CVE-2020-15977: Insufficient data validation in dialogs

Q: What is the vulnerability ID?

The vulnerability ID is CVE-2020-15977.

Q: What is the severity of CVE-2020-15977?

The severity of CVE-2020-15977 is medium.

Q: How does CVE-2020-15977 impact Google Chrome on OS X?

CVE-2020-15977 allows a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page in Google Chrome on OS X prior to version 86.0.4240.75.

Q: How can I fix CVE-2020-15977?

To fix CVE-2020-15977, update to Google Chrome version 86.0.4240.75 or later.

Q: Are other operating systems affected by CVE-2020-15977?

No, other operating systems are not affected by CVE-2020-15977.

Published Jun 22, 2020

Updated

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Credit

Narendra Bhati (https://twitter.com/imnarendrabhati)

Affected Software

9 affected componentsFixes available

debian/chromium

90.0.4430.212-1~deb10u1116.0.5845.180-1~deb11u1120.0.6099.129-1~deb11u1119.0.6045.199-1~deb12u1120.0.6099.129-1~deb12u1120.0.6099.129-1

Google Chrome<86.0.4240.75

86.0.4240.75

Google Chrome<86.0.4240.75

Apple iOS and macOS

Debian Debian Linux=10.0

Fedoraproject Fedora=31

Fedoraproject Fedora=32

Fedoraproject Fedora=33

openSUSE Backports SLE=15.0-sp2

Event History

Jun 22, 2020

CVE Published

12:00 AM

Nov 3, 2020

CVE Published

via MITRE·02:21 AM

Data Sourced

via MITRE·02:21 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

7211503174014671839

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID?

The vulnerability ID is CVE-2020-15977.

What is the severity of CVE-2020-15977?

The severity of CVE-2020-15977 is medium.

How does CVE-2020-15977 impact Google Chrome on OS X?