Google Chrome for Android UI Heap Buffer Overflow Vulnerability (CVE-2020-16010)
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-05-03 under CISA BOD 22-01.
This is a Out-of-bounds Write (CWE-787) vulnerability in Google Chrome for Android UI. Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Exploitation requires remote network access, low attack complexity, no authentication required, and user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2021-11-03 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-05-03.
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.