What is the severity of CVE-2020-15961?

CVE-2020-15961 is classified as a high severity vulnerability due to the potential for sandbox escape.

How do I fix CVE-2020-15961?

To fix CVE-2020-15961, upgrade to Google Chrome version 85.0.4183.121 or later.

What platforms are affected by CVE-2020-15961?

CVE-2020-15961 affects Google Chrome versions prior to 85.0.4183.121 and certain Linux packages including Debian, openSUSE, and Fedora.

What type of vulnerability is CVE-2020-15961?

CVE-2020-15961 is an insufficient policy validation vulnerability found in Chrome extensions.

Can CVE-2020-15961 be exploited remotely?

Yes, CVE-2020-15961 can be exploited if a user is convinced to install a malicious Chrome extension.

Vulnerability/
CVE-2020-15961

critical

9.6

10/8/2020

21/9/2020

4/8/2024

CVE-2020-15961: Insufficient policy enforcement in extensions

First published: Mon Aug 10 2020(Updated: )

Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Credit: chrome-cve-admin@google.com David Erceg

Affected Software	Affected Version	How to fix
debian/chromium		90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1
Google Chrome	<85.0.4183.121	85.0.4183.121
Google Chrome	<85.0.4183.121
openSUSE Backports	=15.0-sp1
openSUSE Backports	=15.0-sp2
openSUSE	=15.1
openSUSE	=15.2
Fedora	=31
Fedora	=32
Fedora	=33
Debian	=10.0

Remedy

https://crbug.com/1114636

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

8695274602893790168

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2020-15961?
CVE-2020-15961 is classified as a high severity vulnerability due to the potential for sandbox escape.
How do I fix CVE-2020-15961?
To fix CVE-2020-15961, upgrade to Google Chrome version 85.0.4183.121 or later.
What platforms are affected by CVE-2020-15961?
CVE-2020-15961 affects Google Chrome versions prior to 85.0.4183.121 and certain Linux packages including Debian, openSUSE, and Fedora.
What type of vulnerability is CVE-2020-15961?
CVE-2020-15961 is an insufficient policy validation vulnerability found in Chrome extensions.
Can CVE-2020-15961 be exploited remotely?
Yes, CVE-2020-15961 can be exploited if a user is convinced to install a malicious Chrome extension.

collector/security-tracker-debian
agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/description
agent/severity
agent/title
agent/author
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/chrome-releases
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/debian
vendor/google
canonical/google chrome
vendor/opensuse
canonical/opensuse backports
version/opensuse backports/15.0-sp1
version/opensuse backports/15.0-sp2
canonical/opensuse
version/opensuse/15.1
version/opensuse/15.2
vendor/fedoraproject
canonical/fedora
version/fedora/31
version/fedora/32
version/fedora/33
vendor/debian
canonical/debian
version/debian/10.0