CVE-2020-6402: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6402 is a security vulnerability discovered in Google Chrome on OS X prior to version 80.0.3987.87, disclosed on February 11, 2020. The vulnerability stems from insufficient policy enforcement in downloads, which could allow an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension (NVD, Chrome Release).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-20 (Improper Input Validation) and affects the download policy enforcement mechanism in Chrome (NVD).

If exploited, this vulnerability could allow an attacker to execute arbitrary code through a malicious Chrome extension, potentially compromising the affected system's security. The vulnerability requires user interaction, specifically convincing a user to install a malicious extension (NVD).

The vulnerability was patched in Chrome version 80.0.3987.87. Users and administrators are advised to upgrade to this version or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian, Red Hat, Fedora, and Gentoo (Debian Advisory, Red Hat Advisory).