CVE-2020-6504

2020-06-0323:15:12

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.002

Percentile

55.5%

JSON

Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page.

OSVersionArchitecturePackageVersionFilename
Debian12allchromium< 74.0.3729.108-1chromium_74.0.3729.108-1_all.deb
Debian11allchromium< 74.0.3729.108-1chromium_74.0.3729.108-1_all.deb
Debian999allchromium< 74.0.3729.108-1chromium_74.0.3729.108-1_all.deb
Debian13allchromium< 74.0.3729.108-1chromium_74.0.3729.108-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	chromium	< 74.0.3729.108-1	chromium_74.0.3729.108-1_all.deb
Debian	11	all	chromium	< 74.0.3729.108-1	chromium_74.0.3729.108-1_all.deb
Debian	999	all	chromium	< 74.0.3729.108-1	chromium_74.0.3729.108-1_all.deb
Debian	13	all	chromium	< 74.0.3729.108-1	chromium_74.0.3729.108-1_all.deb