Login Sign Up

CVE-2020-16018

9.6 CRITICAL

📋 TL;DR

This is a use-after-free vulnerability in Google Chrome's payments component that allows a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox. Attackers could execute arbitrary code with elevated privileges on the victim's system. All users running vulnerable versions of Chrome are affected.

💻 Affected Systems

Products:
  • Google Chrome
Versions: Versions prior to 87.0.4280.66
Operating Systems: Windows, macOS, Linux, Chrome OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires initial renderer process compromise to exploit the sandbox escape.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the victim's machine, allowing data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Sandbox escape leading to privilege escalation, enabling attackers to bypass Chrome's security boundaries and execute malicious code with higher privileges.

🟢

If Mitigated

Limited impact if sandbox is properly configured and other security controls prevent initial renderer compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires chaining with another vulnerability to first compromise the renderer process.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 87.0.4280.66

Vendor Advisory: https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

Restart Required: Yes

Instructions:

1. Open Chrome browser
2. Click the three-dot menu in top-right
3. Go to Help > About Google Chrome
4. Chrome will automatically check for and install updates
5. Click 'Relaunch' to restart Chrome with the update

🔧 Temporary Workarounds

Disable automatic payments

all

Temporarily disable Chrome's payment features to reduce attack surface

chrome://settings/content/payments

🧯 If You Can't Patch

  • Restrict access to untrusted websites
  • Use application whitelisting to prevent unauthorized Chrome execution

🔍 How to Verify

Check if Vulnerable:

Check Chrome version by navigating to chrome://version and comparing to 87.0.4280.66

Check Version:

chrome://version

Verify Fix Applied:

Confirm Chrome version is 87.0.4280.66 or later in chrome://version

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports with payment-related components
  • Unusual process creation from Chrome sandbox

Network Indicators:

  • Suspicious payment-related API calls to untrusted domains

SIEM Query:

process_name:"chrome.exe" AND (event_id:1000 OR event_id:1001) AND description:"payments"

📊 Metadata

CVE ID: CVE-2020-16018
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-416
Published: January 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-16018, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)