{"id":"CVE-2020-16009","details":"Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","aliases":["GHSA-m7mf-48hp-5qmr"],"modified":"2026-05-18T05:50:57.368405248Z","published":"2020-11-03T03:15:15.527Z","related":["openSUSE-SU-2020:1829-1","openSUSE-SU-2020:1831-1","openSUSE-SU-2020:1937-1","openSUSE-SU-2020:1952-1","openSUSE-SU-2024:10681-1","openSUSE-SU-2024:12948-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"10.0"}],"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"32"},{"last_affected":"33"}],"vendor_product":"fedoraproject:fedora","cpes":["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"fixed":"86.0.4240.183"}],"vendor_product":"google:chrome","cpes":["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"fixed":"86.0.622.63"}],"vendor_product":"microsoft:edge","cpes":["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"fixed":"86.0.4240.183"}],"vendor_product":"microsoft:edge_chromium","cpes":["cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.0-sp1"},{"last_affected":"15.0-sp2"}],"vendor_product":"opensuse:backports_sle","cpes":["cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.1"},{"last_affected":"15.2"}],"vendor_product":"opensuse:leap","cpes":["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16009"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html"},{"type":"ADVISORY","url":"https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202011-12"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4824"},{"type":"REPORT","url":"https://crbug.com/1143772"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cefsharp/cefsharp","events":[{"introduced":"0"},{"fixed":"9ff6b35ddff0db803e9fed23ebb67f9f4c9f7d1d"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"86.0.241"}],"cpe":"cpe:2.3:a:cefsharp:cefsharp:*:*:*:*:*:*:*:*"}}],"versions":["v86.0.240-pre","v85.3.130","v85.3.121","v85.3.121-pre","v85.3.120-pre","v79.1.310-pre","v71.0.0-pre01","v69.0.0-pre01","v63.0.0-pre01","v57.0.0-pre01","v53.0.0-pre01","v51.0.0-pre01","v47.0.0-pre01","v45.0.0-pre01","v43.0.0-pre01","v37.0.0","v39.0.0-pre03","v39.0.0-pre02","v37.0.0-pre02","v37.0.0-pre01","v33.0.2","v33.0.0","v31.0.0-pre1","v3.29.0-pre.0","v3.27.0-a0","v1.25.2-perlun.0","v1.25.1-perlun.0","v1.25.0","v0.12","v0.11","v0.10","v0.9","v0.3","v0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-16009.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}