CVE-2020-6446: 
Google Chrome vulnerability analysis and mitigation

CVE-2020-6446 is a security vulnerability discovered in Google Chrome prior to version 81.0.4044.92. The vulnerability was identified as an insufficient policy enforcement issue in trusted types that allowed a remote attacker to bypass content security policy via a crafted HTML page. The vulnerability was discovered by Jun Kokatsu from Microsoft Browser Vulnerability Research and was reported on February 18, 2019 (Chrome Release).

The vulnerability is classified as a Low severity issue with a CVSS v3.1 base score of 6.5 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) and CVSS v2.0 score of 4.3 MEDIUM (AV:N/AC:M/Au:N/C:N/I:P/A:N). The vulnerability stems from insufficient enforcement of trusted types policies in Chrome's security mechanisms, which could potentially allow an attacker to bypass intended content security policy restrictions (NVD).

When exploited, this vulnerability could allow a remote attacker to bypass content security policy protections through a specially crafted HTML page. This could potentially lead to unauthorized modifications of web content and compromise of web security policies (NVD).

The vulnerability was patched in Google Chrome version 81.0.4044.92. Users and administrators are advised to upgrade to this version or later to address the security issue. The fix was also backported to various Linux distributions including Debian, Fedora, and OpenSUSE (Chrome Release, Debian Advisory).