CVE-2020-16009
CVE-2020-16009
In short
Google Chrome's V8 JavaScript engine had a flaw that could let attackers corrupt memory on your computer through a malicious website. This could crash your browser or potentially allow unauthorized access to your system.
Technical detail
CWE-787 (out-of-bounds write) and CWE-843 (type confusion) in V8 JavaScript engine prior to version 86.0.4240.183 allowed remote attackers to trigger heap corruption via crafted HTML. Attack vector is network-based (malicious webpage), requiring user interaction; impact includes code execution and system compromise.
Summary generated and translated by AI from the official description.
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 1
cve_referencepacketstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.htmlhttp://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.htmlhttps://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.htmlhttps://crbug.com/1143772https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/https://security.gentoo.org/glsa/202011-12https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16009https://www.debian.org/security/2021/dsa-4824