First published: Mon Feb 10 2020(Updated: )
An insufficient policy enforcement flaw was found in the storage component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1035399">https://code.google.com/p/chromium/issues/detail?id=1035399</a> External References: <a href="https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html">https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html</a>
Credit: chrome-cve-admin@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 | |
redhat/chromium-browser | <80.0.3987.87 | 80.0.3987.87 |
Google Chrome | <80.0.3987.87 | |
openSUSE Backports | =15.0-sp1 | |
Red Hat Fedora | =30 | |
Red Hat Fedora | =31 | |
Debian Linux | =9.0 | |
Debian Linux | =10.0 | |
SUSE Package Hub for SUSE Linux Enterprise | ||
SUSE Linux Enterprise Server | =12.0 | |
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Workstation | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-6385 is a vulnerability in Google Chrome that allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVE-2020-6385 has a severity rating of 8.8, which is considered high.
The affected software versions include Google Chrome prior to 80.0.3987.87, Debian Chromium, Red Hat Chromium Browser, openSUSE Backports SLE, Fedora, Debian Linux, SUSE Package Hub, SUSE Linux Enterprise, and Red Hat Enterprise Linux.
To fix CVE-2020-6385, ensure that you update your Google Chrome to version 80.0.3987.87 or later.
You can find more information about CVE-2020-6385 on the Debian Security Tracker and the Google Chromium issue tracker.