PT-2020-1638 · Tesla+4 · Tesla Model 3+5

Clement Lecigne

Published

2020-02-24

Updated

2025-10-24

CVE-2020-6418

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 80.0.3987.122

Description The issue is related to a type confusion in the V8 engine of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. The vulnerability has been reportedly exploited in real-world incidents, including a case where it was used to achieve remote code execution on a Tesla Model 3.

Recommendations For versions prior to 80.0.3987.122, update to version 80.0.3987.122 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or disabling JavaScript execution in untrusted contexts until the update can be applied.

Exploit

Fix

RCE

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALSA-2025_16880

ALT-PU-2020-1457

ALT-PU-2020-1521

ALT-PU-2020-1707

ALT-PU-2020-2441

BDU:2020-00867

CVE-2020-6418

DSA-4638-1

MGASA-2020-0123

OPENSUSE-SU-2020:0245-1

OPENSUSE-SU-2020:0259-1

OPENSUSE-SU-2020_0259-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2020:0738

RHSA-2020_0738

Affected Products

Alt Linux

Google Chrome

Red Hat

Suse

Tesla Model 3

V8 Engine

PT-2020-1638 · Tesla+4 · Tesla Model 3+5

CVE-2020-6418

Weakness Enumeration

Related Identifiers

Affected Products

References · 2377