#VU29860 Improperly implemented security check for standard in Google Chrome


Published: 2020-08-10 | Updated: 2021-07-25

Vulnerability identifier: #VU29860

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-6514

CWE-ID: CWE-358

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Google Chrome
Client/Desktop applications / Web browsers

Vendor: Google

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to WebRTC used the memory address of a class instance as a connection identifier. A remote attacker can use the obtained value to bypass ASLR protection.

Mitigation
Update to version 84.0.4147.89.

Vulnerable software versions

Google Chrome: 80.0.3987.163 - 83.0.4103.116


CPE

External links
http://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
http://crbug.com/1076703


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability