CVE-2020-6386: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6386 is a use-after-free vulnerability discovered in the speech component of Google Chrome prior to version 80.0.3987.116. The vulnerability was reported by Zhe Jin from cdsrc of Qihoo 360 on January 20, 2020 (Chrome Release, NVD).

The vulnerability is classified as a use-after-free (CWE-416) issue in the speech processing component of Chrome. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that it can be exploited remotely with low attack complexity, requires no privileges but does need user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

A remote attacker could potentially exploit heap corruption via a crafted HTML page, leading to arbitrary code execution within the context of the browser. The high CVSS score indicates serious potential impacts to system confidentiality, integrity, and availability if successfully exploited (NVD).

The vulnerability was fixed in Google Chrome version 80.0.3987.116. Users and administrators should update to this version or later to mitigate the risk. The fix was also backported to various Linux distributions including Debian, Fedora, and Red Hat Enterprise Linux through their respective security updates (Debian Advisory, Red Hat Advisory).