⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-6418Type Confusion in Google Chrome

CWE-843Type Confusion19 documents13 sources
Severity
8.8HIGHNVD
EPSS
85.2%
top 0.64%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Google ChromeChromiumDebian Linux+4 more
Timeline
PublishedFeb 27
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5google/chromeunspecified80.0.3987.122
NVDgoogle/chrome< 80.0.3987.122
Debianchromium/chromium< 80.0.3987.122-1+3

Also affects: Debian Linux 10.0, 9.0, Fedora 30, 31

Patches

Patch: crbug.comPatch: crbug.com

🔴Vulnerability Details

9
GHSA
GHSA-495j-4jmx-mgrx: Type confusion in V8 in Google Chrome prior to 802022-05-24
Project0
In-the-Wild Series: Chrome Exploits - Project Zero2021-01-01
Project0
Introducing the In-the-Wild Series - Project Zero2021-01-01
CVEList
CVE-2020-6418: Type confusion in V8 in Google Chrome prior to 802020-02-27
OSV
CVE-2020-6418: Type confusion in V8 in Google Chrome prior to 802020-02-27

💥Exploits & PoCs

1
Exploit-DB
Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)2020-03-09

📋Vendor Advisories

4
CISA
Google Chromium V8 Type Confusion Vulnerability2021-11-03
Red Hat
chromium-browser: Type confusion in V82020-02-24
Chrome
Stable Channel Update for Desktop: CVE-2020-64072020-02-24
Debian
CVE-2020-6418: chromium - Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote at...2020

💬Community

3
Bugzilla
CVE-2020-6418 chromium: chromium-browser: type confusion in V8 [fedora-all]2020-02-26
Bugzilla
CVE-2020-6418 chromium: chromium-browser: type confusion in V8 [epel-all]2020-02-26
Bugzilla
CVE-2020-6418 chromium-browser: Type confusion in V82020-02-26
CVE-2020-6418 — Type Confusion in Google Chrome | cvebase