CVE-2019-5784 — Out-of-bounds Write in Google Chrome

CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

9.3%

top 7.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium

Timeline

PublishedJun 27

Latest updateMay 24

Description

Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5google/chromeunspecified — 72.0.3626.96

▶NVDgoogle/chrome< 72.0.3626.96

▶debiandebian/chromium< chromium 72.0.3626.109-1 (bookworm)

▶Debianchromium/chromium< 72.0.3626.109-1+3

🔴Vulnerability Details

GHSA

GHSA-f2p9-3vx7-g835: Incorrect handling of deferred code in V8 in Google Chrome prior to 72↗2022-05-24

▶

OSV

CVE-2019-5784: Incorrect handling of deferred code in V8 in Google Chrome prior to 72↗2019-06-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: Inappropriate implementation in V8↗2019-02-06

▶

Debian

CVE-2019-5784: chromium - Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96...↗2019

▶

💬Community

Bugzilla

CVE-2019-5784 chromium: chromium-browser: Inappropriate implementation in V8 [epel-7]↗2019-02-12

▶

Bugzilla

CVE-2019-5784 chromium-browser: Inappropriate implementation in V8↗2019-02-12

▶

Bugzilla

CVE-2019-5784 chromium: chromium-browser: Inappropriate implementation in V8 [fedora-all]↗2019-02-12

▶