CVE-2020-16013

CVSS 8.8 HIGHEPSS 2.8%● KEVCWE-787

Vexday Risk Score

51Attention

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 8.8EPSS 2.8%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Jan 2021Published on NVD

03 Nov 2021Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

Google Chrome's V8 JavaScript engine had a flaw that could allow attackers to corrupt memory on your computer through a malicious webpage, potentially leading to crashes or unauthorized access.

Technical detail

An out-of-bounds write vulnerability (CWE-787) in V8's implementation prior to v86.0.4240.198 allows remote attackers to trigger heap corruption via specially crafted HTML. Exploitation requires user interaction (visiting a malicious page) and can result in arbitrary code execution or denial of service.

Summary generated and translated by AI from the official description.

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html https://crbug.com/1147206 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16013