PT-2020-2438 · Google+3 · Google Chrome+3

Guang Gong

Published

2020-04-15

Updated

2024-06-15

CVE-2020-6457

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 81.0.4044.113

Description The issue is related to a use-after-free vulnerability in the speech recognition component of Google Chrome, which could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability is caused by accessing a block of memory after it has been freed in the speech recognition component. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Google Chrome versions prior to 81.0.4044.113, update to version 81.0.4044.113 or later to resolve the issue. As a temporary workaround, consider disabling the speech recognition feature until a patch is available. Restrict access to potentially vulnerable components to minimize the risk of exploitation. At the moment, there is no additional information about other mitigation measures.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-1770

ALT-PU-2020-1784

ALT-PU-2020-2420

ALT-PU-2020-2441

BDU:2020-02444

CVE-2020-6457

DSA-4714-1

DSA-4714-2

DSA-4714-3

MGASA-2020-0185

OPENSUSE-SU-2020:0541-1

OPENSUSE-SU-2020:0566-1

OPENSUSE-SU-2020:0635-1

OPENSUSE-SU-2020_0541-1

OPENSUSE-SU-2020_0635-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2020:1504

RHSA-2020_1504

Affected Products

Alt Linux

Google Chrome

Red Hat

Suse

PT-2020-2438 · Google+3 · Google Chrome+3

CVE-2020-6457

Weakness Enumeration

Related Identifiers

Affected Products

References · 2355