Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-15995

Published: 03/11/2020 Updated: 24/02/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Chrome

Vulnerability Summary

Out of bounds write in V8 in Google Chrome before 86.0.4240.99 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

debian debian linux 10.0

fedoraproject fedora 32

fedoraproject fedora 33

Vendor Advisories

Arch Linux Issues:
An out of bounds write security issue has been found in the V8 component of the Chromium browser before version 8704280141 ...
Debian CVElist Bug Report Logs: chromium: New 87.0.4280.141 (CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116)
Debian Bug report logs - #979533 chromium: New 8704280141 (CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116) Package: src:chromium; Maintainer for src:chromium is Debian Chromium Team <ch ...
Debian Security Advisories: DSA-4832-1 chromium -- security update
Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure For the stable distribution (buster), these problems have been fixed in version 8704280141-01~deb10u1 We recommend that you upgrade your chromium packages For the detailed se ...
Arch Linux Advisories: [ASA-202101-6] chromium: multiple issues
Arch Linux Security Advisory ASA-202101-6 ========================================= Severity: High Date : 2021-01-08 CVE-ID : CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021- ...
Arch Linux Advisories: [ASA-202101-20] vivaldi: multiple issues
Arch Linux Security Advisory ASA-202101-20 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-202 ...
Google Chrome: Stable Channel Update for Desktop
The Stable channel has been updated to 8704280141 for Windows, Mac and Linux which will roll out over the coming days/weeksA full list of changes in this build is available in the log Interested in switching release channels?  Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a gr ...

Recent Articles

Google Chrome Zero-Day Afflicts Windows, Mac Users
Threatpost • Lindsey O'Donnell • 05 Feb 2021

Google is warning of a zero-day vulnerability in its V8 open-source web engine that’s being actively exploited by attackers.
A patch has been issued in version 88 of Google’s Chrome browser — specifically, version 88.0.4324.150 for Windows, Mac and Linux. This update will roll out over the coming days and weeks, said Google. The flaw (CVE-2021-21148) stems from a heap-buffer overflow, said Google.
“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wi...

Read more...
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
Threatpost • Tom Spring • 08 Jan 2021

Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software.
The Mozilla Firefox vulnerability (CVE-2020-16044) is separate from a bug reported in Google’s browser engine Chromium, which is used in the Google Chrome browser and Microsoft’s latest version of its Edge browser.
On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) urged users of Mozilla Fo...

Read more...

References

CWE-787https://chromereleases.googleblog.com/2020/10/chrome-for-android-update_31.htmlhttps://crbug.com/1132111https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VVUWIJKZTZTG6G475OR6PP4WPQBVM6PS/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6P6AVVFP7B2M4H7TJQBASRZIBLOTUFN/https://security.gentoo.org/glsa/202101-05https://www.debian.org/security/2021/dsa-4832https://nvd.nist.govhttps://security.archlinux.org/CVE-2020-15995https://threatpost.com/google-chrome-zero-day-windows-mac/163688/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979533
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2021-20661CVE-2020-4953CVE-2018-19518CVE-2021-27645CVE-2021-3156CVE-2021-26684deserializationwireless