CVE-2020-15964
Publication date 21 September 2020
Last updated 25 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | 20.04 LTS focal | Not in release |
| 18.04 LTS bionic |
Fixed 85.0.4183.121-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial |
Fixed 85.0.4183.121-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty | Not in release |
Notes
alexmurray
The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur
starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap
Severity score breakdown
CVSS version: CVSS v3.0
Base score
8.8 · High
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H