CVE-2020-6399: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6399 affects Google Chrome versions prior to 80.0.3987.87. This vulnerability is characterized by insufficient policy enforcement in AppCache, which could allow a remote attacker to leak cross-origin data through a crafted HTML page (NVD, Chrome Blog).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. The vulnerability was discovered by Luan Herrera (@lbherrera_) and was reported on January 7, 2020. The issue stems from insufficient policy enforcement in the AppCache component of Chrome, which could be exploited through a specially crafted HTML page (NVD, Chrome Blog).

The vulnerability allows a remote attacker to leak cross-origin data, potentially exposing sensitive information from different origins. This represents a significant security concern as it could lead to unauthorized access to user data across different web origins (NVD).

The vulnerability was fixed in Chrome version 80.0.3987.87. Users and administrators are strongly advised to upgrade to this version or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian (DSA-4638-1), Red Hat (RHSA-2020:0514), and openSUSE (openSUSE-SU-2020:0210-1) (Debian, Red Hat, OpenSUSE).