CVE-2020-6403: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6403 is a security vulnerability discovered in Google Chrome's Omnibox (URL bar) implementation on iOS devices prior to version 80.0.3987.87. The vulnerability was disclosed on February 11, 2020, and allows a remote attacker to spoof the contents of the Omnibox via a crafted HTML page (NVD, Chrome Release).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

The vulnerability allows an attacker to manipulate the URL display in the browser's address bar, potentially enabling phishing attacks by making malicious websites appear legitimate. This could lead to users being deceived about the website they are visiting, as the spoofed URL could mask the true destination (NVD).

The vulnerability was patched in Chrome version 80.0.3987.87. Users and administrators are advised to update to this version or later to mitigate the risk. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian, Fedora, and Red Hat (Debian Advisory, Red Hat Advisory).