CVE-2020-6412: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6412 is a security vulnerability discovered in Google Chrome's Omnibox (address bar) prior to version 80.0.3987.87. The vulnerability was reported by Zihan Zheng of University of Science and Technology of China on May 30, 2019, and was publicly disclosed in February 2020. The issue affects Google Chrome browser and Chromium-based browsers (Chrome Release).

The vulnerability is characterized by insufficient validation of untrusted input in the Omnibox component of Chrome. This security flaw could allow a remote attacker to perform domain spoofing via IDN (Internationalized Domain Name) homographs through a crafted domain name. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N (NVD).

The vulnerability could allow attackers to perform domain spoofing attacks using IDN homographs, potentially misleading users about the actual website they are visiting. This could lead to phishing attacks where users might unknowingly provide sensitive information to malicious websites that appear legitimate (Debian Security).

The vulnerability was fixed in Chrome version 80.0.3987.87. Users and organizations are advised to upgrade to this version or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian (version 80.0.3987.132-1~deb10u1), Fedora, and Gentoo (Debian Security, Gentoo Security).