CVE-2020-6440: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6440 is a security vulnerability discovered in Google Chrome prior to version 81.0.4044.92. The vulnerability stems from an inappropriate implementation in Chrome extensions that allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The impact is limited to confidentiality, with no effects on integrity or availability (NVD).

The vulnerability allows attackers to access potentially sensitive information through a malicious Chrome extension. The attack requires user interaction in the form of installing the malicious extension, which limits its potential impact (Chrome Releases).

The vulnerability was fixed in Google Chrome version 81.0.4044.92. Users and organizations are advised to update to this version or later to mitigate the risk. The fix was also backported to various Linux distributions including Debian, Fedora, and Red Hat Enterprise Linux (Debian Advisory, Fedora Update).