8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.244 Low
EPSS
Percentile
96.5%
Chrome Releases reports:
This release contains 8 security fixes, including:
[1142331] High CVE-2020-16037: Use after free in clipboard.
Reported by Ryoya Tsukasaki on 2020-10-26
[1138683] High CVE-2020-16038: Use after free in media.
Reported by Khalil Zhani on 2020-10-14
[1149177] High CVE-2020-16039: Use after free in extensions.
Reported by Anonymous on 2020-11-15
[1150649] High CVE-2020-16040: Insufficient data validation in
V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability
Research on 2020-11-19
[1151865] Medium CVE-2020-16041: Out of bounds read in
networking. Reported by Sergei Glazunov and Mark Brand of Google
Project Zero on 2020-11-23
[1151890] Medium CVE-2020-16042: Uninitialized Use in V8.
Reported by AndrΓ© Bargull on 2020-11-2
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.244 Low
EPSS
Percentile
96.5%