CVE-2020-6380

HIGH

Google Chrome <79.0.3945.130 - Privilege Escalation

Title source: llm

Description

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html

Permissions Required x_refsource_misc

https://crbug.com/1032170

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202003-08

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/

Scores

CVSS v3 8.8

EPSS 0.0117

EPSS Percentile 63.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-863

Status published

Products (2)

fedoraproject/fedora 30

google/chrome < 79.0.3945.130

Published Feb 11, 2020

Tracked Since Feb 18, 2026