CVE-2020-6396: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6396 is a security vulnerability discovered in Google Chrome's Skia component prior to version 80.0.3987.87. The vulnerability was disclosed on February 4, 2020, and involves an inappropriate implementation that allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page (Chrome Blog).

The vulnerability was rated as Medium severity with a CVSS v3.1 Base Score of 4.3 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The issue specifically affects the Skia graphics engine implementation in Chrome, where improper handling of certain HTML content could lead to URL spoofing attacks (NVD).

The vulnerability allows remote attackers to spoof the contents of the browser's URL bar (Omnibox) through specially crafted HTML pages. This could potentially be used in phishing attacks by making users believe they are visiting a legitimate website when they are actually on a malicious one (Chrome Blog).

The vulnerability was patched in Chrome version 80.0.3987.87. Users and administrators should upgrade to this version or later to mitigate the risk. The fix has been backported to various Linux distributions including Debian, Fedora, Red Hat, and openSUSE (Debian Security, Red Hat).