SB2020110306 - Remote code execution in Google Chrome for Android
Published: November 3, 2020
Security Bulletin ID
SB2020110306
Severity
Critical
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2020-16010)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a heap-based buffer overflow when processing untrusted HTML content in UI in Google Chrome on Android. An remote attacker, who had compromised the renderer process, can perform a sandbox escape via a crafted HTML page.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.