Google · Google Chrome · CVE-2020-15987
Name of the Vulnerable Software and Affected Versions:
Google Chrome versions prior to 86.0.4240.75
Description:
The issue is related to a use after free in WebRTC, which could allow a remote attacker to exploit heap corruption via a crafted WebRTC stream. This may lead to unauthorized access to confidential data, disruption of data integrity, and potentially cause a denial of service.
Recommendations:
For versions prior to 86.0.4240.75, update to version 86.0.4240.75 or later to resolve the issue. As a temporary workaround, consider disabling WebRTC functionality until a patch is applied. Restrict access to WebRTC streams to minimize the risk of exploitation. Avoid using crafted WebRTC streams in affected versions until the issue is resolved.