CVE-2020-15959: Insufficient policy enforcement in networking
First published: Thu Aug 27 2020(Updated: )
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
Credit: chrome-cve-admin@google.com Eric Lawrence Microsoft
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 | |
| Google Chrome | <85.0.4183.102 | 85.0.4183.102 |
| Google Chrome | <85.0.4183.102 | |
| openSUSE Backports | =15.0-sp1 | |
| openSUSE Backports | =15.0-sp2 | |
| openSUSE | =15.1 | |
| openSUSE | =15.2 | |
| Fedora | =31 | |
| Fedora | =33 | |
| Debian | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2020-15959
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html
- https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html (Advisory)
- https://crbug.com/1122684
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/
- https://security.gentoo.org/glsa/202101-30
- https://www.debian.org/security/2021/dsa-4824
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2020-15959?
CVE-2020-15959 has a medium severity rating due to the potential for sensitive information disclosure through social engineering.
How do I fix CVE-2020-15959?
To mitigate CVE-2020-15959, update Google Chrome to version 85.0.4183.102 or later.
Which versions of Google Chrome are affected by CVE-2020-15959?
CVE-2020-15959 affects Google Chrome versions before 85.0.4183.102.
Can attackers exploit CVE-2020-15959 remotely?
CVE-2020-15959 requires user interaction to enable logging, making it a social engineering exploit rather than a direct remote attack.
Is CVE-2020-15959 applicable to Linux distributions?
Yes, CVE-2020-15959 is applicable to multiple Linux distributions that use affected versions of Google Chrome.
- collector/security-tracker-debian
- agent/type
- agent/title
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/chrome-releases
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- vendor/google
- canonical/google chrome
- vendor/opensuse
- canonical/opensuse backports
- version/opensuse backports/15.0-sp1
- version/opensuse backports/15.0-sp2
- canonical/opensuse
- version/opensuse/15.1
- version/opensuse/15.2
- vendor/fedoraproject
- canonical/fedora
- version/fedora/31
- version/fedora/33
- vendor/debian
- canonical/debian
- version/debian/10.0