What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-15973.

What is the severity of CVE-2020-15973?

The severity of CVE-2020-15973 is medium with a severity score of 6.5.

Which software versions are affected by this vulnerability?

Google Chrome versions prior to 86.0.4240.75, Fedora 31, Fedora 32, Fedora 33, openSUSE Backports SLE 15.0-sp2, Debian Debian Linux 10.0, and Chromium versions 90.0.4430.212-1~deb10u1, 116.0.5845.180-1~deb11u1, 118.0.5993.117-1~deb11u1, 116.0.5845.180-1~deb12u1, 118.0.5993.117-1~deb12u1, 118.0.5993.117-1, and 119.0.6045.105-1 are affected.

How can an attacker exploit this vulnerability?

An attacker can exploit this vulnerability by convincing a user to install a malicious extension, which allows them to bypass the same origin policy via a crafted Chrome Extension.

Vulnerability/
CVE-2020-15973

medium

6.5

17/7/2020

3/11/2020

4/8/2024

CVE-2020-15973: Insufficient policy enforcement in extensions

Q: What is the title of the vulnerability?

The title of the vulnerability is 'Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker to bypass same origin policy via a crafted Chrome Extension'.

First published: Fri Jul 17 2020(Updated: )

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.

Credit: chrome-cve-admin@google.com David Erceg

Affected Software	Affected Version	How to fix
debian/chromium		90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1
Google Chrome	<86.0.4240.75	86.0.4240.75
Google Chrome	<86.0.4240.75
Fedora	=31
Fedora	=32
Fedora	=33
openSUSE Backports	=15.0-sp2
Debian	=10.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

7211503174014671839

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-15973.
What is the title of the vulnerability?
The title of the vulnerability is 'Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker to bypass same origin policy via a crafted Chrome Extension'.
What is the severity of CVE-2020-15973?
The severity of CVE-2020-15973 is medium with a severity score of 6.5.
Which software versions are affected by this vulnerability?
Google Chrome versions prior to 86.0.4240.75, Fedora 31, Fedora 32, Fedora 33, openSUSE Backports SLE 15.0-sp2, Debian Debian Linux 10.0, and Chromium versions 90.0.4430.212-1~deb10u1, 116.0.5845.180-1~deb11u1, 118.0.5993.117-1~deb11u1, 116.0.5845.180-1~deb12u1, 118.0.5993.117-1~deb12u1, 118.0.5993.117-1, and 119.0.6045.105-1 are affected.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by convincing a user to install a malicious extension, which allows them to bypass the same origin policy via a crafted Chrome Extension.

collector/security-tracker-debian
agent/type
agent/title
agent/severity
agent/author
agent/first-publish-date
agent/description
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/chrome-releases
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/debian
vendor/google
canonical/google chrome
vendor/fedoraproject
canonical/fedora
version/fedora/31
version/fedora/32
version/fedora/33
vendor/opensuse
canonical/opensuse backports
version/opensuse backports/15.0-sp2
vendor/debian
canonical/debian
version/debian/10.0