AttackerKBAKB:F1FF517B-6FF7-4972-9CA6-6F009CD86E66CVE-2020-6418
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Recent assessments:
J3rryBl4nks at March 04, 2020 4:42pm UTC reported:
You would have to chain this vulnerability with a working sandbox escape in order to get full value. While there are no doubt working sandbox escapes, this is only one piece of the exploit chain that is necessary to get a reliable foothold on a machine.
Often times there are full chain exploits published which include the code exec, sandbox escape, and a valid privesc but I have been unable to find a full chain for this exploit.
For the average attacker, this hill would be too high to climb to make this useful.
tekwizz123 at March 09, 2020 2:14am UTC reported:
You would have to chain this vulnerability with a working sandbox escape in order to get full value. While there are no doubt working sandbox escapes, this is only one piece of the exploit chain that is necessary to get a reliable foothold on a machine.
Often times there are full chain exploits published which include the code exec, sandbox escape, and a valid privesc but I have been unable to find a full chain for this exploit.
For the average attacker, this hill would be too high to climb to make this useful.
kevthehermit at March 04, 2020 4:01pm UTC reported:
You would have to chain this vulnerability with a working sandbox escape in order to get full value. While there are no doubt working sandbox escapes, this is only one piece of the exploit chain that is necessary to get a reliable foothold on a machine.
Often times there are full chain exploits published which include the code exec, sandbox escape, and a valid privesc but I have been unable to find a full chain for this exploit.
For the average attacker, this hill would be too high to climb to make this useful.
gwillcox-r7 at November 22, 2020 2:19am UTC reported:
You would have to chain this vulnerability with a working sandbox escape in order to get full value. While there are no doubt working sandbox escapes, this is only one piece of the exploit chain that is necessary to get a reliable foothold on a machine.
Often times there are full chain exploits published which include the code exec, sandbox escape, and a valid privesc but I have been unable to find a full chain for this exploit.
For the average attacker, this hill would be too high to climb to make this useful.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 2
References
packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
access.redhat.com/errata/RHSA-2020:0738
chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
crbug.com/1053604
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418
lists.fedoraproject.org/archives/list/[email protected]/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57
lists.fedoraproject.org/archives/list/[email protected]/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP
security.gentoo.org/glsa/202003-08
www.debian.org/security/2020/dsa-4638
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P