Google Chrome Heap Buffer Overflow Vulnerability

漏洞信息

漏洞名称: Google Chrome Heap Buffer Overflow Vulnerability

漏洞编号:

  • CVE: CVE-2020-15999

漏洞类型: 缓冲区溢出

漏洞等级: 严重

漏洞描述: ### 受影响产品
Google Chrome是一款广泛使用的网页浏览器,支持跨平台使用,包括Windows、macOS、Linux等操作系统。由于其普及率高,任何安全漏洞都可能影响大量用户。

漏洞说明

该漏洞属于缓冲区溢出类型,具体是由于Freetype库中的堆损坏引起的。攻击者可以通过精心构造的HTML页面触发此漏洞,导致堆缓冲区溢出。这种漏洞的根源在于程序在处理输入数据时未能正确验证数据的大小和边界,从而导致内存损坏。

影响分析

此漏洞的严重性被标记为“严重”,因为远程攻击者可能利用此漏洞执行任意代码。攻击者只需诱使用户访问恶意网页,即可触发漏洞,无需用户进行其他交互。这意味着攻击可以自动化进行,且不需要任何形式的认证。成功利用此漏洞可能导致用户数据泄露、系统被完全控制或其他恶意操作。由于Google Chrome的广泛使用,此漏洞的影响范围非常广泛,建议用户立即更新到最新版本以防范潜在的攻击。

产品厂商: Google

产品名称: Google Chrome

影响版本: < 86.0.4240.111

搜索语法: cpe:”cpe:2.3:o:debian:debian_linux”

来源: https://github.com/projectdiscovery/nuclei-templates/issues/12217

类型: projectdiscovery/nuclei-templates:github issues

来源概述

Description:

Google Chrome < 86.0.4240.111 contains a heap buffer overflow caused by heap corruption in Freetype, letting remote attackers potentially execute arbitrary code via crafted HTML, exploit requires visiting malicious webpage.

Severity: Critical
POC:

KEV: True

Shodan Query: cpe:"cpe:2.3:o:debian:debian_linux"

Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.

Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.

You can check the FAQ for the Nuclei Templates Community Rewards Program here.