CVE-2020-6418
CVE-2020-6418
In short
Google Chrome's JavaScript engine (V8) had a flaw where it confused different data types, allowing attackers to corrupt computer memory through a malicious webpage. This could lead to crashes or arbitrary code execution.
Technical detail
Type confusion vulnerability in V8 allows remote attackers to trigger heap corruption by crafting malicious HTML pages that exploit incorrect type handling during JavaScript execution. Exploitation requires user interaction to visit a crafted page; successful exploitation can result in arbitrary code execution with browser privileges.
Summary generated and translated by AI from the official description.
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 6
githubgithub.com/Goyotan/CVE-2020-6418-PoC★ 3githubgithub.com/ulexec/ChromeSHELFLoader★ 3githubgithub.com/SivaPriyaRanganatha/CVE-2020-6418★ 1githubgithub.com/ASkyeye/CVE-2020-6418★ 0cve_referencepacketstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48186unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.htmlhttps://access.redhat.com/errata/RHSA-2020:0738https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.htmlhttps://crbug.com/1053604https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/https://security.gentoo.org/glsa/202003-08https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6418https://www.debian.org/security/2020/dsa-4638