CVE-2020-6572

CVSS 8.8 HIGHEPSS 10.6%● KEVCWE-416

In short

Google Chrome had a memory safety bug in its media handling that could let attackers run malicious code when you visit a specially crafted website. This is dangerous because it can give attackers full control of your browser and computer.

Technical detail

Use-after-free vulnerability in Chrome's Media component (CWE-416) allowing remote code execution via crafted HTML. Attack vector is network-based requiring user interaction (visiting malicious page); the vulnerability stems from improper memory management in media processing. Impact is arbitrary code execution with Chrome process privileges.

Summary generated and translated by AI from the official description.

Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/1066893 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6572