Back to KEVs

CVE-2020-6418

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Basic Information

CVE State: PUBLISHED
Reserved Date: January 08, 2020
Published Date: February 27, 2020
Last Updated: January 29, 2025
Vendor: Google
Product: Chrome
Description: Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2022-03-21 23:05:38 UTC) Source

References

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html https://crbug.com/1053604 http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html https://access.redhat.com/errata/RHSA-2020:0738 https://www.debian.org/security/2020/dsa-4638 https://security.gentoo.org/glsa/202003-08 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb	2025-04-29 11:01:19 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

chrome_jscreate_sideeffect

Type: metasploit • Created: Unknown

Metasploit module for CVE-2020-6418

SivaPriyaRanganatha/CVE-2020-6418

Type: github • Created: 2022-03-21 23:05:38 UTC • Stars: 1

Goyotan/CVE-2020-6418-PoC

Type: github • Created: 2020-06-13 07:32:24 UTC • Stars: 4

for 供養

ChoKyuWon/CVE-2020-6418

Type: github • Created: 2020-02-27 08:18:56 UTC • Stars: 24

PoC of CVE

Timeline

CVE ID Reserved

January 08, 2020
CVE Published to Public

February 27, 2020
Added to KEVIntel

November 03, 2021
Proof of Concept Exploit Available

March 21, 2022
Detected by Metasploit

April 29, 2025