CVE-2020-6445: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6445 is a security vulnerability discovered in Google Chrome prior to version 81.0.4044.92, identified on February 18, 2019. The vulnerability involves insufficient policy enforcement in trusted types, which could allow a remote attacker to bypass content security policy via a crafted HTML page (NVD, Chrome Releases). The vulnerability was reported by Jun Kokatsu from Microsoft Browser Vulnerability Research team (Debian Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction needed (NVD). The issue specifically relates to insufficient enforcement of trusted type policies, which could potentially allow attackers to circumvent intended security controls.

The vulnerability could allow a remote attacker to bypass content security policy through a specially crafted HTML page, potentially compromising the security of the browser (NVD). This could lead to unauthorized actions and potential security policy violations within the browser context.

The vulnerability was patched in Google Chrome version 81.0.4044.92. Users and administrators are advised to upgrade to this version or later to mitigate the risk (Chrome Releases). The fix was also distributed to various Linux distributions including Debian, Fedora, and OpenSUSE through their respective security updates (Debian Advisory, OpenSUSE Advisory).