CVE-2020-16009

Warnung

Exploit

EPSS 78.73%
Veröffentlicht 03.11.2020 03:15:15
Zuletzt bearbeitet 30.07.2025 19:00:37
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 2 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cefsharp ≫ Cefsharp Version < 86.0.241

Google ≫ Chrome Version < 86.0.4240.183

Microsoft ≫ Edge Version < 86.0.622.63

Microsoft ≫ Edge Chromium Version < 86.0.4240.183

Opensuse ≫ Backports Sle Version15.0 Updatesp1

Opensuse ≫ Backports Sle Version15.0 Updatesp2

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version15.2

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Debian ≫ Debian Linux Version10.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium V8 Type Confusion Vulnerability

Schwachstelle

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	78.73%	0.99

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/

Release Notes

https://www.debian.org/security/2021/dsa-4824

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html

Third Party Advisory

Broken Link

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/

Release Notes

https://security.gentoo.org/glsa/202011-12