⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-16009

CWE-787Out-of-bounds WriteCWE-84318 documents11 sources
Severity
8.8HIGH
EPSS
84.4%
top 0.68%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
8
Google ChromeCefsharp CefsharpMicrosoft Edge+5 more
Timeline
PublishedNov 3
KEV addedNov 3
Latest updateApr 1
KEV dueMay 3
CISA Required Action: Apply updates per vendor instructions.

Description

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5google/chromeunspecified86.0.4240.183
NVDgoogle/chrome< 86.0.4240.183
NuGetCefSharp.Wpf< 86.0.241
NVDmicrosoft/edge< 86.0.622.63
NuGetCefSharp.Common< 86.0.241

Also affects: Debian Linux 10.0, Fedora 32, 33

🔴Vulnerability Details

9
Project0
The More You Know, The More You Know You Don’t Know - Project Zero2022-04-01
Project0
In-the-Wild Series: October 2020 0-day discovery - Project Zero2021-03-01
OSV
Inappropriate implementation in V82020-12-02
GHSA
Inappropriate implementation in V82020-12-02
CVEList
CVE-2020-16009: Inappropriate implementation in V8 in Google Chrome prior to 862020-11-03

📋Vendor Advisories

5
CISA
Google Chromium V8 Type Confusion Vulnerability2021-11-03
Red Hat
chromium-browser: Inappropriate implementation in V82020-11-02
Chrome
Stable Channel Update for Desktop: CVE-2020-160112020-11-02
Chrome
Stable Channel Update for Desktop: CVE-2020-160072020-11-02
Debian
CVE-2020-16009: chromium - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allow...2020

💬Community

3
Bugzilla
CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009 chromium: various flaws [fedora-all]2020-11-03
Bugzilla
CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009 chromium: various flaws [epel-all]2020-11-03
Bugzilla
CVE-2020-16009 chromium-browser: Inappropriate implementation in V82020-11-03