CVE-2020-15979: Inappropriate implementation in V8

Q: What is CVE-2020-15979?

CVE-2020-15979 is a vulnerability in Google Chrome prior to version 86.0.4240.75 that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Q: Which software versions are affected by CVE-2020-15979?

Google Chrome prior to version 86.0.4240.75, Debian Debian Linux 10.0, Fedoraproject Fedora 31, 32, and 33, and openSUSE Backports SLE 15.0-sp2 are affected by CVE-2020-15979.

Q: What is the severity of CVE-2020-15979?

The severity of CVE-2020-15979 is high with a severity score of 8.8.

Q: How can I fix CVE-2020-15979?

To fix CVE-2020-15979, update Google Chrome to version 86.0.4240.75 or later.

Q: Where can I find more information about CVE-2020-15979?

You can find more information about CVE-2020-15979 at the following references: [1] [2] [3].

Published Sep 11, 2020

Updated

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Credit

Avihay Cohen @ SeraphicAlgorithms

Affected Software

8 affected componentsFixes available

debian/chromium

90.0.4430.212-1~deb10u1116.0.5845.180-1~deb11u1120.0.6099.129-1~deb11u1119.0.6045.199-1~deb12u1120.0.6099.129-1~deb12u1120.0.6099.129-1

Google Chrome<86.0.4240.75

86.0.4240.75

Google Chrome<86.0.4240.75

Debian Debian Linux=10.0

Fedoraproject Fedora=31

Fedoraproject Fedora=32

Fedoraproject Fedora=33

openSUSE Backports SLE=15.0-sp2

Remediation

Patch Available

https://crbug.com/1127319

Event History

Sep 11, 2020

CVE Published

12:00 AM

Nov 3, 2020

CVE Published

via MITRE·02:21 AM

Data Sourced

via MITRE·02:21 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

7211503174014671839

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2020-15979?