CVE-2020-6519

CVE-2020-6519

EPSS 11.3%

Vexday Risk Score

28Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 11.3%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado

Lifecycle

22 Jul 2020Published on NVD

09 Aug 2020Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Affected products

Google · Chrome

public PoCs found — 3

githubgithub.com/PerimeterX/CVE-2020-6519★ 25 cve_referencepacketstormsecurity.com/files/160353/Chromium-83-CSP-Bypass.htmlunverified exploitdbwww.exploit-db.com/exploits/49195unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html http://packetstormsecurity.com/files/160353/Chromium-83-CSP-Bypass.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1064676 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/https://security.gentoo.org/glsa/202007-08 https://www.debian.org/security/2021/dsa-4824