CVE-2020-6418

🗓️ 27 Feb 2020 22:55:25Reported by ChromeType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 1248 Views🌐 WEB

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption

Reporter	Title	Published	Views	Family All 79
0day.today	Google Chrome 80 JSCreate Side-Effect Type Confusion Exploit	6 Mar 202000:00	–	zdt
ATTACKERKB	CVE-2020-6418	27 Feb 202000:00	–	attackerkb
ArchLinux	[ASA-202002-11] chromium: multiple issues	25 Feb 202000:00	–	archlinux
BDU FSTEC	The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.	4 Mar 202000:00	–	bdu_fstec
Tenable Nessus	CentOS 6 : chromium-browser (RHSA-2020:0738)	9 Oct 202400:00	–	nessus
Tenable Nessus	Debian DSA-4638-1 : chromium - security update	12 Mar 202000:00	–	nessus
Tenable Nessus	Fedora 30 : chromium (2020-39e0b8bd14)	30 Mar 202000:00	–	nessus
Tenable Nessus	Fedora 31 : chromium (2020-f6271d7afa)	20 Mar 202000:00	–	nessus
Tenable Nessus	GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities	13 Mar 202000:00	–	nessus
Tenable Nessus	Google Chrome < 80.0.3987.122 Multiple Vulnerabilities	24 Feb 202000:00	–	nessus

NVD

Vulners

Node

google chromeRange<80.0.3987.122

Node

fedoraproject fedoraMatch30

fedoraproject fedoraMatch31

Node

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_workstationMatch6.0

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

[
  {
    "product": "Chrome",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "80.0.3987.122",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
security	www.security.gentoo.org/glsa/202003-08
chromereleases	www.chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
debian	www.debian.org/security/2020/dsa-4638
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
access	www.access.redhat.com/errata/RHSA-2020:0738
crbug	www.crbug.com/1053604
packetstormsecurity	www.packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
request body	path	print	HTTP endpoint used by the exploit to exfiltrate or display payload during exploitation (CVE-2020-6418)	CWE-843

17 Jun 2026 03:23Current

7High risk

Vulners AI Score7

CVSS 26.8

CVSS 3.18.8

EPSS0.78808

SSVC