CVE-2020-6418
Published: 27 February 2020
Summary
CVE-2020-6418 is a high-severity Type Confusion (CWE-843) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-18 (Mobile Code).
Deeper analysis
The vulnerability CVE-2020-6418 is a type confusion flaw (CWE-843) in the V8 JavaScript engine of Google Chrome versions prior to 80.0.3987.122. It can result in heap corruption when the engine processes certain inputs, carrying a CVSS 3.1 base score of 8.8.
A remote attacker can trigger the issue by serving a crafted HTML page to a victim, enabling exploitation of the resulting memory corruption to potentially compromise confidentiality, integrity, and availability without requiring authentication.
Advisories and patches direct users to upgrade Chrome to 80.0.3987.122 or newer; Red Hat and Fedora have issued corresponding errata (RHSA-2020:0738 and Fedora package updates) that address the affected browser packages.
Public references include a detailed Chromium bug report and a proof-of-concept demonstrating side-effect handling during JSCreate operations that leads to the type confusion.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-27568
Vulnerability details
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (Chrome 80.0.3987.122) that eliminates the V8 type-confusion flaw.
Controls execution of mobile code (JavaScript) that a remote attacker uses to trigger the crafted HTML page and exploit the engine bug.
Verifies integrity of browser software and updates, ensuring the vulnerable V8 binary is replaced and not subsequently altered.