#VU48097 Heap-based buffer overflow in Google Chrome for Android - CVE-2020-16010
Published: November 3, 2020 / Updated: February 11, 2021
Vulnerability identifier: #VU48097
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2020-16010
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Google Chrome for Android
Google Chrome for Android
Software vendor:
Google
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a heap-based buffer overflow when processing untrusted HTML content in UI in Google Chrome on Android. An remote attacker, who had compromised the renderer process, can perform a sandbox escape via a crafted HTML page.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.