CVE-2020-6438: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6438 is a security vulnerability discovered in Google Chrome prior to version 81.0.4044.92. The vulnerability stems from insufficient policy enforcement in extensions, which allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension (NVD, Chrome Blog).

The vulnerability is classified as a Low severity issue with a CVSS v3.1 Base Score of 4.3 (MEDIUM). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating that it can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability is related to CWE-209 (Generation of Error Message Containing Sensitive Information) (NVD).

When successfully exploited, the vulnerability allows an attacker to obtain potentially sensitive information from process memory. The attack requires user interaction in the form of installing a malicious Chrome extension, which can then be used to access sensitive data (NVD).

The vulnerability was fixed in Google Chrome version 81.0.4044.92. Users and administrators should upgrade to this version or later to mitigate the risk. The fix was also backported to various Linux distributions including Debian, Fedora, and OpenSUSE (Chrome Blog, Debian Advisory).