CVE-2020-15998: Use after free in USB

Q: What is the severity of CVE-2020-15998?

CVE-2020-15998 is rated as a high severity vulnerability due to its potential to allow a sandbox escape.

Q: How do I fix CVE-2020-15998?

To fix CVE-2020-15998, update Google Chrome to version 86.0.4240.99 or later.

Q: What types of systems are affected by CVE-2020-15998?

CVE-2020-15998 affects Google Chrome versions prior to 86.0.4240.99 on all platforms.

Q: Can CVE-2020-15998 be exploited remotely?

Yes, CVE-2020-15998 can be exploited remotely via a crafted HTML page.

Q: Is CVE-2020-15998 specific to any version of Android?

CVE-2020-15998 does not affect Android systems as Google has confirmed they are not vulnerable.

Published Oct 7, 2020

Updated

Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Credit

Leecraso(360 Alpha Lab working with 360 BugCloud), Guang Gong(360 Alpha Lab working with 360 BugCloud)

Affected Software

4 affected componentsFixes available

All of the following

Google Chrome<86.0.4240.99

86.0.4240.99

Google Android*

Google Chrome<86.0.4240.99

Google Android

Event History

Oct 7, 2020

CVE Published

12:00 AM

Nov 3, 2020

CVE Published

via MITRE·02:21 AM

Data Sourced

via MITRE·02:21 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

2509954079155194578

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2020-15998?

CVE-2020-15998 is rated as a high severity vulnerability due to its potential to allow a sandbox escape.

How do I fix CVE-2020-15998?

To fix CVE-2020-15998, update Google Chrome to version 86.0.4240.99 or later.

What types of systems are affected by CVE-2020-15998?