6.5

CVE-2019-5825

Warnung
Exploit
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 73.0.3683.86

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium V8 Out-of-Bounds Write Vulnerability

Schwachstelle

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 55.93% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
Vendor Advisory
Release Notes
http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.html
Third Party Advisory
Exploit
VDB Entry
https://crbug.com/941743
Patch
Third Party Advisory
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5825
US Government Resource