PT-2020-4560 · Google+3 · Google Chrome+3

Published

2020-11-02

·

Updated

2026-01-09

·

CVE-2020-16009

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 86.0.4240.183
Description The issue is related to an inappropriate implementation in the V8 engine of Google Chrome, which can lead to heap corruption. A remote attacker can potentially exploit this issue via a crafted HTML page, affecting the confidentiality, integrity, and availability of protected information.
Recommendations For versions prior to 86.0.4240.183, update to version 86.0.4240.183 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the heap corruption until a patch is applied. Restrict access to sensitive information and ensure that only trusted sources are used to minimize the risk of exploitation.

Exploit

Fix

Type Confusion

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-787

Related Identifiers

ALT-PU-2020-3409
ALT-PU-2021-1049
ALT-PU-2021-1157
ALT-PU-2021-1210
ALT-PU-2021-1379
BDU:2020-05109
CVE-2020-16009
DSA-4824-1
GHSA-M7MF-48HP-5QMR
OPENSUSE-SU-2020:1829-1
OPENSUSE-SU-2020:1831-1
OPENSUSE-SU-2020:1937-1
OPENSUSE-SU-2020:1952-1
OPENSUSE-SU-2020_1831-1
OPENSUSE-SU-2020_1952-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2020:4974
RHSA-2020_4974

Affected Products

Alt Linux
Google Chrome
Red Hat
Suse