CVE-2020-16040

MEDIUM EXPLOITED

Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase

Title source: metasploit

Description

Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (3)

metasploit WORKING POC MANUAL

by Rajvardhan Agarwal (r4j) · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/chrome_simplifiedlowering_overflow.rb

View Code ZIP pw:eip

vulncheck_xdb NO CODE

client-side

https://github.com/maldev866/ChExp_CVE_2020_16040

View Code ZIP pw:eip

exploitdb WORKING POC

by r4j0x00 · javascriptremotemultiple

https://www.exploit-db.com/exploits/49745

View Code ZIP pw:eip

References (5)

[Broken Link] http://packetstormsecurity.com/files/162087/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/162106/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/162144/Google-Chrome-SimplfiedLowering-Integer-Overflow.html

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html

[Issue Tracking, Patch, Vendor Advisory] https://crbug.com/1150649

Scores

CVSS v3 6.5

EPSS 0.7694

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitation Intel

VulnCheck KEV 2026-01-26

Classification

CWE

CWE-190 CWE-20 CWE-787

Status published

Affected Products (1)

google/chrome < 87.0.4280.88

Timeline

Published Jan 08, 2021

Tracked Since Feb 18, 2026