What is the severity of CVE-2020-6454?

CVE-2020-6454 has a high severity rating due to the potential for heap corruption through malicious Chrome extensions.

How do I fix CVE-2020-6454?

To fix CVE-2020-6454, update Google Chrome or Chromium to version 81.0.4044.92 or later.

Which versions of Chrome are affected by CVE-2020-6454?

CVE-2020-6454 affects versions of Google Chrome prior to 81.0.4044.92.

What are the potential impacts of CVE-2020-6454?

The potential impacts of CVE-2020-6454 include exploitation via crafted Chrome extensions leading to heap corruption.

Is CVE-2020-6454 specific to a particular operating system?

CVE-2020-6454 affects multiple operating systems including Debian, Fedora, and openSUSE.

Vulnerability/
CVE-2020-6454

high

8.8

CWE

416

9/3/2020

13/4/2020

4/8/2024

CVE-2020-6454: Out of bounds read in WebSQL.

First published: Mon Mar 09 2020(Updated: )

Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Credit: chrome-cve-admin@google.com Nan Wang @eternalsakura13 Alpha LabGuang Gong Alpha LabQihoo 360

Affected Software	Affected Version	How to fix
debian/chromium		90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1
Google Chrome	<81.0.4044.92	81.0.4044.92
Google Chrome	<81.0.4044.92
Fedora	=30
Fedora	=31
Fedora	=32
Debian	=9.0
Debian	=10.0
openSUSE Backports	=15.0-sp1
openSUSE	=15.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

4697812152063391612

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2020-6454?
CVE-2020-6454 has a high severity rating due to the potential for heap corruption through malicious Chrome extensions.
How do I fix CVE-2020-6454?
To fix CVE-2020-6454, update Google Chrome or Chromium to version 81.0.4044.92 or later.
Which versions of Chrome are affected by CVE-2020-6454?
CVE-2020-6454 affects versions of Google Chrome prior to 81.0.4044.92.
What are the potential impacts of CVE-2020-6454?
The potential impacts of CVE-2020-6454 include exploitation via crafted Chrome extensions leading to heap corruption.
Is CVE-2020-6454 specific to a particular operating system?
CVE-2020-6454 affects multiple operating systems including Debian, Fedora, and openSUSE.

collector/security-tracker-debian
agent/type
agent/severity
agent/title
agent/weakness
agent/author
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/chrome-releases
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/debian
vendor/google
canonical/google chrome
vendor/fedoraproject
canonical/fedora
version/fedora/30
version/fedora/31
version/fedora/32
vendor/debian
canonical/debian
version/debian/9.0
version/debian/10.0
vendor/opensuse
canonical/opensuse backports
version/opensuse backports/15.0-sp1
canonical/opensuse
version/opensuse/15.1