CVE-2020-6418

HIGH KEV

Google Chrome <80.0.3987.122 - Heap Corruption

Title source: llm

Description

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (8)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/48186
nomisec WORKING POC 4 stars
by Goyotan · client-side
https://github.com/Goyotan/CVE-2020-6418-PoC
nomisec WORKING POC 3 stars
by ulexec · client-side
https://github.com/ulexec/ChromeSHELFLoader
nomisec WRITEUP 1 stars
by SivaPriyaRanganatha · poc
https://github.com/SivaPriyaRanganatha/CVE-2020-6418
nomisec NO CODE
by ASkyeye · poc
https://github.com/ASkyeye/CVE-2020-6418
metasploit WORKING POC MANUAL
by Clément Lecigne, István Kurucsai, Vignesh S Rao, timwr · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb

References (9)

Scores

CVSS v3 8.8
EPSS 0.8567
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03
VulnCheck KEV 2020-02-18
InTheWild.io 2020-02-18
ENISA EUVD EUVD-2020-27568
CWE
CWE-843
Status published
Products (8)
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 30
fedoraproject/fedora 31
google/chrome < 80.0.3987.122
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 6.0
Published Feb 27, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026