CVE-2020-16040
CVE-2020-16040
In short
Google Chrome's V8 engine didn't properly check data before processing it, allowing attackers to corrupt the computer's memory by tricking users into visiting a malicious website.
Technical detail
Insufficient input validation in V8 allowed remote code execution through heap corruption via crafted HTML. Attack vector is web-based (malicious webpage), requires user interaction (visiting the site), and can lead to arbitrary code execution with Chrome process privileges.
Summary generated and translated by AI from the official description.
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected products
Google · Chromepublic PoCs found — 4
cve_referencepacketstormsecurity.com/files/162087/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/162106/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/162144/Google-Chrome-SimplfiedLowering-Integer-Overflow.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49745unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/162087/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/162106/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/162144/Google-Chrome-SimplfiedLowering-Integer-Overflow.htmlhttps://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.htmlhttps://crbug.com/1150649