4.3
CVSSv2

CVE-2020-16040

Published: 08/01/2021 Updated: 12/04/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Insufficient data validation in V8 in Google Chrome before 87.0.4280.88 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

Exploit of CVE-2020-16040 Google Chrome <= 87.0.4280.88 vulnerability https://github.com/r4j0x00/exploits/tree/master/CVE-2020-16040

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

Vendor Advisories

An insufficient data validation security issue has been found in the V8 component of the chromium browser before version 870428088 ...
Arch Linux Security Advisory ASA-202012-14 ========================================== Severity: High Date : 2020-12-09 CVE-ID : CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 Package : chromium Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1323 Summary ...
Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure For the stable distribution (buster), these problems have been fixed in version 870428088-04~deb10u1 We recommend that you upgrade your chromium packages For the detailed sec ...

Mailing Lists

This Metasploit module exploits an issue in Google Chrome versions before 870428088 (64 bit) The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1 This is abused to gain arbitrary read/write into ...
Insufficient data validation in V8 in Google Chrome versions prior to 870428088 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page ...
Insufficient data validation in V8 in Google Chrome versions prior to 870428088 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page ...

Github Repositories

News Some security news I am interested in &amp;&amp; have not done v8 githubcom/r4j0x00/exploits/tree/master/CVE-2020-16040 安全客的几篇文章 bugschromiumorg/p/chromium/issues/detail?id=1126249 gistgithubcom/hkraw/5ba2df87925fb7de8acc3c4bcec4774e chrome v8 issue 1126249 poc securitylabgithubcom/research/one_day_short_of_a_f

Recent Articles

Google patches four high‑severity flaws in Chrome
welivesecurity • 07 Dec 2020

Google has rolled out an update last week for its Chrome web browser that fixes a range of security flaws including four that have been classified as highly severe. The vulnerabilities affect the Windows, macOS, and Linux versions of the popular browser.
As is common, details about the security loopholes are not openly shared by the tech titan until most users have had a chance to update their browsers to the newest version, mitigating the chance of the flaws being exploited by threat acto...

High-Severity Chrome Bugs Allow Browser Hacks
Threatpost • Tom Spring • 04 Dec 2020

Google has updated its Chrome web browser, fixing four bugs with a severity rating of “high” and eight overall. Three are use-after-free flaws, which could allow an adversary to generate an error in the browser’s memory, opening the door to a browser hack and host computer compromise.
On Friday, the Cybersecurity and Infrastructure Security Agency (CISA) issued a security bulletin urging users and infosec administrators to apply the update. The agency warned that the vulnerabilities ...