⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-16017Use After Free in Google Chrome

CWE-416Use After FreeCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write13 documents10 sources
Severity
9.6CRITICALNVD
GHSA8.8OSV8.8
EPSS
21.4%
top 4.28%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Google ChromeChromiumDebian Chromium+1 more
Timeline
PublishedJan 8
KEV addedNov 3
KEV dueMay 3
Latest updateSep 21
CISA Required Action: Apply updates per vendor instructions.

Description

Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages5 packages

CVEListV5google/chromeunspecified86.0.4240.198
NVDgoogle/chrome< 86.0.4240.198
debiandebian/chromium< chromium 87.0.4280.88-0.1 (bookworm)
Debianchromium/chromium< 87.0.4280.88-0.1+3

🔴Vulnerability Details

6
OSV
CVE-2020-16017: Use after free in site isolation in Google Chrome prior to 862021-01-08
OSV
Use after free in CefSharp2020-11-27
GHSA
Inappropriate implementation in V8 in CefSharp2020-11-27
GHSA
Use after free in CefSharp2020-11-27
OSV
Inappropriate implementation in V8 in CefSharp2020-11-27

📋Vendor Advisories

5
CISA ICS
Rockwell Automation Connected Components Workbench2023-09-21
CISA
Google Chrome Use-After-Free Vulnerability2021-11-03
Red Hat
chromium-browser: Use after free in site isolation2020-11-11
Chrome
Stable Channel Update for Desktop: CVE-2020-160132020-11-11
Debian
CVE-2020-16017: chromium - Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed...2020

🕵️Threat Intelligence

1
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys2022-02-23