CVE-2020-6380: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6380 is a security vulnerability discovered in Google Chrome prior to version 79.0.3945.130, reported by Sergei Glazunov of Google Project Zero on December 9, 2019. The vulnerability stems from insufficient policy enforcement in extensions that allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension (Chrome Release, NVD).

The vulnerability has been classified as High severity with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is related to incorrect authorization (CWE-863) in the extension message verification system (NVD).

If successfully exploited, this vulnerability could allow an attacker who has compromised the renderer process to bypass site isolation protections through a specially crafted Chrome Extension. This could potentially lead to unauthorized access to sensitive information and compromise of browser security boundaries (NVD).

The vulnerability was patched in Chrome version 79.0.3945.130. Users and organizations are advised to upgrade to this version or later to mitigate the risk. The fix was also distributed to other Chromium-based browsers and operating systems, including Fedora, Debian, and Gentoo (Chrome Release, Gentoo Advisory).