cbcvebase.
CVE-2020-16017
published 2021-01-08

CVE-2020-16017: Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially…

PriorityP184critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
2.75%
84.3th percentile
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Affected

8 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 87.0.4280.88-0.187.0.4280.88-0.1
chromiumchromium>= 0 < 87.0.4280.88-0.187.0.4280.88-0.1
chromiumchromium>= 0 < 87.0.4280.88-0.187.0.4280.88-0.1
chromiumchromium>= 0 < 87.0.4280.88-0.187.0.4280.88-0.1
debianchromium< chromium 87.0.4280.88-0.1 (bookworm)chromium 87.0.4280.88-0.1 (bookworm)
googlechrome< 86.0.4240.19886.0.4240.198
googlechrome>= unspecified < 86.0.4240.19886.0.4240.198
googlechrome_chrome

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2020-16017 is confirmed exploited in the wild — Google acknowledged existence of active exploits at time of patch release
  • Exploitation vector is a crafted HTML page delivered to a victim with a compromised renderer process, enabling sandbox escape via use-after-free in site isolation
  • Affected component is CefSharp version 81.3.100 as embedded in Rockwell Automation Connected Components Workbench (versions prior to R21); detection should cover this embedded browser surface
  • CISA KEV listing confirms known public exploitation; treat any unpatched Chrome < 86.0.4240.198 or CefSharp 81.3.100 host as high-priority detection target
  • ·Vulnerability is only exploitable after the renderer process has already been compromised; sandbox escape is a second-stage primitive, not a direct initial-access vector
  • ·The Chrome stable-channel fix is version 86.0.4240.198; Debian resolved the issue in 87.0.4280.88-0.1 across all tracked branches
  • ·Rockwell Automation Connected Components Workbench embeds the vulnerable CefSharp 81.3.100 library; the fix requires upgrading to CCW R21 or later, not just patching Chrome

CVSS provenance

nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa8.8HIGH
osv9.6CRITICAL
vulncheck9.6CRITICAL
cisa9.6CRITICAL
vendor_debian9.6CRITICAL
vendor_redhat9.6CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.