CVE-2020-6474 – This is a use-after-free vulnerability in Chrom... (How to Fix)

Q: What is the severity of CVE-2020-6474?

CVE-2020-6474 has a CVSS score of 8.8 (HIGH). This is a use-after-free vulnerability in Chrome's Blink rendering engine that allows remote attackers to potentially exploit heap corruption. Attackers can trigger this by tricking users into visiting a malicious HTML page, potentially leading to arbitrary code execution. All users of affected Chrome versions are vulnerable.

📋 TL;DR

This is a use-after-free vulnerability in Chrome's Blink rendering engine that allows remote attackers to potentially exploit heap corruption. Attackers can trigger this by tricking users into visiting a malicious HTML page, potentially leading to arbitrary code execution. All users of affected Chrome versions are vulnerable.

💻 Affected Systems

Products:

Google Chrome

Versions: All versions prior to 83.0.4103.61

Operating Systems: Windows, macOS, Linux, Chrome OS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard Chrome installations are vulnerable. Extensions or security settings do not mitigate this vulnerability.

📦 What is this software?

Backports Sle by Opensuse

View all CVEs affecting Backports Sle →

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Chrome process, potentially leading to full system compromise if combined with privilege escalation.

🟠

Likely Case

Browser crash (denial of service) or limited code execution within the Chrome sandbox.

🟢

If Mitigated

No impact if Chrome is fully patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: HIGH - Attackers can host malicious pages on the internet and target any user visiting them.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal websites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting a malicious page) but no authentication. Heap corruption vulnerabilities can be challenging to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 83.0.4103.61 and later

Vendor Advisory: https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click the three-dot menu. 3. Go to Help > About Google Chrome. 4. Chrome will automatically check for and install updates. 5. Click 'Relaunch' to restart Chrome with the update.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents execution of malicious JavaScript that could trigger the vulnerability

Use site isolation

all

Enables Chrome's site isolation feature to limit impact of renderer compromises

Navigate to chrome://flags/#enable-site-per-process and enable it

🧯 If You Can't Patch

Use alternative browsers until patching is possible
Implement network filtering to block known malicious domains and suspicious HTML content

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: if below 83.0.4103.61, you are vulnerable.

Check Version:

On Windows/macOS/Linux: Open Chrome and go to chrome://version/ or use 'google-chrome --version' in terminal

Verify Fix Applied:

Confirm Chrome version is 83.0.4103.61 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports with memory corruption signatures
Unexpected Chrome process termination

Network Indicators:

HTTP requests to domains hosting complex HTML/JavaScript payloads
Unusual outbound connections after visiting web pages

SIEM Query:

source="chrome" AND (event_type="crash" OR message="*corruption*" OR message="*memory*" OR process_name="chrome.exe" AND exit_code!=0)

📊 Metadata

CVE ID: CVE-2020-6474

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 21, 2020

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html Mailing List,Third Party Advisory
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html Release Notes,Vendor Advisory
https://crbug.com/1059533 Exploit,Issue Tracking,Patch,Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/
https://security.gentoo.org/glsa/202006-02 Third Party Advisory
https://security.gentoo.org/glsa/202101-30 Third Party Advisory
https://www.debian.org/security/2020/dsa-4714 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html Mailing List,Third Party Advisory
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html Release Notes,Vendor Advisory
https://crbug.com/1059533 Exploit,Issue Tracking,Patch,Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/
https://security.gentoo.org/glsa/202006-02 Third Party Advisory
https://security.gentoo.org/glsa/202101-30 Third Party Advisory
https://www.debian.org/security/2020/dsa-4714 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6474, you might also want to check these: