CVE-2020-16017

CVSS 9.6 CRITICALEPSS 2.7%● KEVCWE-416

In short

A memory flaw in Google Chrome allowed attackers who compromised the browser's rendering process to escape the security sandbox through a specially crafted webpage. This could give them access to your system beyond the browser's protections.

Technical detail

Use-after-free vulnerability in Chrome's site isolation mechanism (CWE-416) permitted sandbox escape when renderer process was compromised. Attack vector requires prior renderer compromise; impact is sandbox escape with potential system-level code execution. Affected versions prior to 86.0.4240.198.

Summary generated and translated by AI from the official description.

Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html https://crbug.com/1146709 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16017