← back
CVE-2020-16010

CVE-2020-16010

CVSS 9.6 CRITICALEPSS 6.4%● KEVCWE-122
In short

A heap buffer overflow in Chrome's UI on Android allows an attacker who has already compromised the renderer process to escape the security sandbox and gain full device access. This is a critical vulnerability because it undermines Chrome's main defense mechanism.

Technical detail

Heap buffer overflow in the UI rendering component of Google Chrome on Android (versions prior to 86.0.4240.185) exploitable by a compromised renderer process through a crafted HTML page. The vulnerability enables sandbox escape, allowing potential elevation of privileges from renderer context to full system access. Attack vector requires prior code execution in the renderer process.

Summary generated and translated by AI from the official description.
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2020/11/chrome-for-android-update.htmlhttps://crbug.com/1144368https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16010