CVE-2020-6385
First published: Mon Feb 10 2020(Updated: )
An insufficient policy enforcement flaw was found in the storage component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1035399">https://code.google.com/p/chromium/issues/detail?id=1035399</a> External References: <a href="https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html">https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html</a>
Credit: chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 | |
| redhat/chromium-browser | <80.0.3987.87 | 80.0.3987.87 |
| Google Chrome | <80.0.3987.87 | |
| openSUSE Backports | =15.0-sp1 | |
| Red Hat Fedora | =30 | |
| Red Hat Fedora | =31 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| SUSE Package Hub for SUSE Linux Enterprise | ||
| SUSE Linux Enterprise Server | =12.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2020-6385
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
- https://access.redhat.com/errata/RHSA-2020:0514
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
- https://crbug.com/1035399
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
- https://security.gentoo.org/glsa/202003-08
- https://www.debian.org/security/2020/dsa-4638
- https://code.google.com/p/chromium/issues/detail?id=1035399
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1801839
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1801838
- https://access.redhat.com/security/cve/cve-2020-6385
- https://bugzilla.redhat.com/show_bug.cgi?id=1801162
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
Frequently Asked Questions
What is CVE-2020-6385?
CVE-2020-6385 is a vulnerability in Google Chrome that allowed a remote attacker to bypass site isolation via a crafted HTML page.
How severe is CVE-2020-6385?
CVE-2020-6385 has a severity rating of 8.8, which is considered high.
Which software versions are affected by CVE-2020-6385?
The affected software versions include Google Chrome prior to 80.0.3987.87, Debian Chromium, Red Hat Chromium Browser, openSUSE Backports SLE, Fedora, Debian Linux, SUSE Package Hub, SUSE Linux Enterprise, and Red Hat Enterprise Linux.
How can I fix CVE-2020-6385?
To fix CVE-2020-6385, ensure that you update your Google Chrome to version 80.0.3987.87 or later.
Where can I find more information about CVE-2020-6385?
You can find more information about CVE-2020-6385 on the Debian Security Tracker and the Google Chromium issue tracker.
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-6385
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- package-manager/redhat
- vendor/google
- canonical/google chrome
- vendor/opensuse
- canonical/opensuse backports
- version/opensuse backports/15.0-sp1
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/30
- version/red hat fedora/31
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/suse
- canonical/suse package hub for suse linux enterprise
- canonical/suse linux enterprise server
- version/suse linux enterprise server/12.0
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0