Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-zhnh-nprx-eyb9
Vulnerability ID VCID-zhnh-nprx-eyb9
Aliases CVE-2020-6418
Summary Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
System Score Found at
cvssv3.1 8.8 http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
ssvc Attend http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
cvssv3.1 8.8 https://access.redhat.com/errata/RHSA-2020:0738
ssvc Attend https://access.redhat.com/errata/RHSA-2020:0738
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6418.json
epss 0.85227 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.85227 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.85227 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.85227 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.85227 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.85227 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.85227 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
epss 0.85227 https://api.first.org/data/v1/epss?cve=CVE-2020-6418
cvssv3.1 8.8 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
ssvc Attend https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
cvssv3.1 8.8 https://crbug.com/1053604
ssvc Attend https://crbug.com/1053604
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
archlinux High https://security.archlinux.org/AVG-1102
cvssv3.1 8.8 https://security.gentoo.org/glsa/202003-08
ssvc Attend https://security.gentoo.org/glsa/202003-08
cvssv3.1 8.8 https://www.debian.org/security/2020/dsa-4638
ssvc Attend https://www.debian.org/security/2020/dsa-4638
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6418.json
https://api.first.org/data/v1/epss?cve=CVE-2020-6418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6502
1053604 https://crbug.com/1053604
1807343 https://bugzilla.redhat.com/show_bug.cgi?id=1807343
ASA-202002-11 https://security.archlinux.org/ASA-202002-11
AVG-1102 https://security.archlinux.org/AVG-1102
CVE-2020-6418 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/48186.rb
CVE-2020-6418 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb
dsa-4638 https://www.debian.org/security/2020/dsa-4638
GLSA-202003-08 https://security.gentoo.org/glsa/202003-08
Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
RHSA-2020:0738 https://access.redhat.com/errata/RHSA-2020:0738
Data source KEV
Date added Nov. 3, 2021
Description Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date May 3, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2020-6418
Ransomware campaign use Unknown
Data source Exploit-DB
Date added March 9, 2020
Description Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)
Ransomware campaign use Known
Source publication date March 9, 2020
Exploit type remote
Platform multiple
Source update date March 9, 2020
Source URL https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb
Data source Metasploit
Description This module exploits an issue in Google Chrome 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.
Note 
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
Stability:
  - crash-safe
Ransomware campaign use Unknown
Source publication date Feb. 19, 2020
Platform OSX,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2020:0738
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://access.redhat.com/errata/RHSA-2020:0738
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6418.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1053604
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://crbug.com/1053604
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202003-08
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://security.gentoo.org/glsa/202003-08
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2020/dsa-4638
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:56:51Z/ Found at https://www.debian.org/security/2020/dsa-4638
Exploit Prediction Scoring System (EPSS)
Percentile 0.99352
EPSS Score 0.85227
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:12:22.472052+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202003-08 38.0.0