CVE-2020-15959

MEDIUM

Google Chrome <85.0.4183.102 - Info Disclosure

Title source: llm
STIX 2.1

Description

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

References (10)

Core 10
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://crbug.com/1122684
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4824
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202101-30

Scores

CVSS v3 4.3
EPSS 0.0088
EPSS Percentile 75.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

Status published
Products (7)
debian/debian_linux 10.0
fedoraproject/fedora 31
fedoraproject/fedora 33
google/chrome < 85.0.4183.102
opensuse/backports_sle 15.0 sp1 (2 CPE variants)
opensuse/leap 15.1
opensuse/leap 15.2
Published Sep 21, 2020
Tracked Since Feb 18, 2026