CVE-2020-6418
critical-risk
Published 2020-02-27
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Do I need to act?
!
85.2% chance of exploitation in next 30 days
EPSS score — higher than 15% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (8)
Affected Vendors
References (17)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0738
Exploit
https://crbug.com/1053604
Third Party Advisory
https://security.gentoo.org/glsa/202003-08
Mailing List
https://www.debian.org/security/2020/dsa-4638
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0738
Exploit
https://crbug.com/1053604
Third Party Advisory
https://security.gentoo.org/glsa/202003-08
Mailing List
https://www.debian.org/security/2020/dsa-4638
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-...
78
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
34/34 · Critical
Exposure
14/34 · Moderate