CVE-2020-6541
published 2020-09-21CVE-2020-6541: Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PriorityP359high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
22.87%
97.4th percentile
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| debian | chromium | < chromium 87.0.4280.88-0.1 (bookworm) | chromium 87.0.4280.88-0.1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 84.0.4147.105 | 84.0.4147.105 | |
| chrome | >= unspecified < 84.0.4147.105 | 84.0.4147.105 | |
| chrome_chrome | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Stable Channel Update for Desktop: CVE-2020-6540
vendor_chrome·2020-07-27·CVSS 6.1
CVE-2020-6540 [HIGH] Stable Channel Update for Desktop: CVE-2020-6540
Stable Channel Update for Desktop
CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-07-15
[$N/A][ 1106773 ] High CVE-2020-6541: Use after free in WebUSB
Reported by Sergei Glazunov of Google Project Zero on 2020-07-17 [$TBD][ 1098606 ] High CVE-2020-16046: Script injection in iOSWeb
Severity: high
Red Hat
chromium-browser: Use after free in WebUSB
vendor_redhat·2020-07-27·CVSS 8.8
CVE-2020-6541 [HIGH] CWE-416 chromium-browser: Use after free in WebUSB
chromium-browser: Use after free in WebUSB
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Debian
CVE-2020-6541: chromium - Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remot...
vendor_debian·2020·CVSS 8.8
CVE-2020-6541 [HIGH] CVE-2020-6541: chromium - Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remot...
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 87.0.4280.88-0.1)
bullseye: resolved (fixed in 87.0.4280.88-0.1)
forky: resolved (fixed in 87.0.4280.88-0.1)
sid: resolved (fixed in 87.0.4280.88-0.1)
trixie: resolved (fixed in 87.0.4280.88-0.1)
GHSA
GHSA-vpm9-g2jr-94gp: Use after free in WebUSB in Google Chrome prior to 84
ghsa_unreviewed·2022-05-24
CVE-2020-6541 [HIGH] CWE-416 GHSA-vpm9-g2jr-94gp: Use after free in WebUSB in Google Chrome prior to 84
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2020-6541: Use after free in WebUSB in Google Chrome prior to 84
osv·2020-09-21·CVSS 8.8
CVE-2020-6541 [HIGH] CVE-2020-6541: Use after free in WebUSB in Google Chrome prior to 84
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 chromium: various flaws [epel-all]
bugzilla·2020-07-28·CVSS 8.8
CVE-2020-6532 [HIGH] CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 chromium: various flaws [epel-all]
CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 chromium: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this is
Bugzilla
CVE-2020-6541 chromium-browser: Use after free in WebUSB
bugzilla·2020-07-28·CVSS 8.8
CVE-2020-6541 [HIGH] CVE-2020-6541 chromium-browser: Use after free in WebUSB
CVE-2020-6541 chromium-browser: Use after free in WebUSB
An use after free flaw was found in the WebUSB component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=1106773
External References:
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-all [bug 1861472]
Affects: fedora-all [bug 1861471]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2020:3377 https://access.redhat.com/errata/RHSA-2020:3377
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-6541
Bugzilla
CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 chromium: various flaws [fedora-all]
bugzilla·2020-07-28·CVSS 8.8
CVE-2020-6532 [HIGH] CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 chromium: various flaws [fedora-all]
CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: thi
http://packetstormsecurity.com/files/159610/Chrome-USB-OnServiceConnectionError-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.htmlhttps://crbug.com/1106773https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/https://security.gentoo.org/glsa/202101-30https://www.debian.org/security/2021/dsa-4824http://packetstormsecurity.com/files/159610/Chrome-USB-OnServiceConnectionError-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.htmlhttps://crbug.com/1106773https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/https://security.gentoo.org/glsa/202101-30https://www.debian.org/security/2021/dsa-4824
2020-09-21
Published