What is the vulnerability ID?

The vulnerability ID is CVE-2020-15980.

What is the severity of CVE-2020-15980?

The severity of CVE-2020-15980 is high with a CVSS score of 7.8.

What software is affected by CVE-2020-15980?

Google Chrome on Android prior to version 86.0.4240.75 is affected by CVE-2020-15980.

How can a local attacker exploit this vulnerability?

A local attacker can exploit this vulnerability by bypassing navigation restrictions via crafted Intents.

Vulnerability/
CVE-2020-15980

high

7.8

8/6/2020

3/11/2020

4/8/2024

CVE-2020-15980: Insufficient policy enforcement in Intents

Q: What is the title of the vulnerability?

The title of the vulnerability is 'Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed…'

First published: Mon Jun 08 2020(Updated: )

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.

Credit: chrome-cve-admin@google.com Yongke Wang @Rudykewang Tencent Security Xuanwu LabAryb1n @aryb1n Tencent Security Xuanwu Lab

Affected Software	Affected Version	How to fix
debian/chromium		90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1
Google Chrome	<86.0.4240.75
Google Android
openSUSE Backports SLE	=15.0-sp2
Fedoraproject Fedora	=31
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
Debian Debian Linux	=10.0
Google Chrome	<86.0.4240.75	86.0.4240.75

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

7211503174014671839

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2020-15980.
What is the title of the vulnerability?
The title of the vulnerability is 'Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed…'
What is the severity of CVE-2020-15980?
The severity of CVE-2020-15980 is high with a CVSS score of 7.8.
What software is affected by CVE-2020-15980?
Google Chrome on Android prior to version 86.0.4240.75 is affected by CVE-2020-15980.
How can a local attacker exploit this vulnerability?
A local attacker can exploit this vulnerability by bypassing navigation restrictions via crafted Intents.

collector/security-tracker-debian
agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/last-modified-date
collector/chrome-releases
agent/software-canonical-lookup
agent/title
agent/severity
agent/author
agent/references
agent/softwarecombine
agent/first-publish-date
agent/description
agent/event
agent/tags
collector/mitre-cve
source/MITRE
package-manager/debian
vendor/google
canonical/google chrome
canonical/google android
vendor/opensuse
canonical/opensuse backports sle
version/opensuse backports sle/15.0-sp2
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/31
version/fedoraproject fedora/32
version/fedoraproject fedora/33
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0