CVE-2020-6460Google Chrome vulnerability

9 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 27.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeChromiumDebian Chromium+2 more
Timeline
PublishedMay 21
Latest updateMay 24

Description

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5google/chromeunspecified81.0.4044.122
NVDgoogle/chrome< 81.0.4044.122
debiandebian/chromium< chromium 83.0.4103.83-1 (bookworm)
Debianchromium/chromium< 83.0.4103.83-1+3

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-q8rg-q7w2-67vv: Insufficient data validation in URL formatting in Google Chrome prior to 812022-05-24
OSV
CVE-2020-6460: Insufficient data validation in URL formatting in Google Chrome prior to 812020-05-21

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2020-64592020-04-21
Red Hat
chromium-browser: Insufficient data validation in URL formatting2020-04-21
Debian
CVE-2020-6460: chromium - Insufficient data validation in URL formatting in Google Chrome prior to 81.0.40...2020

💬Community

3
Bugzilla
CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 chromium: various flaws [epel-all]2020-04-23
Bugzilla
CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 chromium: various flaws [fedora-all]2020-04-23
Bugzilla
CVE-2020-6460 chromium-browser: Insufficient data validation in URL formatting2020-04-23