CVE-2019-13765 — Use After Free in Google Chrome

CWE-416 — Use After Free CWE-665 — Improper Initialization CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

6.5MEDIUMNVD

OSV3.5

EPSS

0.4%

top 37.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Qemu +2 more

Timeline

PublishedJan 3

Latest updateNov 8

Description

Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5google/chromeunspecified — 78.0.3904.70

▶NVDgoogle/chrome< 78.0.3904.70

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 78.0.3904.87-1 (bookworm)

▶Ubuntuqemu/qemu< 1:4.2-3ubuntu6.30+5

🔴Vulnerability Details

OSV

qemu vulnerabilities↗2024-11-08

▶

GHSA

GHSA-9fcr-543v-f4c7: Use-after-free in content delivery manager in Google Chrome prior to 78↗2022-05-24

▶

OSV

CVE-2019-13765: Use-after-free in content delivery manager in Google Chrome prior to 78↗2020-01-03

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2019-13701↗2019-10-22

▶

Debian

CVE-2019-13765: chromium - Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.7...↗2019

▶