Vulnerability Name:

CVE-2020-6507 (CCN-183401)

Assigned:2020-06-15
Published:2020-06-15
Updated:2021-07-21
Summary:Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-6507

Source: MISC
Type: Broken Link
http://packetstormsecurity.com/files/162088/Google-Chrome-81.0.4044-V8-Remote-Code-Execution.html

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/162105/Google-Chrome-81.0.4044-V8-Remote-Code-Execution.html

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update for Desktop

Source: MISC
Type: Vendor Advisory
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://crbug.com/1086890

Source: XF
Type: UNKNOWN
google-chrome-cve20206507-code-exec(183401)

Source: CCN
Type: Packet Storm Security [04-06-2021]
Google Chrome 81.0.4044 V8 Remote Code Execution

Source: CCN
Type: Packet Storm Security [04-07-2021]
Google Chrome 81.0.4044 V8 Remote Code Execution

Source: GENTOO
Type: Third Party Advisory
GLSA-202007-08

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-06-2021]

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-6507

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version < 83.0.4103.106)

    • Configuration CCN 1:
  • cpe:/a:google:chrome:83:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:93622
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:20206507
    V
    		CVE-2020-6507
    2022-06-30
    oval:org.opensuse.security:def:112066
    P
    		chromedriver-93.0.4577.82-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64834
    P
    		Security update for permissions (Moderate) (in QA)
    2022-01-17
    oval:org.opensuse.security:def:64588
    P
    		Security update for libqt5-qtsvg (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:100335
    P
    		 (Important)
    2021-10-12
    oval:org.opensuse.security:def:64585
    P
    		Security update for libcryptopp (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:105615
    P
    		chromedriver-93.0.4577.82-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:64748
    P
    		Security update for libmspack (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:63357
    P
    		memcached-1.5.6-4.5.30 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63436
    P
    		libpcap1-32bit-1.8.1-4.3.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:64727
    P
    		Security update for qemu (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:64726
    P
    		Security update for lua53 (Moderate)
    2021-06-29
    oval:org.opensuse.security:def:64721
    P
    		Security update for cryptctl (Important)
    2021-06-23
    oval:org.opensuse.security:def:64690
    P
    		Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:64481
    P
    		Security update for giflib (Low)
    2021-04-28
    oval:org.opensuse.security:def:64480
    P
    		Security update for librsvg (Important)
    2021-04-28
    oval:org.opensuse.security:def:62965
    P
    		log4j12-javadoc-1.2.17-2.26 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63143
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63179
    P
    		rsyslog-module-gssapi-8.33.1-1.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62933
    P
    		apache-pdfbox-1.8.16-1.68 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63639
    P
    		libwmf-0_2-7-0.2.8.4-2.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62940
    P
    		cargo-1.36.0-7.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63138
    P
    		389-ds-1.4.0.3-2.39 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63151
    P
    		gnuplot-5.2.2-1.109 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62937
    P
    		bsdtar-3.4.2-2.24 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63786
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:65124
    P
    		Security update for libssh (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64344
    P
    		libldap-2_4-2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63660
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75206
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:64021
    P
    		Security update for python-cffi, python-cryptography (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74802
    P
    		Security update for exim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65002
    P
    		Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:64015
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:75069
    P
    		Security update for openldap2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63866
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:64860
    P
    		Security update for tcpdump (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64252
    P
    		flac-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74935
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:64936
    P
    		Security update for libgcrypt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:110943
    P
    		Security update for chromium (Important)
    2020-06-28
    oval:org.opensuse.security:def:110597
    P
    		Security update for chromium (Important)
    2020-06-22
    BACK
    google chrome *
    google chrome 83