CVE-2020-15983: Insufficient data validation in webUI

Q: What is the vulnerability ID for this vulnerability?

The vulnerability ID is CVE-2020-15983.

Q: What is the severity of CVE-2020-15983?

The severity of CVE-2020-15983 is high with a severity value of 7.8.

Q: What software versions are affected by CVE-2020-15983?

Google Chrome on ChromeOS prior to 86.0.4240.75 and other related software versions are affected.

Q: How does CVE-2020-15983 impact content security policy?

CVE-2020-15983 allows a local attacker to bypass content security policy.

Q: Where can I find more information about CVE-2020-15983?

You can find more information about CVE-2020-15983 at the following references: [reference links].

Published Apr 30, 2020

Updated

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

Credit

Jun Kokatsu, Microsoft Browser Vulnerability Research

Affected Software

8 affected componentsFixes available

debian/chromium

90.0.4430.212-1~deb10u1116.0.5845.180-1~deb11u1120.0.6099.129-1~deb11u1119.0.6045.199-1~deb12u1120.0.6099.129-1~deb12u1120.0.6099.129-1

Google Chrome<86.0.4240.75

86.0.4240.75

Google Chrome<86.0.4240.75

Fedoraproject Fedora=31

Fedoraproject Fedora=32

Fedoraproject Fedora=33

Debian Debian Linux=10.0

openSUSE Backports SLE=15.0-sp2

Event History

Apr 30, 2020

CVE Published

12:00 AM

Nov 3, 2020

CVE Published

via MITRE·02:21 AM

Data Sourced

via MITRE·02:21 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

7211503174014671839

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

The vulnerability ID is CVE-2020-15983.

What is the severity of CVE-2020-15983?

The severity of CVE-2020-15983 is high with a severity value of 7.8.

What software versions are affected by CVE-2020-15983?