CVE-2020-6418: 
Node.js vulnerability analysis and mitigation

Type confusion in V8 in Google Chrome prior to version 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability was discovered by Clement Lecigne of Google's Threat Analysis Group on February 18, 2020, and was assigned CVE-2020-6418 (Chrome Blog).

The vulnerability is classified as a type confusion flaw in Chrome's V8 JavaScript engine. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that it can be exploited remotely with low attack complexity and requires user interaction (NVD).

The vulnerability could allow an attacker to execute arbitrary code within the context of the browser through heap corruption, potentially leading to full system compromise depending on the operating system privileges (Red Hat).

The vulnerability was patched in Chrome version 80.0.3987.122. Users and administrators are strongly advised to update to this version or later. The fix was also deployed to other Chromium-based browsers and operating systems including Fedora, Red Hat Enterprise Linux, and Debian (Debian Security, Red Hat).