Lucene search

[email protected]CVE-2020-15959

HistorySep 21, 2020 - 8:15 p.m.

CVE-2020-15959

2020-09-2120:15:12

[email protected]

web.nvd.nist.gov

156

google chrome

cve-2020-15959

insufficient policy enforcement

networking

security vulnerability

process memory

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.8%

JSON

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

Affected configurations

Vulners

NVD

Node

googlechromeRange<85.0.4183.102

CPENameOperatorVersion
google:chromegoogle chromelt85.0.4183.102

CPE	Name	Operator	Version
google:chrome	google chrome	lt	85.0.4183.102

CNA Affected

[
  {
    "product": "Chrome",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "85.0.4183.102",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]