CVE-2020-6392: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6392 is a security vulnerability discovered in Google Chrome prior to version 80.0.3987.87, reported by the Microsoft Edge Team on December 3, 2019. The vulnerability involves insufficient policy enforcement in Chrome extensions that allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension (Chrome Blog, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, and it primarily impacts integrity with low severity (NVD).

The vulnerability allows attackers to bypass navigation restrictions through a crafted Chrome Extension, but only after convincing a user to install the malicious extension. This could potentially lead to unauthorized navigation or redirection to malicious websites (Chrome Blog).

The vulnerability was patched in Chrome version 80.0.3987.87. Users and organizations are advised to update to this version or later to mitigate the risk. The fix was also distributed to other Chromium-based browsers and operating systems including Debian, Fedora, and Gentoo (Debian Advisory, Fedora Update, Gentoo Advisory).