CVE-2020-6418

Related Files

Red Hat Security Advisory 2020-0738-01

Posted Mar 9, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0738-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.122. Issues addressed include integer overflow, type confusion, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability

systems | linux, redhat

advisories | CVE-2020-6383, CVE-2020-6384, CVE-2020-6386, CVE-2020-6407, CVE-2020-6418

SHA-256 | 1b79ef26a8a98f009093d18517eb0cceabd3fb77654790a1c7483017f10f84a3

Download | Favorite | View

Google Chrome 80 JSCreate Side-Effect Type Confusion

Posted Mar 5, 2020

Authored by Clement LECIGNE, timwr, Istvan Kurucsai, Vignesh S Rao | Site metasploit.com

This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, shellcode

advisories | CVE-2020-6418

SHA-256 | a5ee5e57a9ca7e2030588e33fb91d4f11725ab4661382274202790f8a15b4fc7

Download | Favorite | View