Описание
Use after free in CefSharp
CVE-2020-16017: Use after free in site isolation
- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017
Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.
There is currently little to no public information on the issue other than it has been flagged as High severity.
Пакеты
CefSharp.Common
< 86.0.241
86.0.241
CefSharp.Wpf
< 86.0.241
86.0.241
CefSharp.WinForms
< 86.0.241
86.0.241
CefSharp.Wpf.HwndHost
< 86.0.241
86.0.241
Связанные уязвимости
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Use after free in site isolation in Google Chrome prior to 86.0.4240.1 ...
Уязвимость функции изоляции сайтов веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код