PT-2020-5790 · Google+3 · Google Chrome+3

Published

2020-06-08

·

Updated

2024-06-15

·

CVE-2020-6509

CVSS v3.1

9.6

Critical

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 83.0.4103.116
Description: The issue is related to a use after free in extensions, which could allow an attacker to potentially perform a sandbox escape via a crafted Chrome Extension if a user is convinced to install a malicious extension. This could lead to unauthorized access to confidential data, disruption of data integrity, and denial of service.
Recommendations: For Google Chrome versions prior to 83.0.4103.116, update to version 83.0.4103.116 or later to resolve the issue.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-2453
ALT-PU-2020-2468
ALT-PU-2020-3144
ALT-PU-2021-1210
ALT-PU-2021-1379
BDU:2021-01752
CVE-2020-6509
DSA-4714-1
DSA-4714-2
DSA-4714-3
OPENSUSE-SU-2020:0887-1
OPENSUSE-SU-2020:0893-1
OPENSUSE-SU-2020:0902-1
OPENSUSE-SU-2020:0949-1
OPENSUSE-SU-2020:0950-1
OPENSUSE-SU-2020:1032-1
OPENSUSE-SU-2020_0887-1
OPENSUSE-SU-2020_0893-1
OPENSUSE-SU-2020_0949-1
OPENSUSE-SU-2020_0950-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2020:2761
RHSA-2020_2761

Affected Products

Alt Linux
Google Chrome
Red Hat
Suse