First published: Tue Nov 03 2020(Updated: )
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
Credit: chrome-cve-admin@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Chrome | <86.0.4240.75 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
Debian Debian Linux | =10.0 | |
openSUSE Backports SLE | =15.0-sp2 | |
debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-15985 is medium with a CVSS score of 6.5.
A remote attacker can exploit CVE-2020-15985 by spoofing security UI via a crafted HTML page.
Google Chrome versions prior to 86.0.4240.75, Fedora versions 31, 32, and 33, Debian Linux version 10.0, and certain versions of Chromium are affected.
You can find more information about CVE-2020-15985 at the following references: http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html, https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html, and https://crbug.com/1099276.
To fix CVE-2020-15985, update to Google Chrome version 86.0.4240.75 or later, or apply the appropriate updates for Fedora, Debian, or Chromium as mentioned in the references.