CVE-2020-15959
Publication date 21 September 2020
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
Status
Package | Ubuntu Release | Status |
---|---|---|
chromium-browser | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic |
Fixed 85.0.4183.121-0ubuntu0.18.04.1
|
|
16.04 LTS xenial |
Fixed 85.0.4183.121-0ubuntu0.16.04.1
|
|
14.04 LTS trusty | Not in release |
Notes
alexmurray
The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur
starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.3 · Medium |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |