Login Sign Up

CVE-2020-15990

8.8 HIGH

📋 TL;DR

This vulnerability is a use-after-free flaw in Chrome's autofill feature that allows an attacker who has already compromised the renderer process to potentially escape the browser sandbox. It affects Google Chrome versions prior to 86.0.4240.75. Users who visit malicious websites could have their browser security bypassed.

💻 Affected Systems

Products:
  • Google Chrome
Versions: All versions prior to 86.0.4240.75
Operating Systems: Windows, Linux, macOS, Chrome OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires renderer process compromise first, then autofill interaction.

📦 What is this software?

Backports Sle by Opensuse

View all CVEs affecting Backports Sle →

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via sandbox escape leading to arbitrary code execution with user privileges.

🟠

Likely Case

Limited sandbox escape allowing further exploitation within browser context.

🟢

If Mitigated

Contained within renderer process if sandbox holds, limiting damage to browser session.

🌐 Internet-Facing: HIGH - Exploitable via visiting malicious websites.
🏢 Internal Only: MEDIUM - Requires user interaction with malicious content.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Requires chaining with renderer compromise first, making full exploit chain complex.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 86.0.4240.75 and later

Vendor Advisory: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click Relaunch to restart Chrome.

🔧 Temporary Workarounds

Disable Autofill

all

Temporarily disable Chrome's autofill feature to remove attack surface.

chrome://settings/autofill

🧯 If You Can't Patch

  • Use alternative browser until patching possible.
  • Implement network filtering to block malicious websites.

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in About Google Chrome page.

Check Version:

google-chrome --version

Verify Fix Applied:

Confirm version is 86.0.4240.75 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports with autofill-related processes
  • Unexpected renderer process termination

Network Indicators:

  • Connections to known malicious domains serving crafted HTML

SIEM Query:

source="chrome" AND (event="crash" OR process="renderer")

📊 Metadata

CVE ID: CVE-2020-15990
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: November 3, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-15990, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)