CVE-2020-6423
📋 TL;DR
This is a use-after-free vulnerability in Chrome's audio component that allows remote attackers to potentially exploit heap corruption. Attackers can trigger this by tricking users into visiting a malicious HTML page. All users running vulnerable Chrome versions are affected.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Backports Sle by Opensuse
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
Leap by Opensuse
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or ransomware deployment
Likely Case
Browser crash or arbitrary code execution within Chrome's sandbox, potentially leading to data exfiltration
If Mitigated
Browser crash with no further impact if sandbox holds
🎯 Exploit Status
Use-after-free vulnerabilities in Chrome's audio component have been weaponized in the past. The bug report suggests this could lead to heap corruption.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 81.0.4044.92 and later
Vendor Advisory: https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
Restart Required: Yes
Instructions:
1. Open Chrome 2. Click menu (three dots) → Help → About Google Chrome 3. Chrome will automatically check for and install updates 4. Click 'Relaunch' to restart Chrome with the update
🔧 Temporary Workarounds
Disable JavaScript
allPrevents exploitation by disabling JavaScript execution in Chrome
chrome://settings/content/javascript → Block
Use Site Isolation
allEnhances Chrome's sandboxing to limit impact if exploited
chrome://flags/#enable-site-per-process → Enable
🧯 If You Can't Patch
- Restrict web browsing to trusted sites only using Chrome's site restrictions
- Deploy application whitelisting to prevent execution of unknown processes
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: If version is less than 81.0.4044.92, system is vulnerableCheck Version:
google-chrome --version (Linux) or chrome://version (all platforms)Verify Fix Applied:
Verify Chrome version is 81.0.4044.92 or higher📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports with audio-related stack traces
- Unexpected Chrome process termination
Network Indicators:
- Unusual outbound connections from Chrome process after visiting unknown websites
SIEM Query:
process_name:"chrome.exe" AND (event_id:1000 OR event_id:1001) AND description:"audio"🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html
- https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
- https://crbug.com/1043446
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
- https://www.debian.org/security/2020/dsa-4714
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html
- https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
- https://crbug.com/1043446
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO/
- https://www.debian.org/security/2020/dsa-4714
