PT-2020-5672 · Google+3 · Google Chrome+3

Gal Weizman

Published

2020-07-14

Updated

2025-09-29

CVE-2020-6519

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 84.0.4147.89

Description A policy bypass issue in the Content Security Policy (CSP) component of Google Chrome allowed a remote attacker to bypass content security policy via a crafted HTML page. The vulnerability is related to incorrect access control, which could allow a remote attacker to impact data integrity. It is estimated that almost every website in the world was at risk due to this issue. The vulnerability could potentially expose passwords in plain text through the user interface or in local files.

Recommendations For Google Chrome versions prior to 84.0.4147.89, update to version 84.0.4147.89 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and avoiding the use of plain text passwords in local files until the update is applied.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2025_16880

ALT-PU-2020-2453

ALT-PU-2020-2468

ALT-PU-2020-3144

ALT-PU-2021-1210

ALT-PU-2021-1379

BDU:2021-01469

CVE-2020-6519

DSA-4824-1

OPENSUSE-SU-2020:1020-1

OPENSUSE-SU-2020:1021-1

OPENSUSE-SU-2020:1048-1

OPENSUSE-SU-2020:1061-1

OPENSUSE-SU-2020:1148-1

OPENSUSE-SU-2020:1172-1

OPENSUSE-SU-2020_1020-1

OPENSUSE-SU-2020_1021-1

OPENSUSE-SU-2020_1148-1

OPENSUSE-SU-2020_1172-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2020:3377

RHSA-2020_3377

Affected Products

Alt Linux

Google Chrome

Red Hat

Suse

PT-2020-5672 · Google+3 · Google Chrome+3

CVE-2020-6519

Weakness Enumeration

Related Identifiers

Affected Products

References · 2355