Heap-based buffer overflow in Google Chrome for Android - CVE-2020-16010
Published: November 3, 2020 / Updated: February 11, 2021
Vulnerability identifier: #VU48097
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2020-16010
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Google
Affected software:
Google Chrome for Android
Google Chrome for Android
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a heap-based buffer overflow when processing untrusted HTML content in UI in Google Chrome on Android. An remote attacker, who had compromised the renderer process, can perform a sandbox escape via a crafted HTML page.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
How to mitigate CVE-2020-16010
Install update from vendor's website.