9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.783 High
EPSS
Percentile
98.2%
Chrome Releases reports:
This release contains 10 security fixes, including:
[1138911] High CVE-2020-16004: Use after free in user interface.
Reported by Leecraso and Guang Gong of 360 Alpha Lab working with
360 BugCloud on 2020-10-15
[1139398] High CVE-2020-16005: Insufficient policy enforcement
in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on
2020-10-16
[1133527] High CVE-2020-16006: Inappropriate implementation in
V8. Reported by Bill Parks on 2020-09-29
[1125018] High CVE-2020-16007: Insufficient data validation in
installer. Reported by Abdelhamid Naceri (halov) on
2020-09-04
[1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC.
Reported by Tolya Korniltsev on 2020-10-01
[1143772] High CVE-2020-16009: Inappropriate implementation in
V8. Reported by Clement Lecigne of Googleβs Threat Analysis Group
and Samuel GroΓ of Google Project Zero on 2020-10-29
[1144489] High CVE-2020-16011: Heap buffer overflow in UI on
Windows. Reported by Sergei Glazunov of Google Project Zero on
2020-11-01
There are reports that an exploit for CVE-2020-16009 exists in the
wild.
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.783 High
EPSS
Percentile
98.2%