CVE-2020-6435: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6435 is a security vulnerability discovered in Google Chrome versions prior to 81.0.4044.92. The vulnerability involves insufficient policy enforcement in extensions that allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. The vulnerability was discovered by Sergei Glazunov of Google Project Zero on December 9, 2019 (Chrome Blog).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires network access and user interaction to exploit, but does not require privileges. The impact primarily affects integrity with low severity, while confidentiality and availability are not impacted (NVD).

When successfully exploited, this vulnerability allows an attacker who has already compromised the renderer process to bypass navigation restrictions through a specially crafted HTML page. This could potentially lead to unauthorized navigation or redirection, compromising the intended browsing restrictions (NVD).

The vulnerability was fixed in Google Chrome version 81.0.4044.92. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix has been incorporated into various distributions including Debian, Fedora, and OpenSUSE through their respective security updates (Debian Security, Fedora Update).