6.5
CVSSv3

CVE-2020-16040

Published: 08/01/2021 Updated: 12/04/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Insufficient data validation in V8 in Google Chrome before 87.0.4280.88 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

Exploit of CVE-2020-16040 Google Chrome <= 87.0.4280.88 vulnerability https://github.com/r4j0x00/exploits/tree/master/CVE-2020-16040

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

An insufficient data validation security issue has been found in the V8 component of the chromium browser before version 870428088 ...
Arch Linux Security Advisory ASA-202012-14 ========================================== Severity: High Date : 2020-12-09 CVE-ID : CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 Package : chromium Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1323 Summary ...
Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure For the stable distribution (buster), these problems have been fixed in version 870428088-04~deb10u1 We recommend that you upgrade your chromium packages For the detailed sec ...

Mailing Lists

This Metasploit module exploits an issue in Google Chrome versions before 870428088 (64 bit) The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1 This is abused to gain arbitrary read/write into ...
Insufficient data validation in V8 in Google Chrome versions prior to 870428088 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page ...
Insufficient data validation in V8 in Google Chrome versions prior to 870428088 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page ...

Github Repositories

exploits CVE-2021-3156: Linux local privilege escalation through heap overflow in sudo (Demo) CVE-2021-3156 One shot exploit CVE-2020-6507: Out of bounds write in V8 Chrome versions &lt;= 830410397 (RCE) CVE-2020-16040: Chrome exploit versions &lt;= 870428088

News Some security news I am interested in &amp;&amp; have not done v8 githubcom/r4j0x00/exploits/tree/master/CVE-2020-16040 安全客的几篇文章 bugschromiumorg/p/chromium/issues/detail?id=1126249 gistgithubcom/hkraw/5ba2df87925fb7de8acc3c4bcec4774e chrome v8 issue 1126249 poc securitylabgithubcom/research/one_day_short_of_a_f

Browser Exploits A collection of browser exploitation codes from Singular Security Lab CVE-2020-16040 &amp; CVE-2020-16041 Target: Samsung Browser Fullchain Version: 13232(Chromium: 8304103106) Arch: ARM CVE-2020-6512 Target: V8 Version: 8311013 Arch: X86-64

Recent Articles

Google Chrome V8 Bug Allows Remote Code-Execution
Threatpost • Tara Seals • 28 Apr 2021

Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution (RCE) within a user’s browser.
The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from Singular Security Lab. Google describes the bug as “insufficient data validation in V8” but is keeping other details close to its vest.
However, Liu told SecurityWeek that the bug i...

Google patches four high‑severity flaws in Chrome
welivesecurity • 07 Dec 2020

Google has rolled out an update last week for its Chrome web browser that fixes a range of security flaws including four that have been classified as highly severe. The vulnerabilities affect the Windows, macOS, and Linux versions of the popular browser.
As is common, details about the security loopholes are not openly shared by the tech titan until most users have had a chance to update their browsers to the newest version, mitigating the chance of the flaws being exploited by threat acto...

High-Severity Chrome Bugs Allow Browser Hacks
Threatpost • Tom Spring • 04 Dec 2020

Google has updated its Chrome web browser, fixing four bugs with a severity rating of “high” and eight overall. Three are use-after-free flaws, which could allow an adversary to generate an error in the browser’s memory, opening the door to a browser hack and host computer compromise.
On Friday, the Cybersecurity and Infrastructure Security Agency (CISA) issued a security bulletin urging users and infosec administrators to apply the update. The agency warned that the vulnerabilities ...