CVE-2020-6549
published 2020-09-21CVE-2020-6549: Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PriorityP259high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
29.29%
97.9th percentile
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| debian | chromium | < chromium 87.0.4280.88-0.1 (bookworm) | chromium 87.0.4280.88-0.1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 84.0.4147.125 | 84.0.4147.125 | |
| chrome | >= unspecified < 84.0.4147.125 | 84.0.4147.125 | |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in Google Chrome versions prior to 84.0.4147.125; presence of older versions indicates exposure to CVE-2020-6549 (use after free in media component) ↗
- →Exploitation is triggered via a crafted HTML page delivered remotely; monitor for suspicious media-related HTML content or renderer crashes in Chrome's media component ↗
- →Track Chromium issue 1105426 for technical details; internal bug ID can be used to correlate patch diffs or PoC references ↗
- ·No public PoC, exploit payload, or specific IOCs (hashes, IPs, domains, signatures) were disclosed in the available sources; detection must rely on version checking and crash telemetry ↗
- ·Debian resolved the issue in version 87.0.4280.88-0.1 across multiple release tracks, meaning systems running between 84.0.4147.125 and 87.0.4280.88 on Debian may still be at risk depending on backport status ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Stable Channel Update for Desktop: CVE-2020-6548
vendor_chrome·2020-08-10·CVSS 8.8
CVE-2020-6548 [HIGH] Stable Channel Update for Desktop: CVE-2020-6548
Stable Channel Update for Desktop
CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research on 2020-07-09
[$N/A][ 1105426 ] High CVE-2020-6549: Use after free in media
Reported by Sergei Glazunov of Google Project Zero on 2020-07-14
Severity: high
Red Hat
chromium-browser: Use after free in media
vendor_redhat·2020-08-10·CVSS 8.8
CVE-2020-6549 [HIGH] CWE-416 chromium-browser: Use after free in media
chromium-browser: Use after free in media
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Debian
CVE-2020-6549: chromium - Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote...
vendor_debian·2020·CVSS 8.8
CVE-2020-6549 [HIGH] CVE-2020-6549: chromium - Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote...
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 87.0.4280.88-0.1)
bullseye: resolved (fixed in 87.0.4280.88-0.1)
forky: resolved (fixed in 87.0.4280.88-0.1)
sid: resolved (fixed in 87.0.4280.88-0.1)
trixie: resolved (fixed in 87.0.4280.88-0.1)
GHSA
GHSA-9mg5-2pf2-x28v: Use after free in media in Google Chrome prior to 84
ghsa_unreviewed·2022-05-24
CVE-2020-6549 [HIGH] CWE-416 GHSA-9mg5-2pf2-x28v: Use after free in media in Google Chrome prior to 84
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2020-6549: Use after free in media in Google Chrome prior to 84
osv·2020-09-21·CVSS 8.8
CVE-2020-6549 [HIGH] CVE-2020-6549: Use after free in media in Google Chrome prior to 84
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chro
bugzilla·2020-08-11·CVSS 8.8
CVE-2020-6542 [HIGH] CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chro
CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE b
Bugzilla
CVE-2020-6549 chromium-browser: Use after free in media
bugzilla·2020-08-11·CVSS 8.8
CVE-2020-6549 [HIGH] CVE-2020-6549 chromium-browser: Use after free in media
CVE-2020-6549 chromium-browser: Use after free in media
An use after free flaw was found in the media component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=1105426
External References:
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-all [bug 1867957]
Affects: fedora-all [bug 1867956]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2020:3560 https://access.redhat.com/errata/RHSA-2020:3560
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-6549
Bugzilla
CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chro
bugzilla·2020-08-11·CVSS 8.8
CVE-2020-6542 [HIGH] CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chro
CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chromium: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
http://packetstormsecurity.com/files/159558/Chrome-MediaElementEventListener-UpdateSources-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.htmlhttps://crbug.com/1105426https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/https://security.gentoo.org/glsa/202101-30https://www.debian.org/security/2021/dsa-4824http://packetstormsecurity.com/files/159558/Chrome-MediaElementEventListener-UpdateSources-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.htmlhttps://crbug.com/1105426https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/https://security.gentoo.org/glsa/202101-30https://www.debian.org/security/2021/dsa-4824
2020-09-21
Published