Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-6507Improper Input Validation in Google Chrome

CWE-20Improper Input ValidationCWE-787Out-of-bounds Write10 documents8 sources
Severity
8.8HIGHNVD
EPSS
26.3%
top 3.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Google ChromeChromiumDebian Chromium+1 more
Timeline
PublishedJul 22
Latest updateMay 24

Description

Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5google/chromeunspecified83.0.4103.106
NVDgoogle/chrome< 83.0.4103.106
debiandebian/chromium< chromium 83.0.4103.106-1 (bookworm)
Debianchromium/chromium< 83.0.4103.106-1+3

Patches

Patch: crbug.comPatch: crbug.com

🔴Vulnerability Details

2
GHSA
GHSA-hqj4-jqvv-8f53: Out of bounds write in V8 in Google Chrome prior to 832022-05-24
OSV
CVE-2020-6507: Out of bounds write in V8 in Google Chrome prior to 832020-07-22

💥Exploits & PoCs

1
Exploit-DB
Google Chrome 81.0.4044 V8 - Remote Code Execution2021-04-06

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2020-65072020-06-15
Red Hat
chromium-browser: Out of bounds write in V82020-06-15
Debian
CVE-2020-6507: chromium - Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remo...2020

💬Community

3
Bugzilla
CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 chromium: various flaws [fedora-all]2020-06-16
Bugzilla
CVE-2020-6507 chromium-browser: Out of bounds write in V82020-06-16
Bugzilla
CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 chromium: various flaws [epel-all]2020-06-16