⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-16013Out-of-bounds Write in Google Chrome

CWE-787Out-of-bounds WriteCWE-358Improperly Implemented Security Check for StandardCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-416Use After Free14 documents11 sources
Severity
8.8HIGHNVD
EPSS
26.1%
top 3.69%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Google ChromeChromiumDebian Chromium+1 more
Timeline
PublishedJan 8
KEV addedNov 3
KEV dueMay 3
Latest updateSep 21
CISA Required Action: Apply updates per vendor instructions.

Description

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5google/chromeunspecified86.0.4240.198
NVDgoogle/chrome< 86.0.4240.198
debiandebian/chromium< chromium 87.0.4280.88-0.1 (bookworm)
Debianchromium/chromium< 87.0.4280.88-0.1+3

🔴Vulnerability Details

6
OSV
CVE-2020-16013: Inappropriate implementation in V8 in Google Chrome prior to 862021-01-08
OSV
Use after free in CefSharp2020-11-27
GHSA
Inappropriate implementation in V8 in CefSharp2020-11-27
GHSA
Use after free in CefSharp2020-11-27
OSV
Inappropriate implementation in V8 in CefSharp2020-11-27

📋Vendor Advisories

5
CISA ICS
Rockwell Automation Connected Components Workbench2023-09-21
CISA
Google Chromium V8 Incorrect Implementation Vulnerabililty2021-11-03
Red Hat
chromium-browser: Inappropriate implementation in V82020-11-11
Chrome
Stable Channel Update for Desktop: CVE-2020-160132020-11-11
Debian
CVE-2020-16013: chromium - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allow...2020

🕵️Threat Intelligence

2
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys2022-02-23
Tenable
CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in the Wild2021-02-05