CVE-2020-6378: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6378 is a critical use-after-free vulnerability discovered in the speech recognizer component of Google Chrome versions prior to 79.0.3945.130. The vulnerability was reported by Antti Levomäki and Christian Jalio from Forcepoint on October 28, 2019, and was publicly disclosed on January 16, 2020 (Chrome Release).

The vulnerability is classified as a use-after-free flaw in the speech recognizer component of Chrome. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that it can be exploited remotely with low attack complexity, requires no privileges but does need user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, which could lead to arbitrary code execution within the context of the browser (MITRE CVE, Chrome Release).

The vulnerability was patched in Chrome version 79.0.3945.130. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix was also distributed to various Linux distributions including Fedora and Gentoo through their respective package management systems (Fedora Update, Gentoo Advisory).