VIR Vulnerability Intelligence Relay

CVE-2020-16042

high
Published — · Modified —
CVSS v3
CVSS v2
VIR risk
8.0

Description

Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-16042.html

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-16042

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202012-14

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202012-25

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202012-23

OS impact
OSVersionStatusFixed in
arch archfixed78.6.0-1
debian debianbookwormfixed87.0.4280.88-0.1
debian debianbullseyefixed87.0.4280.88-0.1
debian debianforkyfixed87.0.4280.88-0.1
debian debiansidfixed87.0.4280.88-0.1
debian debiantrixiefixed87.0.4280.88-0.1
suse slesaffected

References

Verify integrity in audit chain (admin only). AS-IS.