CVE-2020-6432: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6432 is a security vulnerability discovered in Google Chrome prior to version 81.0.4044.92. The vulnerability was identified as an insufficient policy enforcement issue in navigations that could allow a remote attacker to bypass navigation restrictions through a crafted HTML page. The vulnerability was reported by David Erceg on May 21, 2019, and was officially patched in April 2020 (Chrome Release).

The vulnerability is classified as a Medium severity issue with a CVSS v3.1 Base Score of 4.3 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability stems from insufficient policy enforcement in the navigation system of Chrome, which could be exploited through a specially crafted HTML page (NVD).

When exploited, this vulnerability allows a remote attacker to bypass navigation restrictions in Google Chrome. The impact is limited to integrity (I:L), with no effect on confidentiality (C:N) or availability (A:N). The attack requires user interaction (UI:R) but can be initiated from the network (AV:N) with low attack complexity (AC:L) (NVD).

The vulnerability was fixed in Google Chrome version 81.0.4044.92. Users and administrators should upgrade to this version or later to mitigate the risk. The fix has been incorporated into various Linux distributions including Debian, Fedora, and OpenSUSE through their respective security updates (Debian Advisory, Fedora Update).