Medium severity6.5NVD Advisory· Published Jan 8, 2021· Updated Jun 17, 2026
CVE-2020-16040
CVE-2020-16040
Description
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.1%20NonFreepkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.2%20NonFreepkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP2
< 87.0.4280.88-lp151.2.162.1+ 6 more
- (no CPE)range: < 87.0.4280.88-lp151.2.162.1
- (no CPE)range: < 87.0.4280.88-lp152.2.57.1
- (no CPE)range: < 93.0.4577.82-1.1
- (no CPE)range: < 73.0.3856.284-lp151.2.39.1
- (no CPE)range: < 73.0.3856.284-lp152.2.27.1
- (no CPE)range: < 87.0.4280.88-bp151.3.147.1
- (no CPE)range: < 87.0.4280.88-bp152.2.44.1
Patches
Vulnerability mechanics
References
5- crbug.com/1150649nvdIssue TrackingPatchVendor Advisory
- packetstormsecurity.com/files/162106/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- packetstormsecurity.com/files/162144/Google-Chrome-SimplfiedLowering-Integer-Overflow.htmlnvdExploitThird Party Advisory
- chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.htmlnvdRelease NotesVendor Advisory
- packetstormsecurity.com/files/162087/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.htmlnvdBroken Link
News mentions
1- PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat GroupsTrend Micro Research · Jan 26, 2026