CVE-2020-6406: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6406 is a use-after-free vulnerability in the audio component of Google Chrome versions prior to 80.0.3987.87. The vulnerability was discovered by Sergei Glazunov of Google Project Zero and disclosed on January 15, 2020 (Chrome Blog).

This vulnerability is classified as a use-after-free (CWE-416) issue in the audio component of Chrome. The vulnerability has a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. A remote attacker could potentially exploit heap corruption via a crafted HTML page (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to execute arbitrary code within the context of the browser, potentially leading to system compromise. The vulnerability affects confidentiality, integrity, and availability of the system, as indicated by the high CVSS ratings in all three categories (NVD).

The vulnerability was patched in Chrome version 80.0.3987.87. Users and administrators should update to this version or later to mitigate the risk. The fix has been backported to various Linux distributions including Debian, Fedora, Red Hat, and openSUSE (Red Hat Advisory, Debian Advisory).