CVE-2020-6572
HIGH KEVGoogle Chrome < 81.0.4044.92 - Use-After-Free in Media
Title source: llmExploitation Summary
CVE-2020-6572 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 10, 2022.
Description
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
References (3)
Core 3
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://crbug.com/1066893
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6572
Scores
CVSS v3
8.8
EPSS
0.1907
EPSS Percentile
95.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-01-10
VulnCheck KEV
2020-04-01
InTheWild.io
2020-04-01
ENISA EUVD
EUVD-2020-27721
CWE
CWE-416
Status
published
Products (1)
google/chrome
< 81.0.4044.92
Published
Jan 14, 2021
KEV Added
Jan 10, 2022
Tracked Since
Feb 18, 2026