.14.1-6.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63341	P	libmariadb-devel-3.1.12-3.25.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63479	P	lame-3.100-1.33 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62832	P	texlive-collection-basic-2017.135.svn41616-9.12.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63046	P	xorg-x11-server-sdk-1.20.3-22.5.30.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:64731	P	Security update for the Linux Kernel (Important)	2021-07-15
oval:org.opensuse.security:def:64891	P	Security update for kubevirt (Moderate)	2021-07-09
oval:org.opensuse.security:def:64528	P	Security update for postgresql10 (Moderate)	2021-06-14
oval:org.opensuse.security:def:63549	P	libproxy1-config-gnome3-0.4.15-2.42 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62860	P	libtidy-devel-5.4.0-1.34 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64701	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:64500	P	Recommended update for grub2 (Moderate)	2021-05-19
oval:org.opensuse.security:def:64487	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:63076	P	openldap2-2.4.46-9.3.1 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:63078	P	reiserfs-kmp-default-4.12.14-195.1 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:64457	P	Security update for OpenIPMI (Moderate)	2021-04-01
oval:org.opensuse.security:def:74566	P	Security update for gcc7 (Moderate)	2020-12-10
oval:org.opensuse.security:def:64272	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:63108	P	aws-cli-1.16.61-6.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62632	P	gdk-pixbuf-query-loaders-32bit-2.40.0-1.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63286	P	libxmltooling-devel-1.6.4-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62655	P	libXinerama1-32bit-1.1.3-1.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63579	P	gstreamer-plugins-ugly-1.12.5-1.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62660	P	libass-devel-0.14.0-1.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62631	P	gd-2.2.5-9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63111	P	apache2-mod_wsgi-4.5.18-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62683	P	libmodplug-devel-0.3.19-2.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63050	P	python2-numpy-gnu-hpc-1.14.0-2.105 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63053	P	libmunge2-0.5.14-4.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62659	P	libXvnc-devel-1.9.0-19.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63139	P	apache2-2.4.33-1.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63080	P	java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63256	P	bind-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63083	P	libncurses5-32bit-6.1-5.6.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64388	P	libssh-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64138	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:63705	P	Security update for vim (Important)	2020-12-01
oval:org.opensuse.security:def:74945	P	Security update for uftpd (Moderate)	2020-12-01
oval:org.opensuse.security:def:63752	P	Security update for polkit (Important)	2020-12-01
oval:org.opensuse.security:def:64374	P	libpulse-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64032	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:75078	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:63899	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:74440	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:64416	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64166	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:64128	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:63782	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:63929	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:74468	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:64861	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:64158	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:74594	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:64973	P	Security update for rubygem-bundler (Moderate)	2020-12-01
oval:org.opensuse.security:def:64244	P	ecryptfs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63677	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:74915	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:64346	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64004	P	Security update for log4j (Important)	2020-12-01
oval:org.opensuse.security:def:75048	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:65003	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:100236	P	(Moderate)	2020-10-28
oval:org.opensuse.security:def:93523	P	Security update for chromium (Important)	2020-09-24
oval:org.opensuse.security:def:109713	P	Security update for chromium (Important)	2020-09-23
oval:org.opensuse.security:def:96366	P	Security update for chromium (Important)	2020-09-23
oval:org.opensuse.security:def:103056	P	Security update for chromium (Important)	2020-09-23
oval:org.opensuse.security:def:110218	P	Security update for chromium (Important)	2020-09-22
oval:org.opensuse.security:def:110773	P	Security update for chromium (Important)	2020-09-22
oval:org.opensuse.security:def:93509	P	Security update for chromium (Important)	2020-09-03
oval:org.opensuse.security:def:100222	P	Security update for chromium (Important)	2020-09-03
oval:org.opensuse.security:def:109699	P	Security update for chromium (Important)	2020-09-02
oval:org.opensuse.security:def:96352	P	Security update for chromium (Important)	2020-09-02
oval:org.opensuse.security:def:103042	P	Security update for chromium (Important)	2020-09-02
oval:org.opensuse.security:def:110190	P	Security update for chromium (Important)	2020-09-01
oval:org.opensuse.security:def:110743	P	Security update for chromium (Important)	2020-08-31

BACK