CVE-2020-6398 – This vulnerability in Google Chrome's PDFium co... (How to Fix)

Q: What is the severity of CVE-2020-6398?

CVE-2020-6398 has a CVSS score of 8.8 (HIGH). This vulnerability in Google Chrome's PDFium component allows attackers to exploit heap corruption by tricking users into opening malicious PDF files. Attackers could potentially execute arbitrary code or crash the browser. All Chrome users prior to version 80.0.3987.87 are affected.

📋 TL;DR

This vulnerability in Google Chrome's PDFium component allows attackers to exploit heap corruption by tricking users into opening malicious PDF files. Attackers could potentially execute arbitrary code or crash the browser. All Chrome users prior to version 80.0.3987.87 are affected.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers
Applications using PDFium library

Versions: All versions prior to 80.0.3987.87

Operating Systems: Windows, Linux, macOS, Android, Chrome OS

Default Config Vulnerable: ⚠️ Yes

Notes: All default Chrome installations are vulnerable. PDFium is Chrome's built-in PDF renderer.

📦 What is this software?

Backports Sle by Opensuse

View all CVEs affecting Backports Sle →

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment

🟠

Likely Case

Browser crash or denial of service, with potential for limited code execution in browser context

🟢

If Mitigated

No impact if Chrome is fully patched or PDF files are blocked

🌐 Internet-Facing: HIGH - Attackers can host malicious PDFs on websites or send via email

🏢 Internal Only: MEDIUM - Requires user interaction to open malicious PDFs

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open malicious PDF. No public exploit code was found in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 80.0.3987.87 and later

Vendor Advisory: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome 2. Click menu (three dots) → Help → About Google Chrome 3. Chrome will automatically check for and install updates 4. Click 'Relaunch' to restart Chrome

🔧 Temporary Workarounds

Disable Chrome PDF viewer

all

Use external PDF viewer instead of Chrome's built-in PDFium

chrome://settings/content/pdfDocuments → Toggle 'Download PDF files instead of automatically opening them in Chrome'

Block PDF downloads

all

Use web proxy or firewall to block .pdf file downloads

🧯 If You Can't Patch

Use alternative browsers without PDFium vulnerability
Implement application whitelisting to block Chrome execution

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: if below 80.0.3987.87, system is vulnerable

Check Version:

chrome://version/ (Windows/Linux/macOS) or Settings → About Chrome (mobile)

Verify Fix Applied:

Confirm Chrome version is 80.0.3987.87 or higher

📡 Detection & Monitoring

Log Indicators:

Chrome crash logs with PDF-related stack traces
Security event logs showing Chrome process termination

Network Indicators:

Unusual PDF file downloads from untrusted sources
Multiple Chrome crash reports from same user/system

SIEM Query:

source="chrome_logs" AND (event="crash" OR event="exception") AND process="chrome.exe" AND file_extension="pdf"

📊 Metadata

CVE ID: CVE-2020-6398

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-908

Published: February 11, 2020

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html Mailing List,Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0514 Third Party Advisory
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html Vendor Advisory
https://crbug.com/1032090 Issue Tracking,Patch,Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
https://security.gentoo.org/glsa/202003-08 Third Party Advisory
https://www.debian.org/security/2020/dsa-4638 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html Mailing List,Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0514 Third Party Advisory
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html Vendor Advisory
https://crbug.com/1032090 Issue Tracking,Patch,Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
https://security.gentoo.org/glsa/202003-08 Third Party Advisory
https://www.debian.org/security/2020/dsa-4638 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6398, you might also want to check these: