#VU48790 Use of uninitialized resource in Google Chrome


Published: 2020-12-02 | Updated: 2020-12-15

Vulnerability identifier: #VU48790

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-16042

CWE-ID: CWE-908

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Google Chrome
Client/Desktop applications / Web browsers

Vendor: Google

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.

Mitigation
Update to version 87.0.4280.88.

Vulnerable software versions

Google Chrome: 84.0.4147.135 - 87.0.4280.66


CPE

External links
http://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
http://crbug.com/1151890


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability