CVE-2020-15959

medium

Description

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html

https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html

https://crbug.com/1122684

https://lists.fedoraproject.org/archives/list/[email protected]/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/

https://lists.fedoraproject.org/archives/list/[email protected]/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/

https://security.gentoo.org/glsa/202101-30

https://www.debian.org/security/2021/dsa-4824

Details

Source: MITRE

Published: 2020-09-21

Updated: 2021-01-30

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.8

Severity: MEDIUM