CVE-2020-15997: Use after free in Mojo

Q: What is the severity of CVE-2020-15997?

CVE-2020-15997 has a high severity rating due to its potential to allow sandbox escape for remote attackers.

Q: How do I fix CVE-2020-15997?

To fix CVE-2020-15997, update Google Chrome to version 86.0.4240.99 or later.

Q: What component is affected by CVE-2020-15997?

CVE-2020-15997 affects the Mojo component in Google Chrome's renderer process.

Q: Can CVE-2020-15997 be exploited remotely?

Yes, CVE-2020-15997 can be exploited remotely through a crafted HTML page.

Q: Which versions of Google Chrome are vulnerable to CVE-2020-15997?

Versions of Google Chrome prior to 86.0.4240.99 are vulnerable to CVE-2020-15997.

Published Sep 30, 2020

Updated

Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Credit

Piotr Tworek

Affected Software

4 affected componentsFixes available

All of the following

Google Chrome<86.0.4240.99

86.0.4240.99

Google Android*

Google Chrome<86.0.4240.99

Google Android

Event History

Sep 30, 2020

CVE Published

12:00 AM

Nov 3, 2020

CVE Published

via MITRE·02:21 AM

Data Sourced

via MITRE·02:21 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

2509954079155194578

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2020-15997?

CVE-2020-15997 has a high severity rating due to its potential to allow sandbox escape for remote attackers.

How do I fix CVE-2020-15997?

To fix CVE-2020-15997, update Google Chrome to version 86.0.4240.99 or later.

What component is affected by CVE-2020-15997?