CVE-2020-36765Google Chrome vulnerability

5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 72.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google ChromeChromiumDebian Chromium+1 more
Timeline
PublishedJul 16
Latest updateJul 17

Description

Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5google/chrome85.0.4183.8385.0.4183.83
NVDgoogle/chrome< 85.0.4183.83
debiandebian/chromium< chromium 87.0.4280.88-0.1 (bookworm)
Debianchromium/chromium< 87.0.4280.88-0.1+3

🔴Vulnerability Details

2
GHSA
GHSA-w9pj-xq5c-35w2: Insufficient policy enforcement in Navigation in Google Chrome prior to 852024-07-17
OSV
CVE-2020-36765: Insufficient policy enforcement in Navigation in Google Chrome prior to 852024-07-16

📋Vendor Advisories

2
Chrome
Stable Channel Update for Desktop: CVE-2020-65642020-08-25
Debian
CVE-2020-36765: chromium - Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.418...2020
CVE-2020-36765 — Google Chrome vulnerability | cvebase