CVE-2020-15999
critical-risk
Published 2020-11-03
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Do I need to act?
!
92.9% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.6/10
Critical
NETWORK
/ LOW complexity
Affected Products (6)
References (22)
Mailing List
http://seclists.org/fulldisclosure/2020/Nov/33
Third Party Advisory
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_...
Exploit
https://crbug.com/1139963
Third Party Advisory
https://security.gentoo.org/glsa/202011-12
Third Party Advisory
https://security.gentoo.org/glsa/202012-04
Third Party Advisory
https://security.gentoo.org/glsa/202401-19
Mailing List
https://www.debian.org/security/2021/dsa-4824
Mailing List
http://seclists.org/fulldisclosure/2020/Nov/33
Third Party Advisory
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_...
Exploit
https://crbug.com/1139963
Third Party Advisory
https://security.gentoo.org/glsa/202011-12
Third Party Advisory
https://security.gentoo.org/glsa/202012-04
Third Party Advisory
https://security.gentoo.org/glsa/202401-19
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240812-0001/
and 2 more references
72
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
27/34 · High
Exposure
13/34 · Low