Vulnerabilities > CVE-2020-16027 - Missing Authorization vulnerability in Google Chrome

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
google
CWE-862
NVD
Published: 2021-01-08
Updated: 2021-01-12

Summary

Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension.

Vulnerable Configurations

Part Description Count
Application
Google
5626

Common Weakness Enumeration (CWE)

References