CVE-2020-15959
Published: 21 September 2020
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
Notes
Author | Note |
---|---|
alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu |
mdeslaur | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
bionic |
Released
(85.0.4183.121-0ubuntu0.18.04.1)
|
focal |
Not vulnerable
(code not present)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(85.0.4183.102)
|
|
xenial |
Released
(85.0.4183.121-0ubuntu0.16.04.1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |