CVE-2020-15996: Use after free in passwords

Q: What is the severity of CVE-2020-15996?

CVE-2020-15996 is categorized as a high-severity vulnerability due to its potential for remote exploitation and sandbox escape.

Q: How do I fix CVE-2020-15996?

To fix CVE-2020-15996, update Google Chrome to version 86.0.4240.99 or later.

Q: Which versions of Google Chrome are affected by CVE-2020-15996?

CVE-2020-15996 affects Google Chrome versions prior to 86.0.4240.99.

Q: Can CVE-2020-15996 be exploited remotely?

Yes, CVE-2020-15996 can be exploited remotely if an attacker compromises the renderer process through a malicious HTML page.

Q: What type of vulnerability is CVE-2020-15996?

CVE-2020-15996 is a use-after-free vulnerability affecting the password manager in Google Chrome.

Published Sep 30, 2020

Updated

Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Credit

Rong Jian(Alpha Lab), Guang Gong(Alpha Lab), Qihoo 360

Affected Software

4 affected componentsFixes available

All of the following

Google Chrome<86.0.4240.99

86.0.4240.99

Google Android*

Google Chrome<86.0.4240.99

Google Android

Event History

Sep 30, 2020

CVE Published

12:00 AM

Nov 3, 2020

CVE Published

via MITRE·02:21 AM

Data Sourced

via MITRE·02:21 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

2509954079155194578

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2020-15996?

CVE-2020-15996 is categorized as a high-severity vulnerability due to its potential for remote exploitation and sandbox escape.

How do I fix CVE-2020-15996?

To fix CVE-2020-15996, update Google Chrome to version 86.0.4240.99 or later.

Which versions of Google Chrome are affected by CVE-2020-15996?