Search for vulnerabilities
Vulnerability details: VCID-getq-n9zw-aaaf
Vulnerability ID VCID-getq-n9zw-aaaf
Aliases CVE-2020-6418
Summary Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
System Score Found at
cvssv3.1 8.8 http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
ssvc Attend http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6418.html
cvssv3.1 8.8 https://access.redhat.com/errata/RHSA-2020:0738
ssvc Attend https://access.redhat.com/errata/RHSA-2020:0738
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6418.json
epss 0.84596 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.84596 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.84596 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.84596 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.84596 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.84596 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.84596 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.84596 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.84785 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86219 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86377 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.86377 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.87021 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.87092 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.87092 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.87092 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.88423 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.88423 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.88423 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.96436 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.96495 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.96495 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.96495 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.97074 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.97074 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.97074 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.97074 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1807343
cvssv3.1 8.8 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
generic_textual Medium https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
ssvc Attend https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
cvssv3.1 8.8 https://crbug.com/1053604
ssvc Attend https://crbug.com/1053604
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6420
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6499
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6500
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6501
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6502
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6418
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6418
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6418
archlinux High https://security.archlinux.org/AVG-1102
cvssv3.1 8.8 https://security.gentoo.org/glsa/202003-08
ssvc Attend https://security.gentoo.org/glsa/202003-08
cvssv3.1 8.8 https://www.debian.org/security/2020/dsa-4638
ssvc Attend https://www.debian.org/security/2020/dsa-4638
Reference id Reference type URL
http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6418.html
https://access.redhat.com/errata/RHSA-2020:0738
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6418.json
https://api.first.org/data/v1/epss?cve=CVE-2020-6418
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
https://crbug.com/1053604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6502
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
https://security.gentoo.org/glsa/202003-08
https://www.debian.org/security/2020/dsa-4638
1807343 https://bugzilla.redhat.com/show_bug.cgi?id=1807343
ASA-202002-11 https://security.archlinux.org/ASA-202002-11
AVG-1102 https://security.archlinux.org/AVG-1102
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVE-2020-6418 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/48186.rb
CVE-2020-6418 https://nvd.nist.gov/vuln/detail/CVE-2020-6418
CVE-2020-6418 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb
Data source Exploit-DB
Date added March 9, 2020
Description Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)
Ransomware campaign use Known
Source publication date March 9, 2020
Exploit type remote
Platform multiple
Source update date March 9, 2020
Source URL https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb
Data source KEV
Date added Nov. 3, 2021
Description Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date May 3, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2020-6418
Ransomware campaign use Unknown
Data source Metasploit
Description This module exploits an issue in Google Chrome 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.
Note 
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
Stability:
  - crash-safe
Ransomware campaign use Unknown
Source publication date Feb. 19, 2020
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2020:0738
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://access.redhat.com/errata/RHSA-2020:0738
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6418.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1053604
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://crbug.com/1053604
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-6418
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-6418
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-6418
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202003-08
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://security.gentoo.org/glsa/202003-08
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2020/dsa-4638
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://www.debian.org/security/2020/dsa-4638
Exploit Prediction Scoring System (EPSS)
Percentile 0.9926
EPSS Score 0.84596
Published At May 10, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.