CVE-2020-6422: 
Node.js vulnerability analysis and mitigation

CVE-2020-6422 is a use-after-free vulnerability discovered in the WebGL implementation of Google Chrome versions prior to 80.0.3987.149. The vulnerability was discovered by David Manouchehri and reported on February 13, 2020 (Chrome Blog, NVD).

The vulnerability is classified as a use-after-free flaw in the WebGL (Web Graphics Library) component of Chrome. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that it can be exploited remotely with low attack complexity, requires no privileges but does require user interaction (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, potentially leading to arbitrary code execution with the privileges of the process or a Denial of Service condition (Gentoo).

The vulnerability was patched in Chrome version 80.0.3987.149. Users and administrators are advised to upgrade to this version or later. Multiple Linux distributions have also released security updates including Debian (80.0.3987.149-1~deb10u1), Fedora, and Gentoo (Debian, Gentoo).