CVE-2020-6560: Insufficient policy enforcement in autofill
First published: Wed Jul 22 2020(Updated: )
Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Credit: chrome-cve-admin@google.com Nadja Ungethuem www
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 | |
| Google Chrome | <85.0.4183.83 | |
| openSUSE Backports SLE | =15.0-sp1 | |
| openSUSE Backports SLE | =15.0-sp2 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =33 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| Google Chrome | <85.0.4183.83 | 85.0.4183.83 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2020-6560
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html
- https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html (Advisory)
- https://crbug.com/1108181
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/
- https://www.debian.org/security/2021/dsa-4824
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-6560.
What software is affected by this vulnerability?
Google Chrome prior to version 85.0.4183.83, openSUSE Backports SLE 15.0-sp1 and 15.0-sp2, Debian Linux 10.0, Fedoraproject Fedora 33, openSUSE Leap 15.1 and 15.2, and chromium package in Debian.
What is the severity of CVE-2020-6560?
The severity of CVE-2020-6560 is medium with a CVSS score of 6.5.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by crafting a malicious HTML page to leak cross-origin data.
How can I fix CVE-2020-6560?
To fix CVE-2020-6560, update Google Chrome to version 85.0.4183.83 or later, update openSUSE Backports SLE, Debian Linux, Fedoraproject Fedora, and openSUSE Leap to the appropriate patched versions, and update the chromium package in Debian.
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- collector/chrome-releases
- agent/software-canonical-lookup
- agent/severity
- agent/author
- agent/title
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/google
- canonical/google chrome
- vendor/opensuse
- canonical/opensuse backports sle
- version/opensuse backports sle/15.0-sp1
- version/opensuse backports sle/15.0-sp2
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2