CVE-2020-6431: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6431 is a security vulnerability discovered in Google Chrome prior to version 81.0.4044.92. The vulnerability was identified as an insufficient policy enforcement in the full screen feature that allowed a remote attacker to spoof security UI through a crafted HTML page (NVD). The issue was reported by Luan Herrera (@lbherrera_) on June 14, 2018, and was publicly disclosed in April 2020 (Chrome Releases).

The vulnerability is classified as a Medium severity issue with a CVSS v3.1 Base Score of 4.3. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction (NVD). The vulnerability stems from insufficient policy enforcement in the full screen functionality of Chrome, which could allow an attacker to manipulate the security user interface.

When exploited, this vulnerability allows a remote attacker to spoof the security user interface through a specially crafted HTML page when Chrome is in full screen mode. This could potentially lead to users being deceived about the security status or origin of web content (NVD).

The vulnerability was patched in Google Chrome version 81.0.4044.92. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix has been incorporated into various Linux distributions including Debian, Fedora, and OpenSUSE through their respective security updates (Debian Security, Fedora Update).