CVE-2020-6468

HIGH

Google Chrome < 83.0.4103.61 - Remote Code Execution via V8 Type Confusion

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-6468. PoCs published by Goyotan, kiks7.

AI-analyzed exploit summary The repository contains only a README with minimal details about CVE-2020-6468, mentioning a PoC environment but no actual exploit code. It references a Chromium issue but lacks technical depth or functional code.

Description

Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (2)

nomisec STUB 10 stars

by Goyotan · poc

https://github.com/Goyotan/CVE-2020-6468-PoC

View Code ZIP pw:eip

The repository contains only a README with minimal details about CVE-2020-6468, mentioning a PoC environment but no actual exploit code. It references a Chromium issue but lacks technical depth or functional code.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Chromium Version 81.0.4044.92

No auth needed

Prerequisites: Chromium with specific flags (--no-sandbox --single-process --disable-gpu)

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 2 stars

by kiks7 · poc

https://github.com/kiks7/CVE-2020-6468-Chrome-Exploit

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2020-6468, a type confusion vulnerability in Chrome's V8 JavaScript engine. The exploit leverages memory corruption to achieve arbitrary read/write primitives and demonstrates the vulnerability using a crafted JavaScript payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Google Chrome (V8 engine)

No auth needed

Prerequisites: Vulnerable version of Chrome with V8 engine · Ability to execute JavaScript in the target environment

MITRE ATT&CK