CVE-2020-15959

Severity

43%

Complexity

27%

Confidentiality

23%

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

CVSS 3.1 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Overview

Type

OpenSUSE

First reported 4 years ago

2020-09-21 20:15:00

Last updated 4 years ago

2020-10-23 18:15:00

Affected Software

OpenSUSE Backports SLE 15.0 Service Pack 1

15.0

OpenSUSE Leap 15.1

15.1

References

https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html

https://crbug.com/1122684

openSUSE-SU-2020:1499

openSUSE-SU-2020:1510

openSUSE-SU-2020:1514

openSUSE-SU-2020:1499

Third Party Advisory

openSUSE-SU-2020:1510

Third Party Advisory

openSUSE-SU-2020:1514

Third Party Advisory

https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html

Release Notes, Vendor Advisory

https://crbug.com/1122684

Permissions Required, Vendor Advisory

FEDORA-2020-2d994b986d

FEDORA-2020-aea86f913e

openSUSE-SU-2020:1713

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.