CVE-2020-6551
published 2020-09-21CVE-2020-6551: Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PriorityP260high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
29.29%
97.9th percentile
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| chromium | chromium | >= 0 < 87.0.4280.88-0.1 | 87.0.4280.88-0.1 |
| debian | chromium | < chromium 87.0.4280.88-0.1 (bookworm) | chromium 87.0.4280.88-0.1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 84.0.4147.125 | 84.0.4147.125 | |
| chrome | >= unspecified < 84.0.4147.125 | 84.0.4147.125 | |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is a use-after-free in the WebXR component of Google Chrome; target versions prior to 84.0.4147.125 are affected ↗
- →Chromium upstream issue tracker ID 1107815 can be used to cross-reference patch commits and PoC references for this vulnerability ↗
- ·Debian resolved this CVE in version 87.0.4280.88-0.1 across multiple release tracks (bookworm, bullseye, forky, sid, trixie), meaning the fix version differs from the upstream Google Chrome fix (84.0.4147.125) ↗
- ·Red Hat Enterprise Linux 6 Supplementary addressed this issue via RHSA-2020:3560; detections scoped to RHEL should reference this advisory ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mwjp-gcwv-rwcr: Use after free in WebXR in Google Chrome prior to 84
ghsa_unreviewed·2022-05-24
CVE-2020-6551 [HIGH] CWE-416 GHSA-mwjp-gcwv-rwcr: Use after free in WebXR in Google Chrome prior to 84
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2020-6551: Use after free in WebXR in Google Chrome prior to 84
osv·2020-09-21·CVSS 8.8
CVE-2020-6551 [HIGH] CVE-2020-6551: Use after free in WebXR in Google Chrome prior to 84
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Chrome
Stable Channel Update for Desktop: CVE-2020-6550
vendor_chrome·2020-08-10·CVSS 8.8
CVE-2020-6550 [HIGH] Stable Channel Update for Desktop: CVE-2020-6550
Stable Channel Update for Desktop
CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17
[$N/A][ 1107815 ] High CVE-2020-6551: Use after free in WebXR
Reported by Sergei Glazunov of Google Project Zero on 2020-07-21
Severity: high
Red Hat
chromium-browser: Use after free in WebXR
vendor_redhat·2020-08-10·CVSS 8.8
CVE-2020-6551 [HIGH] CWE-416 chromium-browser: Use after free in WebXR
chromium-browser: Use after free in WebXR
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Debian
CVE-2020-6551: chromium - Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote...
vendor_debian·2020·CVSS 8.8
CVE-2020-6551 [HIGH] CVE-2020-6551: chromium - Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote...
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 87.0.4280.88-0.1)
bullseye: resolved (fixed in 87.0.4280.88-0.1)
forky: resolved (fixed in 87.0.4280.88-0.1)
sid: resolved (fixed in 87.0.4280.88-0.1)
trixie: resolved (fixed in 87.0.4280.88-0.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chro
bugzilla·2020-08-11·CVSS 8.8
CVE-2020-6542 [HIGH] CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chro
CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE b
Bugzilla
CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chro
bugzilla·2020-08-11·CVSS 8.8
CVE-2020-6542 [HIGH] CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chro
CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 chromium: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Bugzilla
CVE-2020-6551 chromium-browser: Use after free in WebXR
bugzilla·2020-08-11·CVSS 8.8
CVE-2020-6551 [HIGH] CVE-2020-6551 chromium-browser: Use after free in WebXR
CVE-2020-6551 chromium-browser: Use after free in WebXR
An use after free flaw was found in the WebXR component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=1107815
External References:
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-all [bug 1867957]
Affects: fedora-all [bug 1867956]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2020:3560 https://access.redhat.com/errata/RHSA-2020:3560
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-6551
http://packetstormsecurity.com/files/159611/Chrome-XRSystem-FocusedFrameChanged-and-FocusController-NotifyFocusChangedObservers-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.htmlhttps://crbug.com/1107815https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/https://security.gentoo.org/glsa/202101-30https://www.debian.org/security/2021/dsa-4824http://packetstormsecurity.com/files/159611/Chrome-XRSystem-FocusedFrameChanged-and-FocusController-NotifyFocusChangedObservers-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.htmlhttps://crbug.com/1107815https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/https://security.gentoo.org/glsa/202101-30https://www.debian.org/security/2021/dsa-4824
2020-09-21
Published