⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2019-5782Out-of-bounds Read in Google Chrome

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write11 documents10 sources
Severity
8.8HIGHNVD
EPSS
74.8%
top 1.13%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Google ChromeChromiumDebian Linux+4 more
Timeline
PublishedFeb 19
Latest updateMay 13

Description

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5google/chromeunspecified72.0.3626.81
NVDgoogle/chrome< 72.0.3626.81
Debianchromium/chromium< 72.0.3626.81-1+3

Also affects: Debian Linux 9.0, Fedora 29, 30

🔴Vulnerability Details

6
GHSA
GHSA-5pv8-cgh5-22f2: Incorrect optimization assumptions in V8 in Google Chrome prior to 722022-05-13
Project0
In-the-Wild Series: Chrome Exploits - Project Zero2021-01-01
Project0
Virtually Unlimited Memory: Escaping the Chrome Sandbox - Project Zero2019-04-01
CVEList
CVE-2019-5782: Incorrect optimization assumptions in V8 in Google Chrome prior to 722019-02-19
OSV
CVE-2019-5782: Incorrect optimization assumptions in V8 in Google Chrome prior to 722019-02-19

💥Exploits & PoCs

1
Exploit-DB
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution2019-01-16

📋Vendor Advisories

2
Red Hat
chromium-browser: Inappropriate implementation in V82019-01-29
Debian
CVE-2019-5782: chromium - Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 ...2019

💬Community

1
Bugzilla
CVE-2019-5782 chromium-browser: Inappropriate implementation in V82019-01-30
CVE-2019-5782 — Out-of-bounds Read in Google Chrome | cvebase