What is CVE-2020-16011?

CVE-2020-16011 is a critical-severity vulnerability in Google Chrome, classified under Out-of-bounds Write. CVSS score: 9.6/10. Published 2020-11-03.

How severe is CVE-2020-16011?

Critical severity. CVSS v3 base score is 9.6 out of 10.

Buffer overflow in Google Chrome

CVE-2020-16011

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Vulnerability class: Buffer Overflow

EPSS: 0.024 (81.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Google Chrome — versions unspecified
Microsoft Windows
Debian Debian_linux — versions 10.0
Opensuse Backports_sle — versions 15.0
Opensuse Leap — versions 15.1, 15.2

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

chrome-cve-admin@google.com (Third Party Advisory, x_refsource_MISC, Release Notes)
chrome-cve-admin@google.com (Permissions Required, Third Party Advisory, x_refsource_MISC)
chrome-cve-admin@google.com (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
chrome-cve-admin@google.com (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
chrome-cve-admin@google.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
chrome-cve-admin@google.com (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2020-16011?: CVE-2020-16011 is a critical-severity vulnerability in Google Chrome, classified under Out-of-bounds Write. CVSS score: 9.6/10. Published 2020-11-03.
How severe is CVE-2020-16011?: Critical severity. CVSS v3 base score is 9.6 out of 10.