CVE-2020-15995: Out of bounds write in V8
Published Sep 24, 2020
·Updated
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Credit
Anonymous
Affected Software
9 affected componentsFixes available
debian/chromium
90.0.4430.212-1~deb10u1116.0.5845.180-1~deb11u1118.0.5993.70-1~deb11u1116.0.5845.180-1~deb12u1118.0.5993.70-1~deb12u1118.0.5993.70-1
debian/chromium<=87.0.4280.88-0.4~deb10u1, <=87.0.4280.88-0.4
87.0.4280.141-0.187.0.4280.141-0.1~deb10u1
All of the following
Google Chrome<86.0.4240.99
86.0.4240.99
Google Android*
Google Chrome<86.0.4240.99
Google Android
Debian Debian Linux=10.0
fedoraproject fedora=32
fedoraproject fedora=33
Event History
Sep 24, 2020
CVE Published
12:00 AM
Nov 3, 2020
CVE Published
via MITRE·02:21 AM
Data Sourced
via MITRE·02:21 AM
DescriptionWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2020-15995?
The severity of CVE-2020-15995 is classified as high due to the potential for remote code execution through heap corruption.
2
How do I fix CVE-2020-15995?
To fix CVE-2020-15995, update Google Chrome to version 86.0.4240.99 or later or ensure you are using an updated version of Chromium on Debian and Fedora.
3
Which versions of Google Chrome are affected by CVE-2020-15995?
CVE-2020-15995 affects Google Chrome versions prior to 86.0.4240.99.
4
Is Google Android vulnerable to CVE-2020-15995?
No, Google Android is not vulnerable to CVE-2020-15995 as per security assessments.
5
What kind of exploitation can occur with CVE-2020-15995?
CVE-2020-15995 can be exploited by remote attackers through crafted HTML pages leading to potential heap corruption.