CVE-2020-15969: Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	ipados	< 14.3	14.3
apple	iphone_os	< 14.3	14.3
apple	macos	< 11.1	11.1
apple	safari	< 14.0.2	14.0.2
apple	tvos	< 14.3	14.3
apple	watchos	< 7.2	7.2
chromium	chromium	>= 0 < 87.0.4280.88-0.1	87.0.4280.88-0.1
chromium	chromium	>= 0 < 87.0.4280.88-0.1	87.0.4280.88-0.1
chromium	chromium	>= 0 < 87.0.4280.88-0.1	87.0.4280.88-0.1
chromium	chromium	>= 0 < 87.0.4280.88-0.1	87.0.4280.88-0.1
debian	chromium	< chromium 87.0.4280.88-0.1 (bookworm)	chromium 87.0.4280.88-0.1 (bookworm)
debian	debian_linux	—	—
debian	firefox	< chromium 87.0.4280.88-0.1 (bookworm)	chromium 87.0.4280.88-0.1 (bookworm)
debian	firefox-esr	< chromium 87.0.4280.88-0.1 (bookworm)	chromium 87.0.4280.88-0.1 (bookworm)
debian	thunderbird	< chromium 87.0.4280.88-0.1 (bookworm)	chromium 87.0.4280.88-0.1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
google	chrome	< 86.0.4240.75	86.0.4240.75
google	chrome	>= unspecified < 86.0.4240.75	86.0.4240.75
google	chrome_chrome	—	—
mozilla	firefox	—	—
mozilla	thunderbird	>= 0 < 1:78.4.0-1	1:78.4.0-1
mozilla	thunderbird	>= 0 < 1:78.4.0-1	1:78.4.0-1
mozilla	thunderbird	>= 0 < 1:78.4.0-1	1:78.4.0-1

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv8.8HIGH