CVE-2020-15978
📋 TL;DR
This vulnerability allows a remote attacker who has already compromised Chrome's renderer process to bypass navigation restrictions on Android devices. It affects Google Chrome on Android versions prior to 86.0.4240.75. The attacker can use a crafted HTML page to exploit insufficient data validation in navigation.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Backports Sle by Opensuse
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
An attacker who has already compromised the renderer process could bypass security restrictions and potentially execute arbitrary code or access sensitive data through navigation manipulation.
Likely Case
Attackers who have achieved renderer process compromise could bypass navigation restrictions to perform unauthorized actions or access restricted content.
If Mitigated
With updated Chrome versions, the vulnerability is patched and navigation restrictions are properly enforced.
🎯 Exploit Status
Requires renderer process compromise first, which adds complexity. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 86.0.4240.75 and later
Vendor Advisory: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Google Play Store on Android device. 2. Search for Chrome. 3. If update available, tap Update. 4. Restart Chrome after update completes.
🔧 Temporary Workarounds
Disable Chrome on Android
androidTemporarily disable Chrome browser on affected Android devices
Settings > Apps > Chrome > Disable
Use alternative browser
androidSwitch to a different browser that is not affected
🧯 If You Can't Patch
- Restrict access to untrusted websites
- Implement network segmentation to isolate Chrome usage
🔍 How to Verify
Check if Vulnerable:
Open Chrome on Android, go to Settings > About Chrome, check version numberCheck Version:
chrome://version/ in Chrome address barVerify Fix Applied:
Confirm Chrome version is 86.0.4240.75 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual navigation patterns in Chrome logs
- Renderer process crashes or anomalies
Network Indicators:
- Suspicious HTML page loads with navigation manipulation attempts
SIEM Query:
source="chrome" AND (event="navigation_error" OR event="renderer_crash")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
- https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
- https://crbug.com/1116280
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/
- https://security.gentoo.org/glsa/202101-30
- https://www.debian.org/security/2021/dsa-4824
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
- https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
- https://crbug.com/1116280
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/
- https://security.gentoo.org/glsa/202101-30
- https://www.debian.org/security/2021/dsa-4824
