What is CVE-2020-6412?

CVE-2020-6412 is a vulnerability in Google Chrome that allows a remote attacker to perform domain spoofing via IDN homographs.

What is the severity of CVE-2020-6412?

The severity of CVE-2020-6412 is medium, with a CVSS score of 5.4.

Which software versions are affected by CVE-2020-6412?

Google Chrome prior to version 80.0.3987.87 is affected by CVE-2020-6412.

How can I fix CVE-2020-6412?

To fix CVE-2020-6412, update Google Chrome to version 80.0.3987.87 or later.

Where can I find more information about CVE-2020-6412?

More information about CVE-2020-6412 can be found at the following references: [https://security-tracker.debian.org/tracker/CVE-2020-6412](https://security-tracker.debian.org/tracker/CVE-2020-6412), [http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html](http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html), [http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html](http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html).

Vulnerability/
CVE-2020-6412

medium

5.8

CWE

10/2/2020

11/2/2020

4/8/2024

CVE-2020-6412: Input Validation

First published: Mon Feb 10 2020(Updated: )

An insufficient validation of untrusted input flaw was found in the Omnibox component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=968505">https://code.google.com/p/chromium/issues/detail?id=968505</a> External References: <a href="https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html">https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html</a>

Credit: chrome-cve-admin@google.com

Affected Software	Affected Version	How to fix
redhat/chromium-browser	<80.0.3987.87	80.0.3987.87
Google Chrome	<80.0.3987.87
openSUSE Backports SLE	=15.0-sp1
debian/chromium		90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-6412?
CVE-2020-6412 is a vulnerability in Google Chrome that allows a remote attacker to perform domain spoofing via IDN homographs.
What is the severity of CVE-2020-6412?
The severity of CVE-2020-6412 is medium, with a CVSS score of 5.4.
Which software versions are affected by CVE-2020-6412?
Google Chrome prior to version 80.0.3987.87 is affected by CVE-2020-6412.
How can I fix CVE-2020-6412?
To fix CVE-2020-6412, update Google Chrome to version 80.0.3987.87 or later.
Where can I find more information about CVE-2020-6412?
More information about CVE-2020-6412 can be found at the following references: [https://security-tracker.debian.org/tracker/CVE-2020-6412](https://security-tracker.debian.org/tracker/CVE-2020-6412), [http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html](http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html), [http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html](http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html).

collector/security-tracker-debian
agent/type
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/author
agent/severity
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-6412
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/tags
agent/description
agent/event
agent/trending
package-manager/debian
vendor/google
canonical/google chrome
vendor/opensuse
canonical/opensuse backports sle
version/opensuse backports sle/15.0-sp1
package-manager/redhat