CVE-2020-6516

MEDIUM

Google Chrome <84.0.4147.89 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-6516. PoCs published by CENSUS.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2021-24027, leveraging Man-in-the-Disk (MitD) and Man-in-the-Middle (MitM) techniques to exploit WhatsApp for Android. The exploit uses Frida to hook WhatsApp, send phishing messages, and exfiltrate session files via an HTTP server.

Description

Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exploits (1)

nomisec WORKING POC 147 stars
by CENSUS · poc
https://github.com/CENSUS/whatsapp-mitd-mitm

This repository contains a functional exploit PoC for CVE-2021-24027, leveraging Man-in-the-Disk (MitD) and Man-in-the-Middle (MitM) techniques to exploit WhatsApp for Android. The exploit uses Frida to hook WhatsApp, send phishing messages, and exfiltrate session files via an HTTP server.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Complex
Reliability
Reliable
Target: WhatsApp for Android (2.20.206.22)
No auth needed
Prerequisites: Android device with WhatsApp 2.20.206.22 · Frida server installed on the device · Root access for certain operations
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (10)

Core 10
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://crbug.com/1092449
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202007-08
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4824

Scores

CVSS v3 4.3
EPSS 0.0476
EPSS Percentile 90.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

Status published
Products (7)
debian/debian_linux 10.0
fedoraproject/fedora 31
fedoraproject/fedora 32
google/chrome < 84.0.4147.89
opensuse/backports_sle 15.0 sp1 (2 CPE variants)
opensuse/leap 15.1
opensuse/leap 15.2
Published Jul 22, 2020
Tracked Since Feb 18, 2026