CVE-2020-36765: 
Google Chrome vulnerability analysis and mitigation

Insufficient policy enforcement in Navigation in Google Chrome prior to version 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability was discovered by Jun Kokatsu (@shhnjk) and reported on April 12, 2018. This security issue was assigned CVE-2020-36765 and was rated as Medium severity by the Chromium security team (Chrome Release).

The vulnerability involved a bypass of SameSite cookie protections through the use of custom schemes (specifically the googlechrome:// scheme). The issue allowed navigation requests to bypass security controls, potentially leading to cross-origin data leaks. The vulnerability received a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

The vulnerability could allow attackers to bypass SameSite cookie protections and leak cross-origin data, potentially compromising user privacy and security through cross-site request forgery attacks (Chrome Issue).

The vulnerability was fixed in Chrome version 85.0.4183.83. Users should update to this version or later to receive the security fix. The fix involved disallowing navigation to or embedding of googlechrome:// URLs (Chrome Release).

The vulnerability was awarded a $1000 bounty through the Chrome Vulnerability Reward Program, indicating its significance in the context of Chrome's security model (Chrome Issue).