cbcvebase.
CVE-2020-6453
published 2020-06-03

CVE-2020-6453: Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML…

PriorityP276high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.88%
54.6th percentile
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

8 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 80.0.3987.162-180.0.3987.162-1
chromiumchromium>= 0 < 80.0.3987.162-180.0.3987.162-1
chromiumchromium>= 0 < 80.0.3987.162-180.0.3987.162-1
chromiumchromium>= 0 < 80.0.3987.162-180.0.3987.162-1
debianchromium< chromium 80.0.3987.162-1 (bookworm)chromium 80.0.3987.162-1 (bookworm)
googlechrome< 80.0.3987.16280.0.3987.162
googlechrome>= unspecified < 80.0.3987.16280.0.3987.162
googlechrome_chrome

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in Google Chrome versions prior to 80.0.3987.162; presence of older versions indicates unpatched exposure to CVE-2020-6453
  • Chromium upstream issue tracker ID 1065094 can be used to cross-reference patch commits and PoC details for this V8 heap corruption bug
  • ·The vulnerability is triggered via a crafted HTML page delivered remotely; exploitation requires a user to visit a malicious page in an unpatched Chrome/Chromium browser
  • ·Debian scoped this as 'local' scope in their tracker, which may affect risk scoring in some environments despite the NVD description indicating remote exploitation

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.