CVE-2020-15959Google Chrome vulnerability

10 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Linux+3 more
Timeline
PublishedSep 21
Latest updateMay 24

Description

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5google/chromeunspecified85.0.4183.102
NVDgoogle/chrome< 85.0.4183.102
Debianchromium/chromium< 87.0.4280.88-0.1+3
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 10.0, Fedora 31, 33

🔴Vulnerability Details

3
GHSA
GHSA-7jfj-2652-mwfw: Insufficient policy enforcement in networking in Google Chrome prior to 852022-05-24
CVEList
CVE-2020-15959: Insufficient policy enforcement in networking in Google Chrome prior to 852020-09-21
OSV
CVE-2020-15959: Insufficient policy enforcement in networking in Google Chrome prior to 852020-09-21

📋Vendor Advisories

3
Red Hat
chromium-browser: Insufficient policy enforcement in networking2020-09-08
Chrome
Stable Channel Update for Desktop: CVE-2020-65762020-09-08
Debian
CVE-2020-15959: chromium - Insufficient policy enforcement in networking in Google Chrome prior to 85.0.418...2020

💬Community

3
Bugzilla
CVE-2020-15959 chromium-browser: Insufficient policy enforcement in networking2020-09-08
Bugzilla
CVE-2020-15959 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 chromium: various flaws [fedora-all]2020-09-08
Bugzilla
CVE-2020-15959 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 chromium: various flaws [epel-all]2020-09-08
CVE-2020-15959 — Google Chrome vulnerability | cvebase