CVE-2020-16010
published 2020-11-03CVE-2020-16010: Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially…
PriorityP182critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
6.41%
92.8th percentile
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | chromium | — | — |
| chrome | < 86.0.4240.185 | 86.0.4240.185 | |
| chrome | >= unspecified < 86.0.4240.185 | 86.0.4240.185 | |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-16010 is confirmed exploited in the wild as a heap buffer overflow in Chrome for Android UI, enabling sandbox escape from a compromised renderer process via a crafted HTML page. ↗
- →CVE-2020-16010 is part of an exploit chain: on Android it is chained with CVE-2020-15999 (Chrome FreeType heap buffer overflow). Detection should consider both CVEs being triggered together. ↗
- →Vulnerable versions of Google Chrome for Android are prior to 86.0.4240.185. Flag devices running Chrome for Android below this version as at risk. ↗
- ·Exploitation requires the attacker to have already compromised the renderer process; this is a sandbox escape stage, not an initial access vector. Detection should account for a two-stage exploit chain. ↗
- ·The vulnerability is specific to Google Chrome on Android; Chrome on other platforms is not affected by this CVE. ↗
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck9.6CRITICAL
cisa9.6CRITICAL
vendor_debian9.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x9cj-gxph-5cgf: Heap buffer overflow in UI in Google Chrome on Android prior to 86
ghsa_unreviewed·2022-05-24
CVE-2020-16010 [HIGH] CWE-122 GHSA-x9cj-gxph-5cgf: Heap buffer overflow in UI in Google Chrome on Android prior to 86
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Project0
In-the-Wild Series: October 2020 0-day discovery - Project Zero
project_zero·2021-03-01·CVSS 9.6
CVE-2020-15999 [CRITICAL] In-the-Wild Series: October 2020 0-day discovery - Project Zero
Posted by Maddie Stone, Project Zero
In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in this blog post series.
In this post we are summarizing the exploit chains we discovered in October 2020. We have already published the details of the seven 0-day vulnerabilities exploited in our root cause analysis (RCA) posts. This post aims to provide the context around these exploits.What happened
In October 2020, we discovered that the actor from the Feb
VulnCheck
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
vulncheck·2020·CVSS 8.8
CVE-2020-16010 [HIGH] CWE-787 Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Affected: Google Chrome for Android UI
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2020/CVE-2020-16009.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
VulnCheck
Google Chrome FreeType Heap Buffer Overflow Vulnerability
vulncheck·2020·CVSS 9.6
CVE-2020-15999 [CRITICAL] CWE-787 Google Chrome FreeType Heap Buffer Overflow Vulnerability
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Affected: Google Chrome FreeType
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://savannah.nongnu.org/bugs/?59308; https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html; https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2020/CVE-2020-16009.ht
Project0
Project Zero RCA: CVE-2020-16010: Chrome for Android ConvertToJavaBitmap Heap Buffer Overflow
project_zero·CVSS 9.6
CVE-2020-16010 [CRITICAL] Project Zero RCA: CVE-2020-16010: Chrome for Android ConvertToJavaBitmap Heap Buffer Overflow
# CVE-2020-16010: Chrome for Android ConvertToJavaBitmap Heap Buffer Overflow
*Mark Brand and Sergei Glazunov, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 2 November 2020
**Product:** Google Chrome for Android
**Advisory:** https://chromereleases.googleblog.com/2020/11/chrome-for-android-update.html
**Affected Versions:** 86.0.4240.114 and previous
**First Patched Version:** 86.0.4240.185
**Issue/Bug Report:**
* Project Zero: https://bugs.chromium.org/p/project-zero/issues/detail?id=2112
* Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=1144368
**Patch CL:** https://chromium.googlesource.com/chromium/src.git/+/e598fc599bd920392256d05c61826466c73c8e
Project0
Project Zero RCA: CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation
project_zero·CVSS 8.8
CVE-2020-16009 [HIGH] Project Zero RCA: CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation
# CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation
*Samuel Groß, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 2 November 2020
**Product:** Google Chrome
**Advisory:** https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
**Affected Versions:** 86.0.4240.111 and previous
**First Patched Version:** 86.0.4240.183
**Issue/Bug Report:**
* Project Zero: https://bugs.chromium.org/p/project-zero/issues/detail?id=2106
* Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=1143772
**Patch CL:** https://chromium.googlesource.com/v8/v8.git/+/3ba21a17ce2f26b015cc29adc473812247472776
**Bug-Introducing CL:** N/A
**Re
Project0
Project Zero RCA: CVE-2020-15999: FreeType Heap Buffer Overflow in Load_SBit_Png
project_zero·CVSS 9.6
CVE-2020-15999 [CRITICAL] Project Zero RCA: CVE-2020-15999: FreeType Heap Buffer Overflow in Load_SBit_Png
# CVE-2020-15999: FreeType Heap Buffer Overflow in Load_SBit_Png
*Sergei Glazunov, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 19 October 2020
**Product:** Google Chrome/ Freetype
**Advisory:** https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
**Affected Versions:** 86.0.4240.80 and previous
**First Patched Version:** 86.0.4240.111
**Issue/Bug Report:**
* Project Zero: https://bugs.chromium.org/p/project-zero/issues/detail?id=2103
* Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=1139963
* FreeType: https://savannah.nongnu.org/bugs/?59308
**Patch CL:**
* Chromium: https://chromium.googlesource.com/chromium/src
CISA
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
cisa·2021-11-03·CVSS 9.6
CVE-2020-16010 [CRITICAL] CWE-787 Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Vulnerability: Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Affected: Google Chrome for Android UI
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-16010
Remediation Due Date: 2022-05-03
CISA
Google Chrome FreeType Heap Buffer Overflow Vulnerability
cisa·2021-11-03·CVSS 9.6
CVE-2020-15999 [CRITICAL] CWE-787 Google Chrome FreeType Heap Buffer Overflow Vulnerability
Vulnerability: Google Chrome FreeType Heap Buffer Overflow Vulnerability
Affected: Google Chrome FreeType
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-15999
Remediation Due Date: 2021-11-17
Chrome
Chrome for Android Update: CVE-2020-16010
vendor_chrome·2020-11-02·CVSS 9.6
CVE-2020-16010 [HIGH] Chrome for Android Update: CVE-2020-16010
Chrome for Android Update
CVE-2020-16010: Heap buffer overflow in UI on Android. Reported by Maddie Stone, Mark Brand, and Sergei Glazunov of Google Project Zero on 2020-10-31 Google is aware of reports that an exploit for CVE-2020-16010 exists in the wild
Severity: high
Debian
CVE-2020-16010: chromium - Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 al...
vendor_debian·2020·CVSS 9.6
CVE-2020-16010 [CRITICAL] CVE-2020-16010: chromium - Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 al...
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Tenable
CVE-2020-15999, CVE-2020-17087: Google Chrome FreeType and Microsoft Windows Kernel Zero Days Exploited in the Wild
blogs_tenable·2020-11-02·CVSS 9.6
[CRITICAL] CVE-2020-15999, CVE-2020-17087: Google Chrome FreeType and Microsoft Windows Kernel Zero Days Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2020-11-03
Published
2021-11-03
Added to CISA KEV
Exploited in the wild