Login Sign Up

CVE-2020-6575

8.3 HIGH

📋 TL;DR

This vulnerability is a race condition in Chrome's Mojo IPC system that allows an attacker who has already compromised the renderer process to potentially escape the browser sandbox. It affects Chrome users on all platforms. Successful exploitation could lead to full system compromise.

💻 Affected Systems

Products:
  • Google Chrome
Versions: All versions prior to 85.0.4183.102
Operating Systems: Windows, Linux, macOS, Chrome OS, Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Chrome installations with default settings are vulnerable. Requires renderer process compromise first.

📦 What is this software?

Backports Sle by Opensuse

View all CVEs affecting Backports Sle →

Backports Sle by Opensuse

View all CVEs affecting Backports Sle →

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Leap by Opensuse

View all CVEs affecting Leap →

Leap by Opensuse

View all CVEs affecting Leap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the victim's machine, allowing installation of malware, data theft, and persistence.

🟠

Likely Case

Sandbox escape leading to arbitrary code execution with system-level privileges, enabling further attacks on the host system.

🟢

If Mitigated

Limited to renderer process compromise only, with sandbox preventing system-level access.

🌐 Internet-Facing: HIGH - Attack can be triggered via crafted HTML page from any website.
🏢 Internal Only: MEDIUM - Requires user to visit malicious site or content, but internal web applications could be used as attack vector.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Requires chaining with another vulnerability to first compromise renderer process. Race conditions are difficult to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 85.0.4183.102 and later

Vendor Advisory: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome browser. 2. Click menu (three dots) → Help → About Google Chrome. 3. Browser will automatically check for and install updates. 4. Click 'Relaunch' when prompted to complete update.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents execution of malicious JavaScript that could trigger the vulnerability

Use Chrome Enterprise policies

all

Configure Chrome via group policy to auto-update and restrict untrusted sites

🧯 If You Can't Patch

  • Use alternative browser that is not vulnerable
  • Implement network filtering to block access to untrusted websites

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: If version is below 85.0.4183.102, system is vulnerable.

Check Version:

chrome://version/ or 'google-chrome --version' on Linux

Verify Fix Applied:

Verify Chrome version is 85.0.4183.102 or higher after update.

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports with sandbox violation indicators
  • Unusual process creation from Chrome processes

Network Indicators:

  • Requests to known exploit hosting domains
  • Unusual outbound connections from Chrome

SIEM Query:

process_name:chrome.exe AND (parent_process:chrome.exe OR command_line:*sandbox*)

📊 Metadata

CVE ID: CVE-2020-6575
CVSS v3 Score: 8.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-362
Published: September 21, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6575, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)