CVE-2020-6453
published 2020-06-03CVE-2020-6453: Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML…
PriorityP276high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.88%
54.6th percentile
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 80.0.3987.162-1 | 80.0.3987.162-1 |
| chromium | chromium | >= 0 < 80.0.3987.162-1 | 80.0.3987.162-1 |
| chromium | chromium | >= 0 < 80.0.3987.162-1 | 80.0.3987.162-1 |
| chromium | chromium | >= 0 < 80.0.3987.162-1 | 80.0.3987.162-1 |
| debian | chromium | < chromium 80.0.3987.162-1 (bookworm) | chromium 80.0.3987.162-1 (bookworm) |
| chrome | < 80.0.3987.162 | 80.0.3987.162 | |
| chrome | >= unspecified < 80.0.3987.162 | 80.0.3987.162 | |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in Google Chrome versions prior to 80.0.3987.162; presence of older versions indicates unpatched exposure to CVE-2020-6453 ↗
- →Chromium upstream issue tracker ID 1065094 can be used to cross-reference patch commits and PoC details for this V8 heap corruption bug ↗
- ·The vulnerability is triggered via a crafted HTML page delivered remotely; exploitation requires a user to visit a malicious page in an unpatched Chrome/Chromium browser ↗
- ·Debian scoped this as 'local' scope in their tracker, which may affect risk scoring in some environments despite the NVD description indicating remote exploitation ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Stable Channel Update for Desktop: CVE-2020-6452
vendor_chrome·2020-03-31·CVSS 8.8
CVE-2020-6452 [HIGH] Stable Channel Update for Desktop: CVE-2020-6452
Stable Channel Update for Desktop
CVE-2020-6452: Heap buffer overflow in media. Reported by asnine on 2020-03-09
[$TBD][ 1065094 ] High CVE-2020-6453: Inappropriate implementation in V8
Reported by Anonymous on 2020-03-26
Severity: high
Red Hat
chromium-browser: Inappropriate implementation in V8
vendor_redhat·2020-03-31·CVSS 8.8
CVE-2020-6453 [HIGH] CWE-358 chromium-browser: Inappropriate implementation in V8
chromium-browser: Inappropriate implementation in V8
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Debian
CVE-2020-6453: chromium - Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allow...
vendor_debian·2020·CVSS 8.8
CVE-2020-6453 [HIGH] CVE-2020-6453: chromium - Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allow...
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 80.0.3987.162-1)
bullseye: resolved (fixed in 80.0.3987.162-1)
forky: resolved (fixed in 80.0.3987.162-1)
sid: resolved (fixed in 80.0.3987.162-1)
trixie: resolved (fixed in 80.0.3987.162-1)
GHSA
GHSA-g557-j994-6wpq: Inappropriate implementation in V8 in Google Chrome prior to 80
ghsa_unreviewed·2022-05-24
CVE-2020-6453 [MEDIUM] CWE-119 GHSA-g557-j994-6wpq: Inappropriate implementation in V8 in Google Chrome prior to 80
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2020-6453: Inappropriate implementation in V8 in Google Chrome prior to 80
osv·2020-06-03·CVSS 8.8
CVE-2020-6453 [HIGH] CVE-2020-6453: Inappropriate implementation in V8 in Google Chrome prior to 80
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
VulnCheck
Google Chrome Out-of-bounds Write
vulncheck·2020·CVSS 8.8
CVE-2020-6453 [HIGH] Google Chrome Out-of-bounds Write
Google Chrome Out-of-bounds Write
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected: Google Chrome
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-6453 chromium: chromium-browser: Inappropriate implementation in V8 [fedora-all]
bugzilla·2020-06-05·CVSS 8.8
CVE-2020-6453 [HIGH] CVE-2020-6453 chromium: chromium-browser: Inappropriate implementation in V8 [fedora-all]
CVE-2020-6453 chromium: chromium-browser: Inappropriate implementation in V8 [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppor
Bugzilla
CVE-2020-6453 chromium-browser: Inappropriate implementation in V8
bugzilla·2020-06-05·CVSS 8.8
CVE-2020-6453 [HIGH] CVE-2020-6453 chromium-browser: Inappropriate implementation in V8
CVE-2020-6453 chromium-browser: Inappropriate implementation in V8
An inappropriate implementation flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=1065094
External References:
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-all [bug 1844457]
Affects: fedora-all [bug 1844456]
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-6453
Bugzilla
CVE-2020-6453 chromium: chromium-browser: Inappropriate implementation in V8 [epel-all]
bugzilla·2020-06-05·CVSS 8.8
CVE-2020-6453 [HIGH] CVE-2020-6453 chromium: chromium-browser: Inappropriate implementation in V8 [epel-all]
CVE-2020-6453 chromium: chromium-browser: Inappropriate implementation in V8 [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
2020-06-03
Published
Exploited in the wild