CVE-2020-6426: 
Node.js vulnerability analysis and mitigation

CVE-2020-6426 is a security vulnerability discovered in Google Chrome's V8 JavaScript engine prior to version 80.0.3987.149. The vulnerability was reported by Avihay Cohen from SeraphicAlgorithms on February 16, 2020, and was publicly disclosed on March 18, 2020. The issue stems from an inappropriate implementation in V8 that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page (Chrome Release, NVD).

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 6.5 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. It is categorized as an Out-of-bounds Write (CWE-787) vulnerability that affects the V8 JavaScript engine implementation (NVD).

If exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page, potentially leading to arbitrary code execution within the context of the browser (NVD, Gentoo).

The vulnerability was patched in Google Chrome version 80.0.3987.149. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix has been distributed to various Linux distributions including Debian, Fedora, and Gentoo (Chrome Release, Debian).