CVE-2020-6383: 
Node.js vulnerability analysis and mitigation

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability was identified as CVE-2020-6383 and was discovered by Sergei Glazunov of Google Project Zero on February 11, 2020 (Chrome Release).

The vulnerability is classified as a type confusion issue in the V8 JavaScript engine of Google Chrome. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high severity vulnerability that can be exploited remotely (NVD). The vulnerability is related to CWE-843: Access of Resource Using Incompatible Type.

The vulnerability could allow an attacker to potentially exploit heap corruption through a specially crafted HTML page, potentially leading to arbitrary code execution within the context of the browser (NVD, Debian Advisory).

The vulnerability was patched in Google Chrome version 80.0.3987.116. Users and administrators should update to this version or later to mitigate the risk. The fix was also backported to various Linux distributions including Debian, Fedora, and Red Hat Enterprise Linux (Red Hat Advisory, Debian Advisory).