PT-2020-5683 · Google+3 · Google Chrome+3

Published

2020-10-06

·

Updated

2024-06-15

·

CVE-2020-15972

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 86.0.4240.75
Description The issue is related to a use after free vulnerability in the audio component of Google Chrome, which can be exploited by a remote attacker to potentially access confidential data, compromise data integrity, and cause a denial of service. This can be achieved through a crafted HTML page that exploits heap corruption.
Recommendations For versions prior to 86.0.4240.75, update to version 86.0.4240.75 or later to resolve the issue. As a temporary workaround, consider restricting access to audio components in Google Chrome until a patch is applied. Avoid using crafted HTML pages that could exploit the heap corruption vulnerability.

Exploit

Fix

Memory Corruption

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-416

Related Identifiers

ALT-PU-2020-3035
ALT-PU-2020-3144
ALT-PU-2021-1157
ALT-PU-2021-1210
ALT-PU-2021-1379
BDU:2021-01485
CVE-2020-15972
DSA-4824-1
OPENSUSE-SU-2020:1705-1
OPENSUSE-SU-2020:1715-1
OPENSUSE-SU-2020:1829-1
OPENSUSE-SU-2020_1705-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2020:4235
RHSA-2020_4235

Affected Products

Alt Linux
Google Chrome
Red Hat
Suse