PT-2020-5029 · Google+2 · Google Chrome+2

Published

2020-11-17

Updated

2024-06-15

CVE-2020-16026

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 87.0.4280.66

Description The issue is related to the implementation of WebRTC technology in Google Chrome, specifically a use after free error. This could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, leading to unauthorized access to protected information.

Recommendations For versions prior to 87.0.4280.66, update to version 87.0.4280.66 or later to resolve the issue. As a temporary workaround, consider restricting access to WebRTC functionality until a patch is applied.

Exploit

Fix

Memory Corruption

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-416

Related Identifiers

ALT-PU-2020-3409

ALT-PU-2021-1049

ALT-PU-2021-1157

ALT-PU-2021-1210

ALT-PU-2021-1379

BDU:2020-05616

CVE-2020-16026

DSA-4824-1

OPENSUSE-SU-2020:2010-1

OPENSUSE-SU-2020:2012-1

OPENSUSE-SU-2020:2021-1

OPENSUSE-SU-2020:2026-1

OPENSUSE-SU-2020:2032-1

OPENSUSE-SU-2020:2055-1

OPENSUSE-SU-2020_2021-1

OPENSUSE-SU-2020_2032-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux

Google Chrome

Suse

PT-2020-5029 · Google+2 · Google Chrome+2

CVE-2020-16026

Weakness Enumeration

Related Identifiers

Affected Products

References · 2351