CVE-2020-15999
Published: 03 November 2020
Summary
CVE-2020-15999 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Google Chrome. Its CVSS base score is 9.6 (Critical).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
The vulnerability CVE-2020-15999 is a heap buffer overflow in the Freetype component of Google Chrome versions prior to 86.0.4240.111. It is tracked under CWEs 787 and 120 and carries a CVSS 3.1 score of 9.6 reflecting network attack vector, low complexity, and high impact on confidentiality, integrity, and availability with changed scope.
A remote attacker can trigger the flaw by causing a victim to render a crafted HTML page, resulting in heap corruption that may be leveraged for further exploitation.
Chrome stable channel updates and downstream advisories such as the openSUSE security announcement direct users to upgrade to version 86.0.4240.111 or later. A detailed root-cause analysis is available from Google Project Zero.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-1435
Vulnerability details
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch (Chrome 86.0.4240.111+) that eliminates the heap buffer overflow.
Enforces memory-protection mechanisms that can block or contain heap-corruption attempts triggered by the crafted HTML page.
Mandates input validation on untrusted data (font rendering) to stop the out-of-bounds write that underlies CVE-2020-15999.