CVE-2020-6398: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6398 is a security vulnerability discovered in PDFium component of Google Chrome versions prior to 80.0.3987.87. The vulnerability involves the use of uninitialized data in PDFium that could potentially allow a remote attacker to exploit heap corruption through a specially crafted PDF file (NVD, Chrome Blog).

The vulnerability is classified with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue stems from uninitialized data usage in PDFium, which could lead to heap corruption when processing specially crafted PDF files. The vulnerability was reported by security researcher pdknsk and assigned a medium severity rating with a $2000 bounty (NVD, Chrome Blog).

The vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted PDF file, which could lead to arbitrary code execution, information disclosure, or denial of service conditions (Debian, Gentoo).

The vulnerability was patched in Chrome version 80.0.3987.87. Users and administrators are advised to upgrade to this version or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian (version 80.0.3987.132-1~deb10u1), Fedora, and openSUSE (Debian, OpenSUSE).