CVE-2020-16017
published 2021-01-08CVE-2020-16017: Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially…
PriorityP184critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
2.75%
84.3th percentile
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| debian | chromium | < chromium 87.0.4280.88-0.1 (bookworm) | chromium 87.0.4280.88-0.1 (bookworm) |
| chrome | < 86.0.4240.198 | 86.0.4240.198 | |
| chrome | >= unspecified < 86.0.4240.198 | 86.0.4240.198 | |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-16017 is confirmed exploited in the wild — Google acknowledged existence of active exploits at time of patch release ↗
- →Exploitation vector is a crafted HTML page delivered to a victim with a compromised renderer process, enabling sandbox escape via use-after-free in site isolation ↗
- →Affected component is CefSharp version 81.3.100 as embedded in Rockwell Automation Connected Components Workbench (versions prior to R21); detection should cover this embedded browser surface ↗
- →CISA KEV listing confirms known public exploitation; treat any unpatched Chrome < 86.0.4240.198 or CefSharp 81.3.100 host as high-priority detection target ↗
- ·Vulnerability is only exploitable after the renderer process has already been compromised; sandbox escape is a second-stage primitive, not a direct initial-access vector ↗
- ·The Chrome stable-channel fix is version 86.0.4240.198; Debian resolved the issue in 87.0.4280.88-0.1 across all tracked branches ↗
- ·Rockwell Automation Connected Components Workbench embeds the vulnerable CefSharp 81.3.100 library; the fix requires upgrading to CCW R21 or later, not just patching Chrome ↗
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa8.8HIGH
osv9.6CRITICAL
vulncheck9.6CRITICAL
cisa9.6CRITICAL
vendor_debian9.6CRITICAL
vendor_redhat9.6CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation Connected Components Workbench
cisa_ics·2023-09-21·CVSS 9.6
[CRITICAL] Rockwell Automation Connected Components Workbench
ICS Advisory
##
Rockwell Automation Connected Components Workbench
Release DateSeptember 21, 2023
Alert CodeICSA-23-264-05
## View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.6
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation
- Vendor: Rockwell Automation
- Equipment: Connected Components Workbench
- Vulnerabilities: Use After Free, Out-of-bounds Write
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to exploit heap corruption via a crafted HTML.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Rockwell Automation Connected Components Workbench Smart Security Manager are affected:
- Connected Components Workbench: versions
CISA
Google Chrome Use-After-Free Vulnerability
cisa·2021-11-03·CVSS 9.6
CVE-2020-16017 [CRITICAL] CWE-416 Google Chrome Use-After-Free Vulnerability
Vulnerability: Google Chrome Use-After-Free Vulnerability
Affected: Google Chrome
Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-16017
Remediation Due Date: 2022-05-03
Red Hat
chromium-browser: Use after free in site isolation
vendor_redhat·2020-11-11·CVSS 9.6
CVE-2020-16017 [CRITICAL] CWE-416 chromium-browser: Use after free in site isolation
chromium-browser: Use after free in site isolation
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Chrome
Stable Channel Update for Desktop: CVE-2020-16013
vendor_chrome·2020-11-11·CVSS 8.8
CVE-2020-16013 [HIGH] Stable Channel Update for Desktop: CVE-2020-16013
Stable Channel Update for Desktop
CVE-2020-16013: Inappropriate implementation in V8. Reported by Anonymous on 2020-11-09 [$TBD][ 1146709 ] High CVE-2020-16017: Use after free in site isolation
Reported by Anonymous on 2020-11-07 Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild
Severity: high
Debian
CVE-2020-16017: chromium - Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed...
vendor_debian·2020·CVSS 9.6
CVE-2020-16017 [CRITICAL] CVE-2020-16017: chromium - Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed...
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 87.0.4280.88-0.1)
bullseye: resolved (fixed in 87.0.4280.88-0.1)
forky: resolved (fixed in 87.0.4280.88-0.1)
sid: resolved (fixed in 87.0.4280.88-0.1)
trixie: resolved (fixed in 87.0.4280.88-0.1)
OSV
CVE-2020-16017: Use after free in site isolation in Google Chrome prior to 86
osv·2021-01-08·CVSS 9.6
CVE-2020-16017 [CRITICAL] CVE-2020-16017: Use after free in site isolation in Google Chrome prior to 86
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
OSV
Use after free in CefSharp
osv·2020-11-27·CVSS 8.8
CVE-2020-16017 [HIGH] Use after free in CefSharp
Use after free in CefSharp
CVE-2020-16017: Use after free in site isolation
- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017
Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.
There is currently little to no public information on the issue other than it has been flagged as `High` severity.
GHSA
Inappropriate implementation in V8 in CefSharp
ghsa·2020-11-27·CVSS 8.8
CVE-2020-16013 [HIGH] CWE-119 Inappropriate implementation in V8 in CefSharp
Inappropriate implementation in V8 in CefSharp
High CVE-2020-16013: Inappropriate implementation in V8.
- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013
Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.
There is currently little to no public information on the issue other than it has been flagged as `High` severity.
GHSA
Use after free in CefSharp
ghsa·2020-11-27·CVSS 8.8
CVE-2020-16017 [HIGH] CWE-416 Use after free in CefSharp
Use after free in CefSharp
CVE-2020-16017: Use after free in site isolation
- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017
Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.
There is currently little to no public information on the issue other than it has been flagged as `High` severity.
OSV
Inappropriate implementation in V8 in CefSharp
osv·2020-11-27·CVSS 8.8
CVE-2020-16013 [HIGH] Inappropriate implementation in V8 in CefSharp
Inappropriate implementation in V8 in CefSharp
High CVE-2020-16013: Inappropriate implementation in V8.
- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013
Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.
There is currently little to no public information on the issue other than it has been flagged as `High` severity.
VulnCheck
Google Chrome Use-After-Free Vulnerability
vulncheck·2020·CVSS 9.6
CVE-2020-16017 [CRITICAL] CWE-416 Google Chrome Use-After-Free Vulnerability
Google Chrome Use-After-Free Vulnerability
Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Affected: Google Chrome
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
No detection rules found.
No public exploits indexed.
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.htmlhttps://crbug.com/1146709https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.htmlhttps://crbug.com/1146709https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16017
2021-01-08
Published
2021-11-03
Added to CISA KEV
Exploited in the wild