CVE-2020-15959: Insufficient policy enforcement in networking
First published: Thu Aug 27 2020(Updated: )
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
Credit: chrome-cve-admin@google.com Eric Lawrence Microsoft
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 | |
| Google Chrome | <85.0.4183.102 | |
| openSUSE Backports SLE | =15.0-sp1 | |
| openSUSE Backports SLE | =15.0-sp2 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =33 | |
| Debian Debian Linux | =10.0 | |
| Google Chrome | <85.0.4183.102 | 85.0.4183.102 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2020-15959
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html
- https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html (Advisory)
- https://crbug.com/1122684
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/
- https://security.gentoo.org/glsa/202101-30
- https://www.debian.org/security/2021/dsa-4824
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- collector/chrome-releases
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/author
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/google
- canonical/google chrome
- vendor/opensuse
- canonical/opensuse backports sle
- version/opensuse backports sle/15.0-sp1
- version/opensuse backports sle/15.0-sp2
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/33
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0