CVE-2020-6572
published 2021-01-14CVE-2020-6572: Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
PriorityP181high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-07-10
Exploited in the wild
EPSS
10.59%
95.2th percentile
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 81.0.4044.92-1 | 81.0.4044.92-1 |
| chromium | chromium | >= 0 < 81.0.4044.92-1 | 81.0.4044.92-1 |
| chromium | chromium | >= 0 < 81.0.4044.92-1 | 81.0.4044.92-1 |
| chromium | chromium | >= 0 < 81.0.4044.92-1 | 81.0.4044.92-1 |
| debian | chromium | < chromium 81.0.4044.92-1 (bookworm) | chromium 81.0.4044.92-1 (bookworm) |
| chrome | < 81.0.4044.92 | 81.0.4044.92 | |
| chrome | >= unspecified < 81.0.4044.92 | 81.0.4044.92 | |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-6572 is a use-after-free in Google Chrome's Media component, exploitable via a crafted HTML page delivered remotely. Detection should focus on Chrome processes handling media content from untrusted sources. ↗
- →Flag any Google Chrome installation running a version prior to 81.0.4044.92 as vulnerable to this use-after-free exploit in the Media subsystem. ↗
- →This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild. Prioritize patching and monitor for exploitation attempts via crafted HTML pages targeting Chrome Media. ↗
- ·The fix was introduced in Chrome 81.0.4044.92. Debian packages across all tracked suites (bookworm, bullseye, forky, sid, trixie) are resolved at version 81.0.4044.92-1. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-48wj-mfx4-4qc2: Use after free in Media in Google Chrome prior to 81
ghsa_unreviewed·2022-05-24
CVE-2020-6572 [HIGH] CWE-416 GHSA-48wj-mfx4-4qc2: Use after free in Media in Google Chrome prior to 81
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Project0
Déjà vu-lnerability - Project Zero
project_zero·2021-02-01
CVE-2014-9665 Déjà vu-lnerability - Project Zero
A Year in Review of 0-days Exploited In-The-Wild in 2020
Posted by Maddie Stone, Project Zero
2020 was a year full of 0-day exploits. Many of the Internet’s most popular browsers had their moment in the spotlight. Memory corruption is still the name of the game and how the vast majority of detected 0-days are getting in. While we tried new methods of 0-day detection with modest success, 2020 showed us that there is still a long way to go in detecting these 0-day exploits in-the-wild. But what may be the most notable fact is that 25% of the 0-days detected in 2020 are closely related to previously publicly disclosed vulnerabilities. In other words, 1 out of every 4 detected 0-day exploits could potentially have been avoided if a more thorough investigation and patching effort were explor
OSV
CVE-2020-6572: Use after free in Media in Google Chrome prior to 81
osv·2021-01-14·CVSS 8.8
CVE-2020-6572 [HIGH] CVE-2020-6572: Use after free in Media in Google Chrome prior to 81
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
VulnCheck
Google Chrome Media Use-After-Free Vulnerability
vulncheck·2020·CVSS 8.8
CVE-2020-6572 [HIGH] CWE-416 Google Chrome Media Use-After-Free Vulnerability
Google Chrome Media Use-After-Free Vulnerability
Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Affected: Google Chrome Media
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-07-10
Project0
Project Zero RCA: CVE-2020-6572: Chrome MediaCodecAudioDecoder Sandbox Escape
project_zero·CVSS 8.8
CVE-2020-6572 [HIGH] Project Zero RCA: CVE-2020-6572: Chrome MediaCodecAudioDecoder Sandbox Escape
# CVE-2020-6572: Chrome MediaCodecAudioDecoder Sandbox Escape
*Ben Hawkes, Project Zero*
## The Basics
**Disclosure or Patch Date:** 7 April 2020
**Product:** Google Chrome
**Advisory:** https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
**Affected Versions:** pre 81.0.4044.92
**First Patched Version:** 81.0.4044.92
**Issue/Bug Report:** https://bugs.chromium.org/p/chromium/issues/detail?id=1066893
**Patch CL:** https://chromium.googlesource.com/chromium/src.git/+/c0268599d1161f4c57a7911c7f036f70af88c8d0
**Bug-Introducing CL:** https://source.chromium.org/chromium/chromium/src/+/2864f6e586bc2eba6b7479fee7738a0a2779dd0f (Commited on 2016-03-23)
**Reporter(s):** Anonymous
## The Code
**Proof-of-concept:** N/A
**Exploit sample:** N/A
**Did you
CISA
Google Chrome Media Use-After-Free Vulnerability
cisa·2022-01-10·CVSS 8.8
CVE-2020-6572 [HIGH] CWE-416 Google Chrome Media Use-After-Free Vulnerability
Vulnerability: Google Chrome Media Use-After-Free Vulnerability
Affected: Google Chrome Media
Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-6572
Remediation Due Date: 2022-07-10
Chrome
Stable Channel Update for Desktop: CVE-2020-6455
vendor_chrome·2020-04-07·CVSS 8.8
CVE-2020-6455 [HIGH] Stable Channel Update for Desktop: CVE-2020-6455
Stable Channel Update for Desktop
CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09
[$2000][ 1040325 ] High CVE-2020-6419: Out of bounds read and write in V8
Reported by David Manouchehri on 2020-01-09 [$N/A] [ 1066893 ] High CVE-2020-6572: Use after free in media
Severity: high
Debian
CVE-2020-6572: chromium - Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote ...
vendor_debian·2020·CVSS 8.8
CVE-2020-6572 [HIGH] CVE-2020-6572: chromium - Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote ...
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 81.0.4044.92-1)
bullseye: resolved (fixed in 81.0.4044.92-1)
forky: resolved (fixed in 81.0.4044.92-1)
sid: resolved (fixed in 81.0.4044.92-1)
trixie: resolved (fixed in 81.0.4044.92-1)
No detection rules found.
No public exploits indexed.
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlhttps://crbug.com/1066893https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.htmlhttps://crbug.com/1066893https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6572
2021-01-14
Published
2022-01-10
Added to CISA KEV
Exploited in the wild