NVD disclosure day

Published threat advisories for November 3, 2020

CVE advisoryKnown Exploit

CVE-2020-16010

Google Chrome for Android UI Vulnerability Allows Sandbox Escape

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A flaw in Google Chrome for Android's user interface could allow an attacker to escape security boundaries. This impacts organizations using the affected browser, potentially leading to unauthorized access if employees visit a malicious webpage. The business risk involves compromised systems and data.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2020-16009

Google Chrome Browser Heap Corruption Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in the V8 JavaScript engine used by browsers like Chrome allows remote attackers to cause heap corruption via a crafted HTML page. This could lead to unpredictable system behavior and data loss. Organizations should apply updates to mitigate this risk.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2020-15999

FreeType Font Rendering Vulnerability in Chrome

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A heap buffer overflow in the FreeType component used by Google Chrome can be exploited through a crafted HTML page, potentially leading to heap corruption. This impacts organizations using affected versions of Chrome, posing a risk of data compromise and system instability.

NVD published: • CISA KEV