CVE-2020-6418
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 08, 2020
- Published Date
- February 27, 2020
- Last Updated
- January 29, 2025
- Vendor
- Product
- Chrome
- Description
- Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Scores
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
https://crbug.com/1053604
http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
https://access.redhat.com/errata/RHSA-2020:0738
https://www.debian.org/security/2020/dsa-4638
https://security.gentoo.org/glsa/202003-08
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb | 2025-04-29 11:01:19 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
chrome_jscreate_sideeffect
Type: metasploit • Created: Unknown
Metasploit module for CVE-2020-6418
SivaPriyaRanganatha/CVE-2020-6418
Type: github • Created: 2022-03-21 23:05:38 UTC • Stars: 1
Goyotan/CVE-2020-6418-PoC
Type: github • Created: 2020-06-13 07:32:24 UTC • Stars: 4
for 供養
ChoKyuWon/CVE-2020-6418
Type: github • Created: 2020-02-27 08:18:56 UTC • Stars: 24
PoC of CVE