CVE-2020-6507

HIGH

Google Chrome < 83.0.4103.106 - Out-of-Bounds Write

Title source: rule

Description

Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (2)

gitlab

by 10vuln · poc

https://gitlab.com/penetration-test-learn/10vuln/r4j0x00

View on gitlab

exploitdb WORKING POC

by r4j0x00 · javascriptremotemultiple

https://www.exploit-db.com/exploits/49746

View Code ZIP pw:eip

References (5)

[Broken Link] http://packetstormsecurity.com/files/162088/Google-Chrome-81.0.4044-V8-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/162105/Google-Chrome-81.0.4044-V8-Remote-Code-Execution.html

[Vendor Advisory] https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://crbug.com/1086890

[Third Party Advisory] https://security.gentoo.org/glsa/202007-08

Scores

CVSS v3 8.8

EPSS 0.2628

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-20 CWE-787

Status published

Affected Products (1)

google/chrome < 83.0.4103.106

Timeline

Published Jul 22, 2020

Tracked Since Feb 18, 2026