CVE-2020-6382: 
Node.js vulnerability analysis and mitigation

Type confusion in JavaScript in Google Chrome prior to version 80.0.3987.87 was discovered on December 8, 2019, by Soyeon Park and Wen Xu from SSLab, Gatech. This vulnerability affects Google Chrome's JavaScript engine and could potentially lead to heap corruption when exploited through a crafted HTML page (Chrome Blog).

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 8.8 (HIGH). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that it can be exploited remotely with low attack complexity, requires no privileges but does need user interaction, and can potentially impact confidentiality, integrity, and availability at a high level (NVD).

If successfully exploited, this vulnerability could allow an attacker to potentially exploit heap corruption through a specially crafted HTML page, which could lead to arbitrary code execution in the context of the browser (Chrome Blog, Debian Security).

Google released a fix in Chrome version 80.0.3987.87. Users and administrators are strongly advised to upgrade to this version or later. Various Linux distributions have also released security updates to address this vulnerability, including Debian (version 80.0.3987.132-1~deb10u1), Fedora, and Red Hat Enterprise Linux (Debian Security, Gentoo Security).