{"id":"CVE-2020-16009","details":"Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","aliases":["GHSA-m7mf-48hp-5qmr"],"modified":"2026-04-02T04:10:53.868358Z","published":"2020-11-03T03:15:15.527Z","related":["openSUSE-SU-2020:1829-1","openSUSE-SU-2020:1831-1","openSUSE-SU-2020:1937-1","openSUSE-SU-2020:1952-1","openSUSE-SU-2024:10681-1","openSUSE-SU-2024:12948-1"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16009"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4824"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html"},{"type":"ADVISORY","url":"https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202011-12"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/"},{"type":"REPORT","url":"https://crbug.com/1143772"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cefsharp/cefsharp","events":[{"introduced":"0"},{"fixed":"9ff6b35ddff0db803e9fed23ebb67f9f4c9f7d1d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"86.0.241"}]}}],"versions":["v0.1","v0.10","v0.11","v0.12","v0.2","v0.3","v0.9","v1.19.0","v1.21.0","v1.25.0","v1.25.1-perlun.0","v1.25.2-perlun.0","v1.25.3","v1.25.4","v1.25.5","v1.25.6","v1.25.7","v1.25.8","v100.0.120-pre","v100.0.140","v100.0.230","v101.0.150","v101.0.180","v102.0.100","v102.0.90","v103.0.120","v103.0.80","v103.0.90","v104.4.180","v104.4.240","v105.3.330","v105.3.390","v106.0.260","v106.0.290","v107.1.120","v107.1.40","v107.1.50","v107.1.90","v108.4.130","v109.1.110","v110.0.250","v110.0.280","v110.0.300","v111.2.20","v111.2.70","v112.2.70","v112.3.0","v113.1.40","v113.3.50","v114.2.100","v114.2.120","v115.3.110","v115.3.130","v116.0.130","v116.0.150","v116.0.190","v116.0.230","v117.2.20","v117.2.40","v118.6.80","v119.1.20","v119.4.30","v120.1.110","v120.1.80","v120.2.50","v120.2.70","v121.3.130","v121.3.70","v122.1.120","v123.0.60","v124.3.20","v124.3.50","v124.3.80","v125.0.210","v126.2.180","v126.2.70","v127.3.50","v128.4.90","v129.0.110","v130.1.90","v131.2.70","v131.3.10","v131.3.50","v132.3.11","v133.4.20","v133.4.21","v134.3.60","v134.3.90","v135.0.170","v135.0.220","v136.1.40","v137.0.100","v138.0.170","v138.0.340","v139.0.280","v140.1.140","v141.0.110","v143.0.90","v144.0.120","v145.0.260","v146.0.70","v3.27.0-a0","v3.29.0-pre.0","v31.0.0-pre1","v33.0.0","v33.0.2","v33.1.0-pre01","v37.0.0","v37.0.0-pre01","v37.0.0-pre02","v37.0.1","v37.0.3","v39.0.0","v39.0.0-pre01","v39.0.0-pre02","v39.0.0-pre03","v39.0.1","v39.0.2","v41.0.0","v41.0.0-pre01","v41.0.1","v43.0.0","v43.0.0-pre01","v43.0.0-pre02","v43.0.1","v45.0.0","v45.0.0-pre01","v47.0.0","v47.0.0-pre01","v47.0.2","v47.0.3","v47.0.4","v49.0.0","v49.0.0-pre01","v49.0.0-pre02","v49.0.1","v51.0.0","v51.0.0-pre01","v51.0.0-pre02","v53.0.0","v53.0.0-pre01","v53.0.1","v55.0.0","v55.0.0-pre01","v57.0.0","v57.0.0-pre01","v62.0.0-pre01","v63.0.0","v63.0.0-pre01","v63.0.0-pre02","v63.0.0-pre03","v63.0.1","v63.0.2","v63.0.3","v65.0.0","v65.0.0-pre01","v65.0.0-pre02","v65.0.1","v67.0.0","v67.0.0-pre01","v69.0.0","v69.0.0-pre01","v71.0.0","v71.0.0-pre01","v71.0.1","v71.0.2","v73.1.120-pre01","v73.1.130","v75.1.140-pre01","v75.1.141","v75.1.142","v75.1.143","v79.1.310-pre","v79.1.350","v79.1.360","v81.3.100","v81.3.20-pre","v83.3.120-pre","v83.4.20","v84.3.10-pre","v84.4.10","v85.3.120-pre","v85.3.121","v85.3.121-pre","v85.3.130","v86.0.240-pre","v87.1.130-pre","v87.1.131-pre","v87.1.132","v88.2.40-pre","v88.2.90","v89.0.140-pre","v89.0.170","v90.5.70-pre","v90.6.50","v90.6.70","v91.1.160","v91.1.210","v91.1.211","v91.1.230","v91.1.60-pre","v92.0.250-pre","v92.0.251","v92.0.260","v93.1.110-pre","v93.1.111","v93.1.140","v94.3.0-pre","v94.4.110","v94.4.20","v94.4.50","v95.7.140-pre","v95.7.141","v96.0.140-pre","v96.0.141","v96.0.142","v96.0.170","v96.0.180","v97.1.10-pre","v97.1.11","v97.1.12","v97.1.60","v97.1.61","v98.1.190","v98.1.210","v99.2.120","v99.2.140","v99.2.90"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-16009.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"86.0.4240.183"}]},{"events":[{"introduced":"0"},{"fixed":"86.0.622.63"}]},{"events":[{"introduced":"0"},{"fixed":"86.0.4240.183"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.2"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}