CVE-2020-6385: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6385 is a security vulnerability discovered in Google Chrome prior to version 80.0.3987.87. The vulnerability was identified as an insufficient policy enforcement issue in storage functionality that could allow a remote attacker to bypass site isolation via a crafted HTML page. The vulnerability was discovered by Sergei Glazunov of Google Project Zero on December 18, 2019 (Chrome Blog).

The vulnerability is classified as a High severity issue with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability stems from insufficient policy enforcement in the browser's storage mechanisms, which could potentially allow an attacker to bypass Chrome's site isolation features (NVD).

The vulnerability could allow a remote attacker to bypass site isolation protections in Google Chrome. Site isolation is a critical security feature that separates websites into different processes to prevent malicious sites from accessing data from other sites. A successful exploit could potentially lead to unauthorized access to sensitive information from other sites (Debian Security).

The vulnerability was fixed in Google Chrome version 80.0.3987.87. Users and administrators are strongly advised to update to this version or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian (version 80.0.3987.132-1~deb10u1), Fedora, and Red Hat Enterprise Linux (Debian Security, Red Hat).