CVE-2020-6538: 
Google Chrome vulnerability analysis and mitigation

An inappropriate implementation vulnerability was discovered in WebView component of Google Chrome on Android prior to version 84.0.4147.105. This vulnerability, tracked as CVE-2020-6538, was reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on June 18, 2020 (Chrome Release).

The vulnerability allowed a remote attacker to leak cross-origin data via a crafted HTML page. The severity of this vulnerability was rated as HIGH with a CVSS 3.1 base score of 6.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) (NVD).

The vulnerability could allow attackers to access cross-origin data, potentially leading to information disclosure from different origins within the browser context. This could result in unauthorized access to sensitive information from other websites or web applications (NVD).

Google addressed this vulnerability in Chrome version 84.0.4147.105. Users are advised to update to this version or later to mitigate the risk. The fix was also incorporated into various Linux distributions including Debian 10 (Buster) in version 87.0.4280.88-0.4~deb10u1 (Debian Advisory) and Fedora 33 (Fedora Update).