Main Vulnerability Database Vulnerabilities #VU29883

#VU29883 Improper access control in Google Chrome - CVE-2020-6516

Published: July 14, 2020 / Updated: April 18, 2021

Vulnerability identifier: #VU29883

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2020-6516

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Google Chrome

Software vendor:
Google

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions in CORS. A remote attacker can create a specially crafted web page, trick the victim into visiting it, bypass implemented security restrictions and gain unauthorized access to sensitive information or manipulate data.

Remediation

Update to version 84.0.4147.89.

External links

https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
https://crbug.com/1092449