{"vulnerability": "CVE-2020-6418", "sightings": [{"uuid": "9d7cfc2d-20bc-44ad-9d32-8a4b3d38bc8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "e56bd146-930c-46b6-b25e-11b588a0d466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:17.000000Z"}, {"uuid": "f1902c1f-6946-4a9e-be69-6abc262bba12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "exploited", "source": "https://www.exploit-db.com/exploits/48186", "content": "", "creation_timestamp": "2020-03-09T00:00:00.000000Z"}, {"uuid": "aa895b59-00fe-467e-98fa-c95cc7840016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971069", "content": "", "creation_timestamp": "2024-12-24T20:23:49.129454Z"}, {"uuid": "b9a2c1fc-3b98-483d-936d-10c14865fe31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "e3acc777-4328-4224-93eb-a0faf9e354c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:49.000000Z"}, {"uuid": "04ef3435-588e-463b-bf8b-183fd9d84feb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:30.000000Z"}, {"uuid": "62013791-3c96-4b4c-b169-cee63ab7d07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "MISP/144ce285-4901-4040-b079-9d108565f8a4", "content": "", "creation_timestamp": "2025-03-03T11:01:05.000000Z"}, {"uuid": "c797ab8b-5bc0-4ede-a8a0-94b459529e2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb", "content": "", "creation_timestamp": "2020-03-04T14:58:21.000000Z"}, {"uuid": "ecc0261f-dddf-463d-9136-9d410f9d73d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-6418", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4285bbd7-e823-4a4c-9524-1c885272a244", "content": "", "creation_timestamp": "2026-02-02T12:28:45.948074Z"}, {"uuid": "f2aae39b-c989-4668-b95e-60e0697663bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:04.000000Z"}, {"uuid": "9e6fe4b0-186a-4808-ae7f-7f096c6e1eb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=455", "content": "", "creation_timestamp": "2020-02-27T04:00:00.000000Z"}, {"uuid": "c48aa97c-8321-4b1f-a960-4dfd85d18e3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/24", "content": "ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3\n\n@HawaiiFive0day got RCE on his brand new Tesla due to chrome's patch gap via porting an @Exodusintel google chrome exploit. A sandbox escape is in the works!\n\nContents:\n\u2022 Identifying and building the vulnerable V8\n\u2022 Sidebar: Changing commits\n\u2022 Running the exploit\n\u2022 Why doesn\u2019t it work?\n\u2022 Troubleshooting with git bisect\n\u2022 Pointer Compression\n\u2022 Starting from scratch\n\u2022 Building fakeobj\n\u2022 Expanding to arbitrary read/write\n\u2022 Disassembling a JIT-compiled function, with a surprise\n\u2022 Running shellcode via WebAssembly\n\u2022 Further Improvements\n\u2022 Conclusion\n\nhttps://leethax0.rs/2021/04/ElectricChrome/", "creation_timestamp": "2021-04-13T10:21:19.000000Z"}, {"uuid": "120c5791-f5b5-42e0-ba49-ca87e5396c51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "https://t.me/DarkArmyChannel/30", "content": "CVE-2020-6418 Google Chrome Vulnerability: Windows 10\n\u21aahttps://www.youtube.com/watch?v=D7nWxAuNcFc", "creation_timestamp": "2020-05-18T02:54:56.000000Z"}, {"uuid": "f3f63906-012a-4c59-95ae-5766849fdd61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "published-proof-of-concept", "source": "https://t.me/br0wsec/99", "content": "\u0417\u0430\u0431\u0430\u0432\u043d\u044b\u0439 \u0440\u0435\u0441\u0435\u0440\u0447. \u0411\u0443\u0434\u044c \u044f \u0445\u0430\u043a\u0435\u0440\u043e\u043c, \u044f \u0431\u044b \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u043b \u0445\u0440\u043e\u043c \u043a\u0430\u043a \u0442\u043e\u0447\u043a\u0443 \u0432\u0445\u043e\u0434\u0430 \u0434\u043b\u044f \u043a\u0430\u043a\u043e\u0433\u043e-\u043d\u0438\u0431\u0443\u0434\u044c pwn2own. \n\nELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3\n\nhttps://leethax0.rs/2021/04/ElectricChrome", "creation_timestamp": "2021-04-13T08:52:19.000000Z"}, {"uuid": "bd58a091-e95e-462e-8bab-e3cd1e34fc12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "exploited", "source": "https://t.me/ctinow/20700", "content": "Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days.\n\nThe latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild.", "creation_timestamp": "2020-02-25T13:08:04.000000Z"}, {"uuid": "5958b6f0-6d5a-427a-9a4a-fea5a8222b21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "exploited", "source": "https://t.me/true_secator/214", "content": "Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 80.0.3987.122 \u0434\u043b\u044f Chrome, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 0day \u0434\u044b\u0440\u043a\u0443 CVE-2020-6418.\n\n\u0421\u0443\u0434\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443, CVE-2020-6418 \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Google Threat Analysis Group \u0447\u0443\u0442\u044c \u043b\u0438 \u043d\u0435 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0438 \u0435\u0435 \u0443\u0436\u0435 \u043a\u0442\u043e-\u0442\u043e \u0443\u0441\u043f\u0435\u043b \u043f\u043e\u044e\u0437\u0430\u0442\u044c. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0442\u043e\u0432\u0430\u0440\u0438\u0449\u0438 \u0438\u0437 \u041c\u0430\u0443\u043d\u0442\u0438\u043d-\u0412\u044c\u044e \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442, \u0447\u0442\u043e\u0431\u044b \"\u0434\u0440\u0443\u0433\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0435 \u0441\u0442\u0430\u043b\u0438 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\", \u043d\u043e \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u0441 \u0434\u0432\u0438\u0436\u043a\u043e\u043c Java Script.\n\n\u0412\u0441\u0435\u043c \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c Chrome. \n\nhttps://securityaffairs.co/wordpress/98440/hacking/google-fixes-chrome-zero-day.html", "creation_timestamp": "2020-02-25T18:03:55.000000Z"}, {"uuid": "bb46a36c-b366-477d-a93d-6cc40210f4ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1754", "content": "#exploit\n1. CVE-2022-45025:\nCommand injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)\nhttps://github.com/yuriisanin/CVE-2022-45025\n\n2. Exploring Chrome\u2019s CVE-2020-6418\nhttps://blog.haboob.sa/blog/exploring-chromes-cve-2020-6418-part1\n\n3. CVE-2022-39066:\nSQL Injection Vulnerability in ZTE MF286R\nhttps://github.com/v0lp3/CVE-2022-39066", "creation_timestamp": "2022-12-13T04:12:39.000000Z"}, {"uuid": "b6955808-338a-4a92-a217-62ca99c09601", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/5313", "content": "ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 https://leethax0.rs/2021/04/ElectricChrome/", "creation_timestamp": "2021-04-15T15:45:35.000000Z"}, {"uuid": "03aeeab8-cbb6-4623-ae8e-07ec6617a7b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1905", "content": "\ud83d\udd25Deconstructing and Exploiting CVE-2020-6418 (exploit here)\n\nThis vulnerability lies in the V8 engine of Google Chrome, namely its optimizing compiler Turbofan. Specifically, the vulnerable version is in Google Chrome\u2019s V8 prior to 80.0.3987.122. In this article, Daniel Toh Jing En will give a step-by-step analysis of the vulnerability, from the root cause to exploitation.", "creation_timestamp": "2022-12-21T14:45:16.000000Z"}, {"uuid": "6475f416-e91b-4542-a3ab-276ce333448d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "exploited", "source": "https://t.me/secinfosex/33", "content": "\u26a0\ufe0f\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0439\u0442\u0435 Google Chrome \u0434\u043e 80.0.3987.122\n\nCVE-2020-6418: type confusion vulnerability in V8, Google Chrome\u2019s open-source JavaScript and WebAssembly engine. It was discovered and reported by Cl\u00e9ment Lecigne, security engineer of Google\u2019s Threat Analysis Group (TAG). Last year, Lecigne was credited with finding and reporting CVE-2019-5786, a use-after-free vulnerability in Google Chrome that was also exploited in the wild.\n\nhttps://www.tenable.com/blog/cve-2020-6418-google-chrome-type-confusion-vulnerability-exploited-in-the-wild\n\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=1053604\n\n#chrome #exploit #in_the_wild", "creation_timestamp": "2020-02-26T02:58:18.000000Z"}, {"uuid": "c15ce948-e9e0-41a2-91cd-20a676a0c824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3116", "content": "#Offensive_security\n1. CVE-2020-6418 on Tesla Model 3\nhttps://leethax0.rs/2021/04/ElectricChrome\n2. An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability\nhttps://github.com/assetnote/blind-ssrf-chains", "creation_timestamp": "2021-04-13T11:59:01.000000Z"}, {"uuid": "3a85e79d-df0f-4473-bf5b-38ea02c09263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/2486", "content": "#Research\nResearching new ways to detect 0-day exploits in the wild\nPart 1 - Introduction\nhttps://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html\nPart 2 - Chrome Infinity Bug\nhttps://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html\nPart 3 - Chrome Exploits (PoC for CVE-2017-5070, CVE-2020-6418, CVE-2019-5782, CVE-2019-13764)\nhttps://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html\nPart 4 - Android Exploits\nhttps://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html\nPart 5 - Android Post-Exploitation\nhttps://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html\nPart 6 - Windows Exploits (PoC for CVE-2020-0938, CVE-2020-1020, CVE-2020-1027)\nhttps://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html", "creation_timestamp": "2022-06-07T18:51:40.000000Z"}, {"uuid": "2ee17054-d0c5-4fc0-a20e-fe654b54f478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/692", "content": "#exploit\nCVE-2020-6418:\nA Eulogy for Patch-Gapping Chrome\nhttps://blog.exodusintel.com/2020/02/24/a-eulogy-for-patch-gapping-chrome\n// Type confusion flaw in V8, the JavaScript engine used by the Chrome browser", "creation_timestamp": "2024-10-10T02:20:02.000000Z"}, {"uuid": "120aa73d-4975-4719-a87e-af0d56ce9889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-6418", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7348", "content": "#exploit\n1. CVE-2022-45025:\nCommand injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)\nhttps://github.com/yuriisanin/CVE-2022-45025\n\n2. Exploring Chrome\u2019s CVE-2020-6418\nhttps://blog.haboob.sa/blog/exploring-chromes-cve-2020-6418-part1\n\n3. CVE-2022-39066:\nSQL Injection Vulnerability in ZTE MF286R\nhttps://github.com/v0lp3/CVE-2022-39066", "creation_timestamp": "2022-12-13T11:01:01.000000Z"}]}