CVE-2020-16043 – This vulnerability in Google Chrome's networkin... (How to Fix)

Q: What is the severity of CVE-2020-16043?

CVE-2020-16043 has a CVSS score of 8.8 (HIGH). This vulnerability in Google Chrome's networking component allows remote attackers to bypass discretionary access control through malicious network traffic. It affects Chrome users on all platforms who haven't updated to version 87.0.4280.141 or later. Attackers could potentially gain unauthorized access to protected resources.

📋 TL;DR

This vulnerability in Google Chrome's networking component allows remote attackers to bypass discretionary access control through malicious network traffic. It affects Chrome users on all platforms who haven't updated to version 87.0.4280.141 or later. Attackers could potentially gain unauthorized access to protected resources.

💻 Affected Systems

Products:

Google Chrome

Versions: All versions prior to 87.0.4280.141

Operating Systems: Windows, Linux, macOS, Chrome OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Chrome installations regardless of configuration. Linux distributions may have different packaging and versioning.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation, allowing attackers to bypass security controls and access sensitive data or execute arbitrary code.

🟠

Likely Case

Unauthorized access to protected network resources, data exfiltration, or lateral movement within a network environment.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting isolated browser instances.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access and ability to send malicious traffic to the target.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 87.0.4280.141

Vendor Advisory: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome browser. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Chrome instances from sensitive network resources using firewall rules and network segmentation.

Browser Sandboxing

all

Run Chrome in a sandboxed environment or virtual machine to limit potential impact.

🧯 If You Can't Patch

Implement strict network access controls and segmentation to limit Chrome's network access
Use alternative browsers until patching is possible

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in browser settings (chrome://settings/help) and compare to affected version range.

Check Version:

google-chrome --version (Linux) or check chrome://version in browser

Verify Fix Applied:

Verify Chrome version is 87.0.4280.141 or later in browser settings.

📡 Detection & Monitoring

Log Indicators:

Unusual network connections from Chrome processes
Access violations in system logs

Network Indicators:

Suspicious network traffic patterns to/from Chrome instances
Unexpected protocol usage

SIEM Query:

source="chrome" AND (event_type="network_access" OR event_type="security_violation")

📊 Metadata

CVE ID: CVE-2020-16043

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: January 8, 2021

Last Updated: November 21, 2024

🔗 References

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html Release Notes,Vendor Advisory
https://crbug.com/1148309 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWIJKZTZTG6G475OR6PP4WPQBVM6PS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6P6AVVFP7B2M4H7TJQBASRZIBLOTUFN/
https://security.gentoo.org/glsa/202101-05 Third Party Advisory
https://www.debian.org/security/2021/dsa-4832 Third Party Advisory
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html Release Notes,Vendor Advisory
https://crbug.com/1148309 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWIJKZTZTG6G475OR6PP4WPQBVM6PS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6P6AVVFP7B2M4H7TJQBASRZIBLOTUFN/
https://security.gentoo.org/glsa/202101-05 Third Party Advisory
https://www.debian.org/security/2021/dsa-4832 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON