CVE-2020-6527

Medium

Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy…

Chrome·CWE-276·Published 2020-07-22

CVSS

4.3

EPSS

0.02

KEV

Exploits

cve.orgen

162 chars

Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

NVDen

162 chars

Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

NVDes

216 chars

Una aplicación insuficiente de la política en CSP en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante remoto omitir la política de seguridad de contenido por medio de una página HTML diseñada

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N