CVE-2020-6391: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6391 is a security vulnerability discovered in Google Chrome's Blink engine prior to version 80.0.3987.87, disclosed on February 4, 2020. The vulnerability stems from insufficient validation of untrusted input in Blink, which could allow a local attacker to bypass content security policy via a crafted HTML page. This vulnerability was reported by Michał Bentkowski of Securitum on October 24, 2019 (Chrome Releases).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, and it can lead to low impact on integrity with no impact on confidentiality or availability (NVD).

The vulnerability allows an attacker to bypass content security policy through insufficient validation of untrusted input in the Blink engine. This could potentially lead to security policy violations and compromise the intended security boundaries of the browser (Debian Security).

The vulnerability was patched in Chrome version 80.0.3987.87. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix was also distributed to various Linux distributions including Debian, Fedora, and Red Hat Enterprise Linux through their respective security updates (Red Hat, Debian Security).